ChowYungPHAT Posted March 29, 2013 ID:662320 Share Posted March 29, 2013 Computer is deathly slow online (sometimes). Spent several months online, then reconnected with Norton via Comcast. Getting worse and worse, requiring daily reboots.7 year old computer, P4 3.0, 3 GB RAM, 128 MB video. I know it needs upgrades but can I save this or is it just time to get a new computer? Hijackthis below:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:09:04 AM, on 3/29/2013Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\stsystra.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Thomson Financial\Thomson ONE\Softdist\TF Update.exeC:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Teleca Shared\CapabilityManager.exeC:\Program Files\Common Files\Teleca Shared\logger.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\Common Files\Teleca Shared\Generic.exeC:\Program Files\Citrix\ICA Client\concentr.exeC:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exeC:\Program Files\Citrix\ICA Client\wfcrun32.exeC:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exeC:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exeC:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exeC:\WINDOWS\system32\taskmgr.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Documents and Settings\Jared\Application Data\Juniper Networks\Setup Client\JuniperSetupClient.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\WISPTIS.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\CCleaner\ccleaner.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005R3 - URLSearchHook: (no name) - {657E195F-066D-435C-92DB-7C261E6FE832} - (no file)O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\coIEPlg.dllO2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\IPS\IPSBHO.DLLO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Download Energy - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files\Download_Energy\prxtbDow0.dllO2 - BHO: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Documents and Settings\All Users\Application Data\White Sky, Inc\ID Vault\IEBHO1.13.111.1\NativeBHO.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file)O3 - Toolbar: (no name) - !{ad708c09-d51b-45b3-9d28-4eba2681febf} - (no file)O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\coIEPlg.dllO4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstallO4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exe"O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptionsO4 - HKLM\..\Run: [instaLAN] "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startupO4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osbootO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startupO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -schedulerO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exeO4 - HKLM\..\Policies\Explorer\Run: [RClO1i7eA1] C:\Documents and Settings\All Users\Application Data\apsbudit\yzcfgdwp.exeO4 - HKCU\..\Policies\Explorer\Run: [RClO1i7eA1] C:\Documents and Settings\All Users\Application Data\apsbudit\yzcfgdwp.exeO8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Morpheus Music\RazaWebHook.dll/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabO16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cabO16 - DPF: {61F38134-94CB-491C-AECA-37B387E73C23} (IWebVisualsInstallObj Class) - https://sgirydex.on.webvisuals.net/confmgr/mount/34898/branding/installs/ICWMInstall.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1358914122619O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343197078609O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabO16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://fugentbe.webex.com/client/T26L10NSP49EP4/webex/ieatgpc.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://site02.remoteoffice.citigroup.com/dana-cached/sc/JuniperSetupClient.cabO18 - Filter hijack: text/html - {c6377324-6c3c-45f5-b992-a1e2eabce0ae} - (no file)O20 - AppInit_DLLs: C:\PROGRA~1\KEYCRY~1\KEYCRY~3.DLLO23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: CGPS Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exeO23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exeO23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exeO23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exeO23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exeO23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeO23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeO23 - Service: TF Update - - C:\Program Files\Thomson Financial\Thomson ONE\Softdist\TF Update.exeO23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe--End of file - 12905 bytes Link to post Share on other sites More sharing options...
Larusso Posted March 29, 2013 ID:662322 Share Posted March 29, 2013 Hy my name is Daniel and I will be assisting you with your Malware related problems. Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. I am currently visiting an evening school and working nightshift only which might be evening for you. In this time I am mostly online with my mobile devices and won't be able to reply.Download DDS and save it to your desktop from here.Double click DDS to run the tool and press StartDon't change any stettings without instructionWhen done, DDS will save two (2) logs to your desktop: DDS.txt Attach.txt[*].Please post them in your next replyPlease download Gmer from here and save it to your Desktop. Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.Click the image to enlarge it In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections IAT/EAT Show All (don't miss this one)[*] Then click the Scan button & wait for it to finish.[*] Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.[*]Save it where you can easily find it, such as your desktop**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Link to post Share on other sites More sharing options...
ChowYungPHAT Posted March 29, 2013 Author ID:662482 Share Posted March 29, 2013 DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 8.0.6001.18702Run by Jared at 2:43:52 on 2013-03-29Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2196 [GMT -4:00].AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: *Disabled*FW: Norton Security Suite *Enabled*.============== Running Processes ================.C:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\SCardSvr.exeC:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exec:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exeC:\Program Files\Thomson Financial\Thomson ONE\Softdist\TF Update.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exeC:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\stsystra.exeC:\WINDOWS\System32\alg.exeC:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Sonic\Product\Media Experience\DMXLauncher.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\Citrix\ICA Client\concentr.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Citrix\ICA Client\wfcrun32.exeC:\Program Files\Common Files\Teleca Shared\CapabilityManager.exeC:\Program Files\Common Files\Teleca Shared\logger.exeC:\Program Files\Common Files\Teleca Shared\Generic.exeC:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exeC:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exeC:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exeC:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k imgsvc.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.yahoo.com/uSearch Page = hxxp://www.google.com/hws/sb/dell/en/side.htmluSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mStart Page = about:blankmSearchAssistant = hxxp://www.google.com/hws/sb/dell/en/side.htmluURLSearchHooks: {657E195F-066D-435C-92DB-7C261E6FE832} - <orphaned>BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dllBHO: {0EEDB912-C5FA-486F-8334-57288578C627} - <orphaned>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\20.2.0.19\coieplg.dllBHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\20.2.0.19\ips\ipsbho.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dllBHO: Download Energy Toolbar: {ad708c09-d51b-45b3-9d28-4eba2681febf} - c:\program files\download_energy\prxtbDow0.dllBHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - c:\documents and settings\all users\application data\white sky, inc\id vault\iebho1.13.111.1\NativeBHO.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\20.2.0.19\coieplg.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\20.2.0.19\coieplg.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [iSUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduleruRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startupuRun: [Xvid] c:\program files\xvid\CheckUpdate.exeuRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_5_502_146_ActiveX.exe -update activexmRun: [sigmatelSysTrayApp] stsystra.exemRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstallmRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -startmRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startupmRun: [intelMeM] c:\program files\intel\modem event monitor\IntelMEM.exemRun: [igfxtray] c:\windows\system32\igfxtray.exemRun: [igfxpers] c:\windows\system32\igfxpers.exemRun: [igfxhkcmd] c:\windows\system32\hkcmd.exemRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"mRun: [DMXLauncher] "c:\program files\sonic\product\media experience\DMXLauncher.exe"mRun: [dla] c:\windows\system32\dla\tfswctrl.exemRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptionsmRun: [instaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startupmRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osbootmRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startupuExplorerRun: [RClO1i7eA1] c:\documents and settings\all users\application data\apsbudit\yzcfgdwp.exemExplorerRun: [RClO1i7eA1] c:\documents and settings\all users\application data\apsbudit\yzcfgdwp.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: Download with &Shareaza - c:\program files\morpheus music\RazaWebHook.dll/3000IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeDPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cabDPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cabDPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cabDPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cabDPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cabDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cabDPF: {61F38134-94CB-491C-AECA-37B387E73C23} - hxxps://sgirydex.on.webvisuals.net/confmgr/mount/34898/branding/installs/ICWMInstall.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1358914122619DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343197078609DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://fugentbe.webex.com/client/T26L10NSP49EP4/webex/ieatgpc.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://site02.remoteoffice.citigroup.com/dana-cached/sc/JuniperSetupClient.cabTCP: NameServer = 75.75.75.75 75.75.76.76TCP: Interfaces\{B7FCEF46-0203-4189-B561-61711A07FC36} : DHCPNameServer = 75.75.75.75 75.75.76.76Filter: text/html - {c6377324-6c3c-45f5-b992-a1e2eabce0ae} - <orphaned>Notify: igfxcui - igfxdev.dllAppInit_DLLs= c:\progra~1\keycry~1\KEYCRY~3.DLLSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllLSA: Authentication Packages = msv1_0 c:\windows\system32\qoMddbCS.dllmASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12.============= SERVICES / DRIVERS ===============.R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1402000.013\symds.sys [2013-1-26 368288]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1402000.013\symefa.sys [2013-1-26 927904]R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog32.sys [2013-1-26 82320]R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\bashdefs\20130322.001\BHDrvx86.sys [2013-3-21 997464]R1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\n360\1402000.013\ccsetx86.sys [2013-1-26 134304]R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-11-30 65584]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1402000.013\ironx86.sys [2013-1-26 175264]R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2013-1-14 66600]R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\20.2.0.19\ccsvchst.exe [2013-1-26 143928]R2 TF Update;TF Update;c:\program files\thomson financial\thomson one\softdist\TF Update.exe [2003-11-6 225329]R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2008-2-28 24521]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-1-26 106656]R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\ipsdefs\20130328.001\IDSXpx86.sys [2013-3-28 373728]R3 keycrypt;keycrypt;c:\windows\system32\drivers\KeyCrypt32.sys [2013-1-26 25936]R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\virusdefs\20130328.017\NAVENG.SYS [2013-3-28 93296]R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.1.0.24\definitions\virusdefs\20130328.017\NAVEX15.SYS [2013-3-28 1603824]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys --> c:\windows\system32\drivers\ssadadb.sys [?]S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-12-28 18560]S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-3-7 24576]S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2008-2-28 155184]S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys --> c:\windows\system32\drivers\ssadbus.sys [?]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504].=============== File Associations ===============.ShellExec: TrialPDFFile.exe: Open=c:\progra~1\trialp~1\TrialPDF-file.exe "%1".=============== Created Last 30 ================.2013-03-27 02:54:00 -------- d-----w- c:\documents and settings\jared\application data\Dell2013-03-27 02:53:39 -------- d-----w- c:\documents and settings\all users\application data\PCDr2013-03-26 21:26:00 -------- d-----w- c:\documents and settings\jared\local settings\application data\Deployment2013-03-26 20:34:46 1072544 ----a-w- c:\windows\system32\nvdrsdb1.bin2013-03-26 20:34:46 1072544 ----a-w- c:\windows\system32\nvdrsdb0.bin2013-03-26 20:34:46 1 ----a-w- c:\windows\system32\nvdrssel.bin2013-03-26 20:33:04 -------- d-----w- c:\program files\NVIDIA Corporation2013-03-21 18:17:34 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys2013-03-21 18:17:34 12928 ------w- c:\windows\system32\dllcache\usb8023.sys2013-03-21 02:12:25 -------- d-----w- c:\documents and settings\jared\Citrix2013-03-15 05:42:57 -------- d-----w- C:\67010e40712f819f74430b15d61eec41.==================== Find3M ====================.2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys2013-02-08 09:03:02 19189760 ----a-w- c:\windows\system32\nvoglnt.dll2013-02-08 09:03:02 1010464 ----a-w- c:\windows\system32\nvdispco32.dll2013-02-08 09:03:00 4494336 ----a-w- c:\windows\system32\nv4_disp.dll2013-02-08 09:02:58 7536640 ----a-w- c:\windows\system32\nvcuda.dll2013-02-08 09:02:58 2581792 ----a-w- c:\windows\system32\nvcuvid.dll2013-02-08 09:02:56 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll2013-02-08 09:02:56 2389504 ----a-w- c:\windows\system32\nvapi.dll2013-02-08 09:02:56 17551360 ----a-w- c:\windows\system32\nvcompiler.dll2013-02-08 09:02:44 12648960 ----a-w- c:\windows\system32\drivers\nv4_mini.sys2013-02-08 09:02:42 5967872 ----a-w- c:\windows\system32\nvopencl.dll2013-02-08 09:02:42 1869088 ----a-w- c:\windows\system32\nvcuvenc.dll2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll2013-02-05 20:05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec2013-01-26 18:37:10 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS2013-01-26 18:27:56 82320 ----a-w- c:\windows\system32\drivers\AntiLog32.sys2013-01-26 03:55:44 552448 ------w- c:\windows\system32\oleaut32.dll2013-01-23 05:34:25 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-01-23 05:34:25 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-01-06 01:39:44 7369552 ----a-w- c:\windows\system32\ZALSDKCore.dll2013-01-06 01:39:40 25936 ----a-w- c:\windows\system32\drivers\KeyCrypt32.sys2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll2011-06-19 17:38:52 203776 --sh--w- c:\windows\system32\unrar.exe2011-06-19 17:38:48 203776 --sh--w- c:\windows\system32\51117eefcc491abdd91ea9f0ba5ac18e\unrar.exe.============= FINISH: 2:45:04.75 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume2Install Date: 2/17/2006 1:34:31 PMSystem Uptime: 3/29/2013 1:11:02 AM (1 hours ago).Motherboard: Dell Inc. | | 0WG261Processor: Intel® Pentium® 4 CPU 3.00GHz | Microprocessor | 2992/800mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 122 GiB total, 52.13 GiB free.D: is CDROM (CDFS).==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP871: 12/29/2012 4:13:07 AM - System CheckpointRP872: 12/30/2012 5:24:14 AM - System CheckpointRP873: 12/31/2012 4:12:08 PM - System CheckpointRP874: 1/1/2013 4:54:14 PM - System CheckpointRP875: 1/2/2013 5:54:14 PM - System CheckpointRP876: 1/3/2013 6:54:14 PM - System CheckpointRP877: 1/4/2013 7:06:14 PM - System CheckpointRP878: 1/5/2013 8:18:14 PM - System CheckpointRP879: 1/6/2013 9:42:14 PM - System CheckpointRP880: 1/7/2013 9:54:14 PM - System CheckpointRP881: 1/8/2013 10:54:15 PM - System CheckpointRP882: 1/9/2013 11:18:14 PM - System CheckpointRP883: 1/10/2013 11:42:14 PM - System CheckpointRP884: 1/11/2013 11:54:14 PM - System CheckpointRP885: 1/13/2013 12:06:15 AM - System CheckpointRP886: 1/14/2013 1:18:14 AM - System CheckpointRP887: 1/15/2013 7:13:20 PM - System CheckpointRP888: 1/16/2013 7:54:14 PM - System CheckpointRP889: 1/17/2013 8:54:14 PM - System CheckpointRP890: 1/19/2013 3:19:06 AM - System CheckpointRP891: 1/20/2013 4:30:14 AM - System CheckpointRP892: 1/21/2013 5:30:14 AM - System CheckpointRP893: 1/22/2013 5:54:14 AM - System CheckpointRP894: 1/22/2013 10:33:34 PM - Removed Kaspersky Anti-Virus 2012.RP895: 1/22/2013 11:14:05 PM - Software Distribution Service 3.0RP896: 1/23/2013 12:35:16 AM - Software Distribution Service 3.0RP897: 1/24/2013 1:22:07 AM - System CheckpointRP898: 1/25/2013 2:01:07 AM - System CheckpointRP899: 1/26/2013 2:28:52 AM - System CheckpointRP900: 1/26/2013 1:14:52 PM - Software Distribution Service 3.0RP901: 1/27/2013 4:14:34 PM - System CheckpointRP902: 1/28/2013 4:15:33 PM - System CheckpointRP903: 1/28/2013 9:26:54 PM - Norton Security Suite RegistryRP904: 1/30/2013 2:51:35 PM - System CheckpointRP905: 2/1/2013 10:56:38 AM - System CheckpointRP906: 2/2/2013 11:43:16 AM - System CheckpointRP907: 2/3/2013 12:19:15 PM - System CheckpointRP908: 2/5/2013 4:18:04 AM - System CheckpointRP909: 2/5/2013 3:21:50 PM - Software Distribution Service 3.0RP910: 2/5/2013 6:54:17 PM - Norton Security Suite RegistryRP911: 2/6/2013 7:29:52 PM - System CheckpointRP912: 2/8/2013 8:12:09 AM - System CheckpointRP913: 2/9/2013 8:19:19 AM - System CheckpointRP914: 2/11/2013 12:53:37 AM - System CheckpointRP915: 2/12/2013 7:24:53 AM - System CheckpointRP916: 2/15/2013 8:10:32 AM - System CheckpointRP917: 2/16/2013 8:41:25 AM - System CheckpointRP918: 2/17/2013 8:29:27 PM - System CheckpointRP919: 2/19/2013 10:20:24 AM - System CheckpointRP920: 2/20/2013 11:12:25 AM - System CheckpointRP921: 2/21/2013 2:15:31 AM - Software Distribution Service 3.0RP922: 2/21/2013 11:26:41 AM - Removed Java 6 Update 31RP923: 2/22/2013 12:49:19 PM - System CheckpointRP924: 2/25/2013 5:58:11 AM - System CheckpointRP925: 2/26/2013 7:27:51 AM - System CheckpointRP926: 2/27/2013 8:11:49 AM - System CheckpointRP927: 2/28/2013 11:00:50 AM - System CheckpointRP928: 3/1/2013 11:59:54 AM - System CheckpointRP929: 3/2/2013 9:33:24 PM - System CheckpointRP930: 3/3/2013 10:44:37 PM - System CheckpointRP931: 3/4/2013 11:45:30 PM - System CheckpointRP932: 3/6/2013 6:52:38 AM - System CheckpointRP933: 3/7/2013 12:22:02 PM - System CheckpointRP934: 3/8/2013 2:15:25 PM - System CheckpointRP935: 3/9/2013 2:28:09 PM - System CheckpointRP936: 3/10/2013 4:08:48 PM - System CheckpointRP937: 3/11/2013 5:41:07 PM - System CheckpointRP938: 3/13/2013 1:26:49 AM - System CheckpointRP939: 3/14/2013 7:56:10 AM - System CheckpointRP940: 3/15/2013 1:36:15 AM - Software Distribution Service 3.0RP941: 3/16/2013 9:21:31 AM - System CheckpointRP942: 3/18/2013 5:06:47 AM - System CheckpointRP943: 3/19/2013 6:17:12 AM - System CheckpointRP944: 3/20/2013 6:57:39 AM - System CheckpointRP945: 3/22/2013 1:34:37 AM - Software Distribution Service 3.0RP946: 3/23/2013 4:51:20 PM - System CheckpointRP947: 3/24/2013 8:35:42 PM - System CheckpointRP948: 3/26/2013 8:17:59 AM - System CheckpointRP949: 3/27/2013 8:57:30 AM - System CheckpointRP950: 3/28/2013 10:02:02 AM - System Checkpoint.==== Installed Programs ======================.Acrobat.comActivate EDAdobe AIRAdobe Flash Player 11 ActiveXAdobe Reader 9.5.3AiO_Scan_CDAAiOSoftwareNPIAntiLogger SDK version 1.4.6.637AOLIconApple Application SupportApple Software UpdateATI Control PanelATI Display DriverBCL easyPDF Printer Driver 5.1Belkin Setup and Router MonitorBlackBerry Desktop Software 5.0.1BlackBerry Device Software UpdaterBlackBerry® Media SyncBlackhawk Striker 2Blasterball 2BufferChmC6100c6100_HelpCasino Island To GoCCleanerChuzzle DeluxeCitrix online plug-in - webCitrix online plug-in (DV)Citrix online plug-in (HDX)Citrix online plug-in (USB)Citrix online plug-in (Web)Compatibility Pack for the 2007 Office systemConstant Guard Protection SuiteConsumer Complete Care Services AgreementCoreAAC Audio Decoder (remove only)Corel Paint Shop Pro XCP_CalendarTemplates1cp_OnlineProjectsConfigCP_Package_Basic1CP_Panorama1Configcp_PosterPrintConfigCritical Update for Windows Media Player 11 (KB959772)CueTourDell Digital Jukebox DriverDell Driver Reset ToolDell Game ConsoleDell Support CenterDell System RestoreDellSupportDestinationsDeviceManagementQFolderDigital Content PortalDocProcDocProcQFolderDocumentViewerDocumentViewerQFolderDownload Energy ToolbarEarthLink setup filesEducateUELIconEPSON NX510 Series Printer UninstalleSupportQFolderFacebook Plug-InFATEFax_CDAFullDPAppQFolderGet High Speed Internet!Gogo MP3 To CD BurnerGoogle AFEGoogle Toolbar for Internet ExplorerGorillaGorilla 2.3GoToMeeting 4.0.0.320High Definition Audio Driver Package - KB835221HijackThis 2.0.2Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Internet Explorer 7 (KB947864)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB2779562)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)HP Document Viewer 7.0HP Imaging Device Functions 7.0HP Photosmart Premier Software 6.5HP Photosmart, Officejet and Deskjet 7.0.AHP Product AssistantHP Solution Center 7.0HP UpdateHPPhotoSmartExpressHPProductAssistantHTC Driver InstallerHTC SyncInstantShareDevicesInstantShareDevicesMFCIntel® 537EP V9x DF PCI ModemIntel® Graphics Media Accelerator DriverIntel® PRO Network Connections DriversIntel® PROSet for Wired ConnectionsIrfanView (remove only)J2SE Runtime Environment 5.0 Update 6Java 2 Runtime Environment, SE v1.4.2_03Java 6 Update 31Juniper Citrix Services ClientJuniper Networks, Inc. Setup ClientLeapFrog ConnectLeapFrog Tag Junior PluginLearn2 Player (Uninstall Only)Lemonade Tycoon 2Lernout & Hauspie TruVoice American English TTS EngineMCUMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2742597)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Internationalized Domain Names Mitigation APIsMicrosoft Kernel-Mode Driver Framework Feature Pack 1.7Microsoft National Language Support Downlevel APIsMicrosoft Office File Validation Add-InMicrosoft Office Professional Edition 2003Microsoft Outlook Personal Folders BackupMicrosoft Plus! Digital Media Edition InstallerMicrosoft Plus! Photo Story 2 LEMicrosoft SilverlightMicrosoft Speech Recognition Engine 4.0 (English)Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableModem Event MonitorModem HelperModem On HoldMorningstar OfficeMorningstar Office Prerequisite 3.8Move Media PlayerMSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Musicmatch for Windows Media PlayerNetZeroInstallersNewCopy_CDANorton Security SuiteOCR Software by I.R.I.S 7.0OGA Notifier 2.0.0048.0PanoStandAlonePhoto ClickPhotoGalleryPolar BowlerPolar GolferPowerDVD 5.5PrincipiaProductContextNPIQualxserve Service AgreementQuickTimeQUODD Equity+RandMapReadmeRealNetworks - Microsoft Visual C++ 2008 RuntimeRealPlayerRealUpgrade 1.1Roxio Media ExperienceRoxio Media ManagerScanScannerCopySCRABBLESecurity Task Manager 1.7hSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft Windows (KB2564958)Security Update for Step By Step Interactive Training (KB898458)Security Update for Step By Step Interactive Training (KB923723)Security Update for Windows Internet Explorer 7 (KB938127)Security Update for Windows Internet Explorer 7 (KB942615)Security Update for Windows Internet Explorer 7 (KB944533)Security Update for Windows Internet Explorer 7 (KB950759)Security Update for Windows Internet Explorer 7 (KB956390)Security Update for Windows Internet Explorer 7 (KB958215)Security Update for Windows Internet Explorer 7 (KB960714)Security Update for Windows Internet Explorer 7 (KB961260)Security Update for Windows Internet Explorer 7 (KB963027)Security Update for Windows Internet Explorer 7 (KB969897)Security Update for Windows Internet Explorer 7 (KB972260)Security Update for Windows Internet Explorer 7 (KB974455)Security Update for Windows Internet Explorer 7 (KB976325)Security Update for Windows Internet Explorer 8 (KB2183461)Security Update for Windows Internet Explorer 8 (KB2360131)Security Update for Windows Internet Explorer 8 (KB2416400)Security Update for Windows Internet Explorer 8 (KB2482017)Security Update for Windows Internet Explorer 8 (KB2497640)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2559049)Security Update for Windows Internet Explorer 8 (KB2586448)Security Update for Windows Internet Explorer 8 (KB2618444)Security Update for Windows Internet Explorer 8 (KB2647516)Security Update for Windows Internet Explorer 8 (KB2675157)Security Update for Windows Internet Explorer 8 (KB2699988)Security Update for Windows Internet Explorer 8 (KB2761465)Security Update for Windows Internet Explorer 8 (KB2792100)Security Update for Windows Internet Explorer 8 (KB2797052)Security Update for Windows Internet Explorer 8 (KB2799329)Security Update for Windows Internet Explorer 8 (KB2809289)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB976325)Security Update for Windows Internet Explorer 8 (KB978207)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Encoder (KB2447961)Security Update for Windows Media Encoder (KB954156)Security Update for Windows Media Encoder (KB979332)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB911564)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 10 (KB911565)Security Update for Windows Media Player 10 (KB917734)Security Update for Windows Media Player 10 (KB936782)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2479943)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2491683)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2619339)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2621440)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB2641653)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2647518)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2655992)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2660465)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2685939)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2691442)Security Update for Windows XP (KB2695962)Security Update for Windows XP (KB2698365)Security Update for Windows XP (KB2705219-v2)Security Update for Windows XP (KB2707511)Security Update for Windows XP (KB2712808)Security Update for Windows XP (KB2718523)Security Update for Windows XP (KB2719985)Security Update for Windows XP (KB2723135-v2)Security Update for Windows XP (KB2724197)Security Update for Windows XP (KB2727528)Security Update for Windows XP (KB2753842-v2)Security Update for Windows XP (KB2757638)Security Update for Windows XP (KB2758857)Security Update for Windows XP (KB2770660)Security Update for Windows XP (KB2778344)Security Update for Windows XP (KB2779030)Security Update for Windows XP (KB2780091)Security Update for Windows XP (KB2799494)Security Update for Windows XP (KB2802968)Security Update for Windows XP (KB2807986)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB938464-v2)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951376)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB971961)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)Series 7 Drill and PracticeSigTool Imager Plus v1.0SigTool Imager Plus v1.1SkinsHP1SlideShowSolutionCenterSonic CinePlayer Decoder PackSonic DLASonic RecordNow AudioSonic RecordNow CopySonic RecordNow DataSonic Update ManagerSonic_PrimoSDKStatusThomson Financial TTSLink 8.2 Build 45Thomson ONE 4.4 Build 30ToolboxTopaz e-Signatures SigPlus 3.74Topaz MS Office Plug-In 2.0Total Video2Dvd 2.61TradewindsTrayAppTrial PDF-file v3.0UnloadUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Windows Internet Explorer 7 (KB976749)Update for Windows Internet Explorer 8 (KB2598845)Update for Windows Internet Explorer 8 (KB975364)Update for Windows Internet Explorer 8 (KB976662)Update for Windows Internet Explorer 8 (KB980182)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2541763)Update for Windows XP (KB2616676-v2)Update for Windows XP (KB2641690)Update for Windows XP (KB2661254-v2)Update for Windows XP (KB2718704)Update for Windows XP (KB2736233)Update for Windows XP (KB2749655)Update for Windows XP (KB951072-v2)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)VectorizeViewpoint Media PlayerVisual C++ 2008 x86 Runtime - (v9.0.30729)Visual C++ 2008 x86 Runtime - v9.0.30729.01WebCyberCoach 3.2 DellWebExWebFldrs XPWebRegWildTangent Web DriverWindows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)Windows Genuine Advantage Notifications (KB905474)Windows Internet Explorer 7Windows Internet Explorer 8Windows Live OneCare safety scannerWindows Media Encoder 9 SeriesWindows Media Format 11 runtimeWindows Media Player 10Windows Media Player 11Windows Vista Upgrade AdvisorWindows XP Service Pack 3WordPerfect Office 12XLSTAT 2010Xvid Video CodecYahoo! MessengerYahoo! Software UpdateYahoo! Toolbar.==== Event Viewer Messages From Past Week ========.3/26/2013 4:42:26 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the CGPS Service service to connect.3/26/2013 4:42:26 PM, error: Service Control Manager [7000] - The CGPS Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.3/26/2013 1:43:53 PM, error: DCOM [10000] - Unable to start a DCOM Server: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}. The error: "%1450" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding3/26/2013 1:43:52 PM, error: DCOM [10000] - Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error: "%1450" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe -secured -Embedding3/26/2013 1:37:13 PM, error: DCOM [10000] - Unable to start a DCOM Server: {FFF2D28F-E4EE-44D9-8104-8E71556757F6}. The error: "%1450" Happened while starting this command: "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe" -Embedding3/22/2013 1:48:47 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect..==== End Of File =========================== Link to post Share on other sites More sharing options...
ChowYungPHAT Posted March 30, 2013 Author ID:662802 Share Posted March 30, 2013 Steps Complete.GMER 2.1.19155 - http://www.gmer.netRootkit scan 2013-03-30 02:12:13Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD1600JS-75NCB1 rev.10.02E01 149.01GBRunning: liunvtgm.exe; Driver: C:\DOCUME~1\Jared\LOCALS~1\Temp\pxtdypow.sys---- System - GMER 2.1 ----SSDT 8A8B8448 ZwAlertResumeThreadSSDT 8A8B8528 ZwAlertThreadSSDT 8A8B9D98 ZwAllocateVirtualMemorySSDT 8A89B140 ZwAssignProcessToJobObjectSSDT 8A9526B8 ZwConnectPortSSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwCreateFile [0xB45CFF12]SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey [0xB48D0ED0]SSDT 8A8D8150 ZwCreateMutantSSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwCreateSymbolicLinkObject [0xB45D04D8]SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwCreateThread [0xB45CEB24]SSDT 8A89B008 ZwDebugActiveProcessSSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwDeleteKey [0xB45CFAA6]SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwDeleteValueKey [0xB45CF978]SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwDeviceIoControlFile [0xB45D07D0]SSDT 8A77F138 ZwDuplicateObjectSSDT 8A9678C0 ZwFreeVirtualMemorySSDT 8A906C68 ZwImpersonateAnonymousTokenSSDT 8A906D48 ZwImpersonateThreadSSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwLoadDriver [0xB45CE720]SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwMapViewOfSection [0xB45CE27C]SSDT 8A8D8070 ZwOpenEventSSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwOpenFile [0xB45D028E]SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwOpenKey [0xB45CFECC]SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwOpenProcess [0xB45CF104]SSDT 8A89ED78 ZwOpenProcessTokenSSDT 8A8D5080 ZwOpenSectionSSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwOpenThread [0xB45CF430]SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwProtectVirtualMemory [0xB45D0498]SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwQueueApcThread [0xB45CEE4A]SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwRenameKey [0xB48D1D80]SSDT 8A8C1E48 ZwResumeThreadSSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwSecureConnectPort [0xB45D0430]SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwSetContextThread [0xB45CDFA8]SSDT 8A90FE38 ZwSetInformationProcessSSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwSetSystemInformation [0xB45CEAB6]SSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwSetValueKey [0xB45CFB72]SSDT 8A8D5160 ZwSuspendProcessSSDT 8A8C1F28 ZwSuspendThreadSSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwTerminateProcess [0xB45CF84E]SSDT 8A90BE48 ZwTerminateThreadSSDT 8A90FF28 ZwUnmapViewOfSectionSSDT \??\C:\WINDOWS\system32\drivers\AntiLog32.sys ZwWriteVirtualMemory [0xB45CDBFA]---- Devices - GMER 2.1 ----Device Ntfs.sysAttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYSAttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYSAttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYSAttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYSDevice mrxsmb.sysDevice B12C4D20AttachedDevice fltmgr.sysDevice Cdfs.SYSDevice tfsnifs.sys---- Processes - GMER 2.1 ----Process hidden process (*** hidden *** ) 5204 Process C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe (*** hidden *** ) 5652 ---- Registry - GMER 2.1 ----Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 8337---- Disk sectors - GMER 2.1 ----Disk \Device\Harddisk0\DR0 unknown MBR code---- EOF - GMER 2.1 ---- Link to post Share on other sites More sharing options...
Larusso Posted March 30, 2013 ID:662913 Share Posted March 30, 2013 Download ComboFix from this location:Link 1* IMPORTANT- Save ComboFix.exe to your Desktop====================================================Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications====================================================Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review. Link to post Share on other sites More sharing options...
ChowYungPHAT Posted April 1, 2013 Author ID:663410 Share Posted April 1, 2013 ComboFix 13-03-31.01 - Jared 03/31/2013 3:17.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1752 [GMT -4:00] Running from: c:\documents and settings\Jared\Desktop\ComboFix.exe AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Jared\frnxwmmiey.tmp c:\documents and settings\Jared\g2mdlhlpx.exe c:\documents and settings\Jared\My Documents\~WRL0234.tmp c:\documents and settings\Jared\My Documents\~WRL0898.tmp c:\documents and settings\Jared\My Documents\~WRL2666.tmp c:\documents and settings\Jared\My Documents\~WRL4003.tmp c:\documents and settings\Jared\My Documents\~WRL4049.tmp c:\program files\Shared c:\windows\system32\535816040 c:\windows\system32\535816040\frt0.rar c:\windows\system32\535816040\frt0.rar.ver c:\windows\system32\535816040\frt1.rar c:\windows\system32\535816040\frt1.rar.ver c:\windows\system32\535816040\frt10.rar c:\windows\system32\535816040\frt10.rar.ver c:\windows\system32\535816040\frt11.rar c:\windows\system32\535816040\frt11.rar.ver c:\windows\system32\535816040\frt12.rar c:\windows\system32\535816040\frt12.rar.ver c:\windows\system32\535816040\frt13.rar c:\windows\system32\535816040\frt13.rar.ver c:\windows\system32\535816040\frt14.rar c:\windows\system32\535816040\frt14.rar.ver c:\windows\system32\535816040\frt15.rar c:\windows\system32\535816040\frt15.rar.ver c:\windows\system32\535816040\frt2.rar c:\windows\system32\535816040\frt2.rar.ver c:\windows\system32\535816040\frt3.rar c:\windows\system32\535816040\frt3.rar.ver c:\windows\system32\535816040\frt4.rar c:\windows\system32\535816040\frt4.rar.ver c:\windows\system32\535816040\frt5.rar c:\windows\system32\535816040\frt5.rar.ver c:\windows\system32\535816040\frt6.rar c:\windows\system32\535816040\frt6.rar.ver c:\windows\system32\535816040\frt7.rar c:\windows\system32\535816040\frt7.rar.ver c:\windows\system32\535816040\frt8.rar c:\windows\system32\535816040\frt8.rar.ver c:\windows\system32\535816040\frt9.rar c:\windows\system32\535816040\frt9.rar.ver c:\windows\system32\846861712 c:\windows\system32\846861712\new.i5.kwd c:\windows\system32\846861712\new.i6.kwd c:\windows\system32\akjqpiuf.ini c:\windows\system32\drivers\etc\lmhosts c:\windows\system32\drrqdsvh.ini c:\windows\system32\eejyyuxv.ini c:\windows\system32\eujjyrtw.ini c:\windows\system32\glppnbuo.ini c:\windows\system32\lqplmukm.ini c:\windows\system32\SCbddMoq.ini c:\windows\system32\SCbddMoq.ini2 c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\msvcr71.dll.int c:\windows\system32\URTTemp\regtlib.exe c:\windows\system32\xicnuffc.ini c:\windows\system32\xniigpkd.ini c:\windows\wininit.ini c:\windows\wt c:\windows\wt\data.wts c:\windows\wt\updater\wcmdmgr.exe c:\windows\wt\updater\wcmdmgrl.exe c:\windows\wt\updater\wt.ini c:\windows\wt\webdriver.dll c:\windows\wt\webdriver\4.1.1\actorobject.dll c:\windows\wt\webdriver\4.1.1\dx5drv.dll c:\windows\wt\webdriver\4.1.1\dx7drv.dll c:\windows\wt\webdriver\4.1.1\objectbundle.dll c:\windows\wt\webdriver\4.1.1\sound.dll c:\windows\wt\webdriver\4.1.1\wdcaps.ded c:\windows\wt\webdriver\4.1.1\wdengine.dll c:\windows\wt\webdriver\4.1.1\webdriver.dll c:\windows\wt\webdriver\4.1.1\wthost.exe c:\windows\wt\webdriver\4.1.1\wthostctl.dll c:\windows\wt\webdriver\4.1.1\wtmulti.dll c:\windows\wt\webdriver\4.1.1\wtmulti.jar c:\windows\wt\webdriver\4.1.1\wtwmplug.ax c:\windows\wt\webdriver\4.1.1\wtwmplug.ini c:\windows\wt\webdriver\export.dat c:\windows\wt\webdriver\jdriver.dll c:\windows\wt\webdriver\rdriver.dll c:\windows\wt\webdriver\wildtangent.jar c:\windows\wt\webdriver\wtdmmp.dll c:\windows\wt\webdriver\wtdmmpi.jar c:\windows\wt\webdriver\wtdmmpv.dll c:\windows\wt\wt3d.dll c:\windows\wt\wt3d.ini c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\controlPanel\index.html c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\update_info\data.wts c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmp.dll c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpi.jar c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpv.dll c:\windows\wt\wtupdates\dmmp\3.0.2.000\install\dmmp.cdanfo c:\windows\wt\wtupdates\dmmp\3.0.2.000\install\DMMP_Uninstall.cdas c:\windows\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll c:\windows\wt\wtupdates\DRM\3.2.0.19\files\wt.sto c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas c:\windows\wt\wtupdates\webd\4.1.1\files\actorobject.dll c:\windows\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html c:\windows\wt\wtupdates\webd\4.1.1\files\dx5drv.dll c:\windows\wt\wtupdates\webd\4.1.1\files\dx7drv.dll c:\windows\wt\wtupdates\webd\4.1.1\files\jdriver.dll c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\data.wts c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll c:\windows\wt\wtupdates\webd\4.1.1\files\npWTHost.dll c:\windows\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt c:\windows\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll c:\windows\wt\wtupdates\webd\4.1.1\files\rdriver.dll c:\windows\wt\wtupdates\webd\4.1.1\files\Sound.dll c:\windows\wt\wtupdates\webd\4.1.1\files\update_info\data.wts c:\windows\wt\wtupdates\webd\4.1.1\files\wdcaps.ded c:\windows\wt\wtupdates\webd\4.1.1\files\wdengine.dll c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas c:\windows\wt\wtupdates\webd\4.1.1\files\webdriver.dll c:\windows\wt\wtupdates\webd\4.1.1\files\wildtangent.jar c:\windows\wt\wtupdates\webd\4.1.1\files\wt3d.ini c:\windows\wt\wtupdates\webd\4.1.1\files\WTHost.exe c:\windows\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.dll c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.jar c:\windows\wt\wtupdates\webd\4.1.1\files\wtvh.dll c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\controlpanel\index.html c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl.cdanfo c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl_Uninstall.cdas c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\WireControl.dll c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel\index.html c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll c:\windows\wt\wtupdates\wtdmmp\update_info\data.wts c:\windows\wt\wtupdates\wtupdater\appinfo.dat c:\windows\wt\wtupdates\wtwebdriver\update_info\data.wts c:\windows\wt\wtvh.dll . . ((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-31 ))))))))))))))))))))))))))))))) . . 2013-03-27 02:54 . 2013-03-27 02:54 -------- d-----w- c:\documents and settings\Jared\Application Data\Dell 2013-03-27 02:53 . 2013-03-27 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr 2013-03-26 21:26 . 2013-03-26 21:30 -------- d-----w- c:\documents and settings\Jared\Local Settings\Application Data\Deployment 2013-03-26 20:34 . 2013-03-26 20:34 1072544 ----a-w- c:\windows\system32\nvdrsdb0.bin 2013-03-26 20:34 . 2013-03-26 20:34 1 ----a-w- c:\windows\system32\nvdrssel.bin 2013-03-26 20:34 . 2013-03-26 20:34 1072544 ----a-w- c:\windows\system32\nvdrsdb1.bin 2013-03-26 20:33 . 2013-03-26 20:33 -------- d-----w- c:\program files\NVIDIA Corporation 2013-03-21 18:17 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys 2013-03-21 18:17 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023.sys 2013-03-21 02:12 . 2013-03-21 02:12 -------- d-----w- c:\documents and settings\Jared\Citrix 2013-03-15 05:42 . 2013-03-15 05:49 -------- d-----w- C:\67010e40712f819f74430b15d61eec41 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-12 00:32 . 2008-12-19 18:44 12928 ------w- c:\windows\system32\drivers\usb8023x.sys 2013-02-12 00:32 . 2004-08-11 23:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-02-08 09:03 . 2013-02-08 09:03 19189760 ----a-w- c:\windows\system32\nvoglnt.dll 2013-02-08 09:03 . 2013-02-08 09:03 1010464 ----a-w- c:\windows\system32\nvdispco32.dll 2013-02-08 09:03 . 2004-08-11 23:08 4494336 ----a-w- c:\windows\system32\nv4_disp.dll 2013-02-08 09:02 . 2013-02-08 09:02 7536640 ----a-w- c:\windows\system32\nvcuda.dll 2013-02-08 09:02 . 2013-02-08 09:02 2581792 ----a-w- c:\windows\system32\nvcuvid.dll 2013-02-08 09:02 . 2013-02-08 09:02 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll 2013-02-08 09:02 . 2013-02-08 09:02 2389504 ----a-w- c:\windows\system32\nvapi.dll 2013-02-08 09:02 . 2013-02-08 09:02 17551360 ----a-w- c:\windows\system32\nvcompiler.dll 2013-02-08 09:02 . 2004-08-11 23:08 12648960 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2013-02-08 09:02 . 2013-02-08 09:02 5967872 ----a-w- c:\windows\system32\nvopencl.dll 2013-02-08 09:02 . 2013-02-08 09:02 1869088 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-02-05 20:05 . 2004-08-11 23:00 916480 ----a-w- c:\windows\system32\wininet.dll 2013-02-05 20:05 . 2004-08-11 23:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-02-05 20:05 . 2004-08-11 23:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-02-05 05:53 . 2004-08-11 23:00 385024 ----a-w- c:\windows\system32\html.iec 2013-01-26 18:37 . 2013-01-26 18:37 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2013-01-26 18:27 . 2013-01-26 18:27 82320 ----a-w- c:\windows\system32\drivers\AntiLog32.sys 2013-01-26 03:55 . 2004-08-11 23:00 552448 ------w- c:\windows\system32\oleaut32.dll 2013-01-23 05:34 . 2012-07-25 06:15 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-23 05:34 . 2011-11-27 23:14 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-07 01:19 . 2004-08-11 23:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-07 00:37 . 2004-08-04 04:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-01-06 01:39 . 2013-01-26 18:27 7369552 ----a-w- c:\windows\system32\ZALSDKCore.dll 2013-01-06 01:39 . 2013-01-26 18:27 25936 ----a-w- c:\windows\system32\drivers\KeyCrypt32.sys 2013-01-04 01:20 . 2004-08-11 23:00 1867264 ----a-w- c:\windows\system32\win32k.sys 2013-01-02 06:49 . 2004-08-11 23:00 1292288 ----a-w- c:\windows\system32\quartz.dll 2013-01-02 06:49 . 2004-08-11 23:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax 2011-06-19 17:38 203776 --sh--w- c:\windows\system32\unrar.exe 2011-06-19 17:38 203776 --sh--w- c:\windows\system32\51117EEFCC491ABDD91EA9F0BA5AC18E\unrar.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{ad708c09-d51b-45b3-9d28-4eba2681febf}] 2011-03-28 16:22 176936 ----a-w- c:\program files\Download_Energy\prxtbDow0.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-13 1117184] "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2008-10-24 206112] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "DMXLauncher"="c:\program files\Sonic\Product\Media Experience\DMXLauncher.exe" [2007-04-02 113400] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064] "Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016] "InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-19 273544] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-12-01 103768] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KEYCRY~1\KeyCrypt32(1).dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Principia Online Update.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Principia Online Update.lnk backup=c:\windows\pss\Principia Online Update.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate] 2010-03-11 02:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "getPlusHelper"=3 (0x3) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\Nortel Networks\\Extranet.exe"= "c:\\Program Files\\Thomson Financial\\Thomson ONE\\sharedrdc.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Morningstar\\Office\\MStarAWD.exe"= "c:\\Program Files\\Morningstar\\Office\\AWDImport.exe"= "c:\\Program Files\\Morningstar\\Office\\MSUpdate.exe"= "c:\\Program Files\\Morningstar\\Office\\MSUpdateVista.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\1402000.013\symds.sys [1/26/2013 3:44 PM 368288] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\1402000.013\symefa.sys [1/26/2013 3:44 PM 927904] R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog32.sys [1/26/2013 2:27 PM 82320] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130322.001\BHDrvx86.sys [3/21/2013 9:52 PM 997464] R1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360\1402000.013\ccsetx86.sys [1/26/2013 3:44 PM 134304] R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [11/30/2009 4:29 PM 65584] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\1402000.013\ironx86.sys [1/26/2013 3:44 PM 175264] R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [1/14/2013 10:15 AM 66600] R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\20.2.0.19\ccsvchst.exe [1/26/2013 3:44 PM 143928] R2 TF Update;TF Update;c:\program files\Thomson Financial\Thomson ONE\Softdist\TF Update.exe [11/6/2003 10:54 AM 225329] R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2/28/2008 3:32 PM 24521] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/26/2013 3:00 PM 106656] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130329.001\IDSXpx86.sys [3/30/2013 1:22 AM 373728] R3 keycrypt;keycrypt;c:\windows\system32\drivers\KeyCrypt32.sys [1/26/2013 2:27 PM 25936] S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys --> c:\windows\system32\Drivers\ssadadb.sys [?] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/28/2009 12:42 PM 18560] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [3/7/2011 6:29 PM 24576] S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2/28/2008 3:32 PM 155184] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys --> c:\windows\system32\DRIVERS\ssadbus.sys [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2013-03-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2013-03-27 22:00] . 2013-03-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3093809474-2614502595-1926233828-1008.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47] . 2013-03-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3093809474-2614502595-1926233828-1008.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47] . 2013-03-31 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2013-03-27 22:00] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.yahoo.com/ mStart Page = about:blank IE: Download with &Shareaza - c:\program files\Morpheus Music\RazaWebHook.dll/3000 Trusted Zone: citigroup.com\site01.remoteoffice Trusted Zone: nsroot.net\ctrxnacts.wlb3.nam TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{657E195F-066D-435C-92DB-7C261E6FE832} - (no file) Toolbar-10 - (no file) Toolbar-!{ad708c09-d51b-45b3-9d28-4eba2681febf} - (no file) AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-03-31 16:22 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\20.2.0.19\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3093809474-2614502595-1926233828-1008\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(4468) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\SCardSvr.exe c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\stsystra.exe c:\program files\Citrix\ICA Client\wfcrun32.exe c:\program files\Common Files\Teleca Shared\logger.exe c:\program files\Common Files\Teleca Shared\Generic.exe c:\program files\Common Files\Teleca Shared\CapabilityManager.exe c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe . ************************************************************************** . Completion time: 2013-03-31 16:31:08 - machine was rebooted ComboFix-quarantined-files.txt 2013-03-31 20:31 . Pre-Run: 55,538,905,088 bytes free Post-Run: 55,352,414,208 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 92C880B7EC4DE2D902DF4D1F6E3EB7B7 Link to post Share on other sites More sharing options...
ChowYungPHAT Posted April 2, 2013 Author ID:664048 Share Posted April 2, 2013 Does anything look suspicious? (wrong)? Link to post Share on other sites More sharing options...
Larusso Posted April 4, 2013 ID:664751 Share Posted April 4, 2013 Hy there and sorry for the delay.I didn't recieve a notification, that you replied.Could you please attach the Combofix.txt ? ( do not run Combofix again ). Link to post Share on other sites More sharing options...
ChowYungPHAT Posted April 5, 2013 Author ID:665037 Share Posted April 5, 2013 You want me to actually attach the file itself? Not copy/paste? How do I do that? Link to post Share on other sites More sharing options...
Larusso Posted April 5, 2013 ID:665110 Share Posted April 5, 2013 Click on "More Reply Options", "Browse" to the C:\Combofix.txt and click "Attach this file" Link to post Share on other sites More sharing options...
ChowYungPHAT Posted April 6, 2013 Author ID:665740 Share Posted April 6, 2013 PostedComboFix.txt Link to post Share on other sites More sharing options...
Larusso Posted April 8, 2013 ID:666331 Share Posted April 8, 2013 hm, the 3rd time i clicked on the follow button -.-How is your system behaving now ? Link to post Share on other sites More sharing options...
ChowYungPHAT Posted April 8, 2013 Author ID:666348 Share Posted April 8, 2013 Requires frequent reboots due to Internet Explorer freezing. Often takes several minutes to switch between windows. Each IE window is using over 100 MB RAM, which seems high. Link to post Share on other sites More sharing options...
Larusso Posted April 9, 2013 ID:666553 Share Posted April 9, 2013 Any other issues like google redirections or similar things ?Do you have a USB drive handy ? Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.Download TDSSKiller.exe and save it to your desktopExecute TDSSKiller.exe by doubleclicking on it.Press Start ScanIf Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt Please post the contents of that log in your next reply. Link to post Share on other sites More sharing options...
ChowYungPHAT Posted April 9, 2013 Author ID:666775 Share Posted April 9, 2013 Yeah, I have a couple flash drives around here. I haven't experienced any redirects. I've run multiple scans that have produced no issues. I've dusted inside the case but the processor seems to be running very hot. I don't know what is a normal temperature but it will burn you almost instantly.No objects found. Log is too long to post so I'm attaching.TDSSKiller.2.8.16.0_09.04.2013_16.42.19_log.txt Link to post Share on other sites More sharing options...
Larusso Posted April 10, 2013 ID:667028 Share Posted April 10, 2013 Hy there.Was the PC also slow before you asked here for help or while we are working ( exactly after running Gmer ) ?Your logs are looking good so far Link to post Share on other sites More sharing options...
ChowYungPHAT Posted April 11, 2013 Author ID:667409 Share Posted April 11, 2013 Yes, my PC was slow before I posted here. That's what brought me here.If the logs look clean then I'm assuming this is a hardware issue...? Link to post Share on other sites More sharing options...
ChowYungPHAT Posted April 11, 2013 Author ID:667410 Share Posted April 11, 2013 Or could this be related to my Anti-Virus? Link to post Share on other sites More sharing options...
Larusso Posted April 11, 2013 ID:667467 Share Posted April 11, 2013 Yes, it can be Norton but let me check a few things before we start to find the problem Download OTL to your Desktop.Double click on the OTL icon to run it. In the Extra Registry group check Use SafeList. Make sure all other windows are closed to let it run uninterrupted. Click on the Run Scan Button. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please post both in your next reply. Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 13, 2013 ID:690622 Share Posted June 13, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts