Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Windows XP Windows XP
Search Search
Search for:
Tech Support Guy > > >

Solved: noproblemppc


(!)

jdn's Avatar
jdn   (Jack) jdn is offline
Computer Specs
Member with 161 posts.
THREAD STARTER
 
Join Date: Dec 2009
Experience: Intermediate
13-Sep-2012, 07:53 AM #1
Solved: noproblemppc
Recently started getting a window appearing every time I get on the internet asking to compare various services .It's from a company called noproblemppc. Anyone know how I can get rid of this?
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,617 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
13-Sep-2012, 12:44 PM #2
Like a pop up ad?


What browser are you using?
jdn's Avatar
jdn   (Jack) jdn is offline
Computer Specs
Member with 161 posts.
THREAD STARTER
 
Join Date: Dec 2009
Experience: Intermediate
14-Sep-2012, 07:27 AM #3
Yes, a pop up. I am using Mozilla Firefox. I tried to attach a photo of it. Not sure if it worked.
Attached Thumbnails
Solved: noproblemppc-screenshot001.jpg  
DoubleHelix's Avatar
Account Disabled with 24,388 posts.
 
Join Date: Dec 2004
14-Sep-2012, 08:35 AM #4
Did you allow someone who called you to connect to your computer to "fix" problems they said your computer reportedly had?
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 57,699 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
14-Sep-2012, 09:01 AM #5
Your pop-up is probably associated with this site.

----------------------------------------------------------

Go here and click the green "Download latest version" link to download and save HiJackThis 2.0.4

After it's been downloaded and saved, close all open windows first, then double-click the saved file to install it.

Allow it to install in its default location - C:\Program Files.

After it's been installed, start it and allow its main window to load.

Uncheck "Do not show this window when I start HiJackThis".

Click "Do a system scan and save a log file".

When the scan is finished in 30 - 60 seconds, a log file will appear.

Save that log file.

Return here to your thread, then copy-and-paste the ENTIRE log file here.

----------------------------------------------------------
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,617 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
14-Sep-2012, 10:42 AM #6
Please do this too:

Please download DDS by sUBs to your desktop from one of the following locations:

http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.forospyware.com/sUBs/dds

Disable any script blocker you may have, as they may interfere and then double-click the DDS.scr to run the tool.

When DDS has finished scanning, it will open two logs named as follows:

DDS.txt
Attach.txt


Save them both to your desktop and then proceed on to the next step.

Please download GMER from: http://gmer.net/index.php

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are unchecked on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the Scan button and when the scan is finished, click Save and save the log in Notepad with the name ark.txt to your desktop.

Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the PC during the scan as it may cause it to freeze.

Please post the requested logs/reports, as follows:

Copy and paste the contents of the DDS.txt file.
Upload as an attachment the Attach.txt file.
Copy and paste the contents of the ark.txt file.
__________________
Microsoft MVP - Consumer Security
If we've helped you, please donate to TSG!
Phantom010's Avatar
Phantom010 has a Photo Album
Computer Specs
Trusted Advisor with 32,317 posts.
 
Join Date: Mar 2009
Location: Cyberspace
Experience: Advanced
14-Sep-2012, 10:51 AM #7
Quote:
Originally Posted by flavallee View Post
Your pop-up is probably associated with this site.
Yeah, according to WOT, the site has a poor reputation.
jdn's Avatar
jdn   (Jack) jdn is offline
Computer Specs
Member with 161 posts.
THREAD STARTER
 
Join Date: Dec 2009
Experience: Intermediate
14-Sep-2012, 12:37 PM #8
I'm going to answer your comments one at a time.

For Double Helix No one had access to work on my computer.

For all: When I use Internet Explorer, the popup does not appear.
jdn's Avatar
jdn   (Jack) jdn is offline
Computer Specs
Member with 161 posts.
THREAD STARTER
 
Join Date: Dec 2009
Experience: Intermediate
14-Sep-2012, 12:40 PM #9
For Flavalee

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:03:14 AM, on 7/5/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.foxsports.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O1 - Hosts: ::1 localhost #[IPv6]
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKCU\..\Run: [Cookienator] "C:\Program Files\Cookienator\cookienator.exe" /auto
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
O4 - Global Startup: E Mail.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - Global Startup: Shortcut to FMRMD32.EXE.lnk = D:\Createacard\FMRMD32.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1276602761203
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - (no file)
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

--
End of file - 4878 bytes
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 57,699 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
14-Sep-2012, 12:57 PM #10
Don't forget to submit the requested logs and information in post #6.

-------------------------------------------------------

Download and save and then install the free version of

Malwarebytes Anti-Malware 1.65.0.1400

SUPERAntiSpyware 5.5.0.1016

Make sure to update their definition files during the install process.

Make sure to uncheck and decline to install any extras, such as toolbars and homepages, they may offer.

Make sure to uncheck or decline to use the "Pro" or "Trial" version, if it's offered.

After they're installed and updated, restart the computer.

DON'T run any scans with them yet.

-------------------------------------------------------
jdn's Avatar
jdn   (Jack) jdn is offline
Computer Specs
Member with 161 posts.
THREAD STARTER
 
Join Date: Dec 2009
Experience: Intermediate
14-Sep-2012, 01:10 PM #11
For Cheeseball81

When I went to GMER I got a message that said "GMER has found system Modification caused by rootkit activity"

I don't know what a CD Emulation program is so I don't know if I have one.

DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by Jack at 12:42:34 on 2012-09-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1400 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/sb/*http://www.yahoo.com/search/ie.html
uStart Page = hxxp://msn.foxsports.com/
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/su/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [Gadwin PrintScreen] "c:\program files\gadwin systems\printscreen\PrintScreen.exe" /nosplash
uRun: [Cookienator] "c:\program files\cookienator\cookienator.exe" /auto
uRun: [RoxioDragToDisc] c:\program files\roxio\drag-to-disc\DrgToDsc.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\email~1.lnk - c:\program files\mozilla thunderbird\thunderbird.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - d:\createacard\FMRMD32.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1345045081250
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B966DE5D-DB48-498C-AD0E-BEAEFF1DD448} : DhcpNameServer = 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = :\windows\syste
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jack\application data\mozilla\firefox\profiles\m6co0c4z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/|http://maps.google.com/|http://www.w...animation=true
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\jack\application data\mozilla\firefox\profiles\m6co0c4z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\jack\application data\mozilla\firefox\profiles\m6co0c4z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\jack\application data\mozilla\firefox\profiles\m6co0c4z.default\extensions\{4e77edad-9566-4089-88d1-c81498cee770}\components\dtTransparency.dll
FF - component: c:\documents and settings\jack\application data\mozilla\firefox\profiles\m6co0c4z.default\extensions\{4e77edad-9566-4089-88d1-c81498cee770}\components\dtTransparency3.5.dll
FF - component: c:\documents and settings\jack\application data\mozilla\firefox\profiles\m6co0c4z.default\extensions\{4e77edad-9566-4089-88d1-c81498cee770}\components\dtTransparency3.6.dll
FF - plugin: c:\documents and settings\jack\application data\move networks\plugins\npqmp071706000001.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10516.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=make&q=
FF - user.js: extensions.funmoods_i.id - f8b0668800000000000000167638ac6c
FF - user.js: extensions.funmoods_i.instlDay - 15457
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.168:52:55
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - make
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-1-23 40560]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2012-6-12 16064]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-11-21 12184]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2008-12-24 80256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2012-6-12 53952]
S3 PSVolAcc;PSVolAcc;c:\windows\system32\drivers\PSVolAcc.sys [2012-6-12 12992]
S3 wimmount;wimmount;c:\windows\system32\drivers\wimmount.sys [2009-7-13 19024]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-13 250568]
S4 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
S4 Freemake Improver;Freemake Improver;c:\documents and settings\all users\application data\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2012-4-27 96768]
S4 gupdate1ca833a9bea4bcb;Google Update Service (gupdate1ca833a9bea4bcb);c:\program files\google\update\GoogleUpdate.exe [2009-12-22 133104]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-22 133104]
S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-7 114144]
S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2011-3-15 428384]
S4 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2012-6-12 224960]
S4 SgtSch2Svc;Seagate Scheduler2 Service;"c:\program files\common files\seagate\schedule2\schedul2.exe" --> c:\program files\common files\seagate\schedule2\schedul2.exe [?]
.
=============== Created Last 30 ================
.
2012-09-14 16:15:10 388096 ----a-r- c:\documents and settings\jack\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-09-14 11:37:28 7022536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{efb3e4d7-1f90-44ba-b864-5015ddb622da}\mpengine.dll
2012-09-14 10:06:27 7022536 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-04 23:48:18 -------- d-----w- c:\documents and settings\jack\local settings\application data\Thunderbird
2012-09-02 10:16:29 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-31 11:22:52 -------- d--h--w- c:\documents and settings\jack\YSI
2012-08-31 11:22:47 -------- d-----w- c:\documents and settings\jack\application data\YouSendIt
2012-08-31 11:19:55 -------- d-----w- c:\program files\YouSendIt Desktop App
.
==================== Find3M ====================
.
2012-09-02 10:22:53 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-02 10:22:52 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-02 10:15:42 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-02 10:15:40 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-02 10:15:40 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
2012-06-27 02:14:52 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-06-25 20:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
2006-05-03 16:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 17:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 19:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 04:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
============= FINISH: 12:44:19.40 ===============


ark. txt
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-14 13:01:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-f WDC_WD800JD-75MSA1 rev.10.01E01
Running: gmer.exe; Driver: C:\DOCUME~1\Jack\LOCALS~1\Temp\pxtdypog.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Jack\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[716] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 011C0C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[716] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 013F7B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[716] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 013F7B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[716] kernel32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 011C3FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[716] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 013F7AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device 9E41CD20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1

---- EOF - GMER 1.0.15 ----
Attached Files
File Type: txt Attach.txt (11.4 KB, 82 views)
jdn's Avatar
jdn   (Jack) jdn is offline
Computer Specs
Member with 161 posts.
THREAD STARTER
 
Join Date: Dec 2009
Experience: Intermediate
14-Sep-2012, 01:19 PM #12
For flavallee

I have both programs with the latest definition updates. If you want me to run them, should I do a quick or full scan?
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 57,699 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
14-Sep-2012, 01:20 PM #13
I suggest you go to Control Panel - Add Or Remove Programs, then uninstall/remove

CCleaner

Defraggler

EasyCleaner

MyDefrag

TweakUI


Registry cleaner/fixer/tweak/tuneup type programs are a good way to damage Windows and break programs and generate error/warning messages and wreak havoc with a computer.

-----------------------------------------------------
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 57,699 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
14-Sep-2012, 01:23 PM #14
Quote:
Originally Posted by jdn View Post
For flavallee

I have both programs with the latest definition updates. If you want me to run them, should I do a quick or full scan?
A complete/full scan will take much longer to run than a quick scan, and it usually isn't needed.

DON'T run a quick scan with them until you've heard from Cheeseball81 to see what she wants you to do.

Once you're given the "all clear" to run a quick scan, make sure not to use the computer while each scan is in progress.

Once each quick scan is finished, make sure to select and remove EVERYTHING it found.

--------------------------------------------------------
jdn's Avatar
jdn   (Jack) jdn is offline
Computer Specs
Member with 161 posts.
THREAD STARTER
 
Join Date: Dec 2009
Experience: Intermediate
14-Sep-2012, 01:33 PM #15
I don't use the CCleaner program or any other program to clean the registry. I have only been using Deflagger for analysis purposes. Should I still remove them?
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑