1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer Freezing at Random times.

Discussion in 'Virus & Other Malware Removal' started by Aelyte, Jan 12, 2013.

Thread Status:
Not open for further replies.
  1. Aelyte

    Aelyte Thread Starter

    Joined:
    Jan 12, 2013
    Messages:
    5
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:10:48 PM, on 1/12/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Users\CHIP\jagexcache\jagexlauncher\bin\JagexLauncher.exe
    C:\Program Files\Hotspot Shield\bin\openvpntray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
    C:\Users\CHIP\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.glarysoft.com/?src=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.glarysoft.com/?src=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.glarysoft.com/?src=iehome
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://isearch.glarysoft.com/?q=%s&src=iesearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~1\BROWER~1\ASCPLU~1.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
    O3 - Toolbar: (no name) - {97ab88ef-346b-4179-a0b1-7445896547a5} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] c:\program files\windows media player\wmpnscfg.exe
    O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
    O9 - Extra button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - (no file)
    O9 - Extra 'Tools' menuitem: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - (no file)
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O17 - HKLM\System\CCS\Services\Tcpip\..\{743B7FFA-CD2B-4414-9CF5-7F192ED2F6F9}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9F361DC4-4D49-45A2-BA5E-4EA56DA6916A}: NameServer = 208.67.222.222,208.67.220.220
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
    O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
    O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
    O23 - Service: MBAMService - Unknown owner - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 4427 bytes
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_38
    Run by CHIP at 21:02:05 on 2013-01-12
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2494.1358 [GMT -5:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Hotspot Shield\bin\hsswd.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
    C:\Program Files\Trend Micro\TTi_HE_Download_32bit\Setup.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\iashost.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Users\CHIP\jagexcache\jagexlauncher\bin\JagexLauncher.exe
    C:\Program Files\Trend Micro\TTi_HE_Download_32bit\Vizor32\VizorHtmlDialog.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Hotspot Shield\bin\openvpntray.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\msiexec.exe
    C:\Windows\system32\MsiExec.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
    C:\Windows\system32\wermgr.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    mStart Page = hxxp://isearch.glarysoft.com/?src=iehome
    mSearch Page = hxxp://isearch.glarysoft.com/?src=iesearch
    mDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
    mDefault_Search_URL = hxxp://isearch.glarysoft.com/?src=iesearch
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\advanced systemcare 6\browerprotect\ASCPlugin_Protection.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\hotspot shield\hssie\HssIE.dll
    uRun: [WMPNSCFG] c:\program files\windows media player\wmpnscfg.exe
    uRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - <orphaned>
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
    TCP: NameServer = 24.159.64.23 24.217.201.67 66.189.0.100
    TCP: Interfaces\{27212006-E50B-4ABE-8BE7-C0D942DA8DCE} : DHCPNameServer = 10.11.0.1
    TCP: Interfaces\{743B7FFA-CD2B-4414-9CF5-7F192ED2F6F9} : NameServer = 208.67.222.222,208.67.220.220
    TCP: Interfaces\{743B7FFA-CD2B-4414-9CF5-7F192ED2F6F9} : DHCPNameServer = 24.159.64.23 24.217.201.67 66.189.0.100
    TCP: Interfaces\{9F361DC4-4D49-45A2-BA5E-4EA56DA6916A} : NameServer = 208.67.222.222,208.67.220.220
    TCP: Interfaces\{E665A3DB-39D3-4C52-A950-12D945A54A22} : DHCPNameServer = 8.8.8.8
    SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - <orphaned>
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\chip\application data\mozilla\firefox\profiles\jmmnp49t.default\
    FF - prefs.js: browser.startup.homepage - Google.com
    FF - plugin: c:\program files\iobit\advanced systemcare 6\browerprotect\np_Asc_plugin.dll
    FF - plugin: c:\program files\iobit\advanced systemcare 6\browerprotect\NPASCSafariPluginProtect.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\chip\application data\mozilla\plugins\npjp2.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    FF - ExtSQL: 2013-01-08 22:58; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\chip\application data\mozilla\firefox\profiles\jmmnp49t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    FF - ExtSQL: 2013-01-08 23:00; [email protected]; c:\users\chip\application data\mozilla\firefox\profiles\jmmnp49t.default\extensions\[email protected]
    FF - ExtSQL: 2013-01-08 23:08; [email protected]; c:\users\chip\application data\mozilla\firefox\profiles\jmmnp49t.default\extensions\[email protected]
    FF - ExtSQL: 2013-01-10 18:41; [email protected]; c:\users\chip\application data\mozilla\firefox\profiles\jmmnp49t.default\extensions\[email protected]
    FF - ExtSQL: 2013-01-11 21:57; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
    FF - ExtSQL: 2013-01-12 16:43; [email protected]; c:\program files\mozilla firefox\extensions\[email protected]
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: nglayout.initialpaint.delay - 0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2013-1-10 36040]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2012-8-2 24408]
    R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [2012-6-8 43608]
    R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [2012-8-13 144344]
    R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2013-1-10 464256]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2013-1-10 533288]
    R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2013-1-10 389928]
    R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [2012-5-25 25944]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2012-7-25 25944]
    R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-5-24 501248]
    R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-1-10 37064]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 MBAMService;MBAMService;"c:\program files\malwarebytes' anti-malware\mbamservice.exe" --> c:\program files\malwarebytes' anti-malware\mbamservice.exe [?]
    S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-1-20 987648]
    S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-1-20 251904]
    S4 MBAMScheduler;MBAMScheduler;"c:\program files\malwarebytes' anti-malware\mbamscheduler.exe" --> c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [?]
    .
    =============== Created Last 30 ================
    .
    2013-01-13 01:50:58 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{139371ea-43c9-4214-a3fc-bce93c2c3e38}\offreg.dll
    2013-01-13 01:46:49 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{139371ea-43c9-4214-a3fc-bce93c2c3e38}\mpengine.dll
    2013-01-13 01:18:48 1356 -c--a-w- c:\users\chip\appdata\local\d3d9caps.tmp
    2013-01-13 00:35:41 -------- dc----w- c:\program files\Trend Micro
    2013-01-12 21:43:31 -------- dc----w- c:\programdata\Hotspot Shield
    2013-01-12 21:43:24 -------- dc----w- c:\program files\Hotspot Shield
    2013-01-12 02:57:50 -------- dc----w- c:\program files\Sun
    2013-01-11 01:39:29 26624 -c--a-w- c:\windows\system32\drivers\tap0901.sys
    2013-01-11 01:27:53 56424 -c--a-w- c:\windows\system32\PrxerNsp.dll
    2013-01-11 01:27:53 11264 -c--a-w- c:\windows\system32\SPORDER.DLL
    2013-01-11 01:27:52 70248 -c--a-w- c:\windows\system32\PrxerDrv.dll
    2013-01-11 00:54:18 -------- dc----w- c:\program files\CyberGhost VPN
    2013-01-10 23:27:32 -------- dc----w- c:\program files\IObit
    2013-01-10 19:41:34 37064 -c--a-w- c:\windows\system32\drivers\taphss6.sys
    2013-01-10 19:27:44 36040 -c--a-w- c:\windows\system32\drivers\hssdrv6.sys
    2013-01-09 23:55:37 9842040 -c--a-w- c:\program files\common files\wruninstall.exe
    2013-01-09 23:55:02 -------- dc----w- c:\users\chip\appdata\local\lptmp1697116487
    2013-01-09 03:56:30 -------- dc----w- c:\program files\Mozilla Maintenance Service
    2013-01-08 22:18:35 2048000 -c--a-w- c:\windows\system32\win32k.sys
    2013-01-08 22:17:27 204288 -c--a-w- c:\windows\system32\ncrypt.dll
    2013-01-08 22:17:22 1400832 -c--a-w- c:\windows\system32\msxml6.dll
    2013-01-08 04:00:11 -------- dc----w- c:\windows\ERUNT
    2013-01-08 03:59:48 -------- dc----w- C:\JRT
    2013-01-06 20:07:08 -------- dc----w- C:\cache614
    2013-01-05 20:47:10 -------- dc----w- c:\programdata\AVAST Software
    2013-01-05 20:47:10 -------- dc----w- c:\program files\AVAST Software
    2013-01-05 18:32:14 -------- dc----w- c:\windows\CheckSur
    2013-01-05 15:30:49 -------- dc----w- c:\users\chip\.projrs06
    2013-01-05 04:18:14 -------- dc----w- c:\program files\CCleaner
    2013-01-05 04:07:00 -------- dc----w- C:\.jagex_cache_32
    2013-01-01 20:05:19 -------- dc----w- c:\users\chip\appdata\local\Microsoft Corporation
    2012-12-31 04:35:36 -------- dc----w- C:\NVIDIA
    2012-12-31 04:11:12 -------- dc----w- c:\programdata\Spybot - Search & Destroy
    2012-12-30 22:25:51 -------- dc----w- c:\users\chip\jagexcache1
    2012-12-30 06:08:07 -------- dc----w- c:\users\chip\jagexcache
    2012-12-29 17:09:37 -------- dc----w- c:\program files\common files\Windows Live
    2012-12-26 23:40:48 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
    2012-12-25 15:29:57 -------- dc----w- C:\Ace of Spades
    2012-12-25 03:55:09 -------- dcsh--w- C:\$RECYCLE.BIN
    2012-12-23 21:21:09 205984 -c--a-w- c:\programdata\microsoft\vbexpress\10.0\1033\ResourceCache.dll
    2012-12-23 21:16:30 -------- dc----w- c:\windows\PCHEALTH
    2012-12-23 19:44:09 -------- dc----w- c:\program files\VS Revo Group
    2012-12-21 13:57:29 34304 -c--a-w- c:\windows\system32\atmlib.dll
    2012-12-21 13:57:29 293376 -c--a-w- c:\windows\system32\atmfd.dll
    2012-12-21 01:21:17 315392 -c--a-w- c:\windows\system32\SmoothPingProxy.dll
    2012-12-20 18:25:18 -------- dc----w- c:\programdata\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
    2012-12-15 17:41:54 9728 -c--a-w- c:\windows\system32\ftlx041e.dll
    2012-12-15 17:41:54 9216 -c--a-w- c:\windows\system32\ftlx0411.dll
    2012-12-15 17:41:54 296960 -c--a-w- c:\windows\winhlp32.exe
    2012-12-15 17:41:54 194560 -c--a-w- c:\windows\system32\ftsrch.dll
    .
    ==================== Find3M ====================
    .
    2013-01-08 01:41:24 859072 -c--a-w- c:\windows\system32\npDeployJava1.dll
    2013-01-08 01:41:22 779704 -c--a-w- c:\windows\system32\deployJava1.dll
    2013-01-02 22:57:04 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-02 22:57:04 697272 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-06 18:58:02 43608 -c--a-w- c:\windows\system32\drivers\kltdi.sys
    2012-12-06 18:58:02 25944 -c--a-w- c:\windows\system32\drivers\klmouflt.sys
    2012-12-06 18:58:01 25944 -c--a-w- c:\windows\system32\drivers\klkbdflt.sys
    2012-12-03 23:54:45 216357 -c--a-w- c:\programdata\1354578791.bdinstall.bin
    2012-12-03 23:50:53 518476 -c--a-w- c:\programdata\1354578322.bdinstall.bin
    2012-12-03 23:42:33 81984 -c--a-w- c:\windows\system32\bdod.bin
    2012-12-01 21:50:16 229792 -c--a-w- c:\programdata\1354398599.bdinstall.bin
    2012-12-01 21:46:47 54980 -c--a-w- c:\programdata\1354398363.bdinstall.bin
    2012-12-01 21:44:27 221123 -c--a-w- c:\programdata\1354398140.bdinstall.bin
    2012-11-30 10:45:49 203976 -c--a-w- c:\windows\system32\RICHTX32.OCX
    2012-11-30 10:45:49 1645320 -c--a-w- c:\windows\system32\gdiplus.dll
    2012-11-30 10:45:49 152848 -c--a-w- c:\windows\system32\comdlg32.ocx
    2012-11-30 10:45:49 117507 -c--a-w- c:\windows\system32\msinet.ocx
    2012-11-30 10:45:49 109248 -c--a-w- c:\windows\system32\MSWINSCK.OCX
    2012-11-14 02:53:08 2106216 -c--a-w- c:\windows\system32\D3DCompiler_43.dll
    2012-11-14 02:53:08 1998168 -c--a-w- c:\windows\system32\D3DX9_43.dll
    2012-11-14 02:53:00 470880 -c--a-w- c:\windows\system32\d3dx10_43.dll
    2012-11-14 02:53:00 248672 -c--a-w- c:\windows\system32\d3dx11_43.dll
    2012-11-13 01:29:51 2048 -c--a-w- c:\windows\system32\tzres.dll
    2012-11-02 10:18:17 376320 -c--a-w- c:\windows\system32\dpnet.dll
    2012-11-02 08:26:06 23040 -c--a-w- c:\windows\system32\dpnsvr.exe
    .
    ============= FINISH: 21:03:16.64 ===============


    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ | Socket AM2 | 2000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 128 GiB total, 89.428 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================

    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Advanced SystemCare 6
    CCleaner
    CleanMem
    Gyazo 1.0
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotspot Shield 2.83
    Internet Explorer (Enable DEP)
    Java Auto Updater
    Java DB 10.6.2.1
    Java(TM) 6 Update 38
    Java(TM) SE Development Kit 6 Update 38
    K-Lite Codec Pack 5.0.0 (Full)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 18.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NVIDIA Control Panel 306.97
    NVIDIA Drivers
    NVIDIA Graphics Driver 306.97
    NVIDIA Install Application
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-12 21:12:47
    Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000056 ST320082 rev.3.AH 186.31GB
    Running: Gmer.exe; Driver: C:\Users\CHIP\AppData\Local\Temp\kxldqpoc.sys


    ---- System - GMER 2.0 ----

    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x9570B208]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x956BEFB8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x956BF300]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x956BF746]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x956A791E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x956BEC92]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x956A7E96]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x956A7D7C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x956BF164]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x9570E072]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x956A7FB6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x9570D50A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x956BF232]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x9570D054]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x956A7962]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x9570B34A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x9570AFB2]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x9570DE6C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwNotifyChangeKey [0x956BD422]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x956A7F2C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x956A7E0C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x9570CBFC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x9570E31E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x956A804C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x9570D266]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x956A80D6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryObject [0x956BD630]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x9570DD20]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x956BF52A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x956BF3B8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePortEx [0x956BF46E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x956BF59A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x9570DA4C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x956BEE20]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x9570DBA8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x956A8178]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x9570B0BC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x9570CD9C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x9570D8F4]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x956A818A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x9570CEFC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x9570D406]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x9570E486]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x9570E1B0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x9570D74A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x9570D1AE]

    ---- Kernel code sections - GMER 2.0 ----

    .text ntkrnlpa.exe!KeSetEvent + 119 828F27DC 4 Bytes [08, B2, 70, 95]
    .text ntkrnlpa.exe!KeSetEvent + 13D 828F2800 8 Bytes [B8, EF, 6B, 95, 00, F3, 6B, ...]
    .text ntkrnlpa.exe!KeSetEvent + 181 828F2844 4 Bytes [46, F7, 6B, 95] {INC ESI; IMUL DWORD [EBX-0x6b]}
    .text ntkrnlpa.exe!KeSetEvent + 1A9 828F286C 4 Bytes [1E, 79, 6A, 95] {PUSH DS; JNS 0x6d; XCHG EBP, EAX}
    .text ntkrnlpa.exe!KeSetEvent + 1C1 828F2884 4 Bytes [92, EC, 6B, 95]
    .text ...
    PAGE [email protected]@3PADA + 1ABF 8216603F 110 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...]
    PAGE [email protected]@3PADA + 1B2F 821660AF 1 Byte [16]
    PAGE [email protected]@3PADA + 1B2F 821660AF 128 Bytes [16, 3B, C8, 75, E2, B0, 01, ...]
    PAGE [email protected]@3PADA + 1BB0 82166130 6 Bytes [0E, 83, 78, 14, 01, 75]
    PAGE [email protected]@3PADA + 1BB7 82166137 2298 Bytes [83, 78, 18, 37, 75, 02, B3, ...]
    PAGE ...
    ? C:\Users\CHIP\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe[2164] kernel32.dll!CreateThread + 1A 75F9CB28 4 Bytes CALL 5983DB6D C:\Program Files\IObit\Advanced SystemCare 6\madExcept_.bpl
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3852] ntdll.dll!LdrLoadDll 773E9378 5 Bytes JMP 6386ED80 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3852] kernel32.dll!HeapSetInformation + 26 75F7A8B0 3 Bytes JMP 638853B7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3852] kernel32.dll!HeapSetInformation + 2A 75F7A8B4 3 Bytes [ED, EB, F9] {IN EAX, DX; JMP 0xfffffffc}
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3852] kernel32.dll!LockResource + C 75F96ACB 7 Bytes JMP 63BB54E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3852] kernel32.dll!VirtualAllocEx + 54 75F9AF50 7 Bytes JMP 63BB5505 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3852] GDI32.dll!SetStretchBltMode + 256 75D0745C 7 Bytes JMP 63BB5463 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- Registry - GMER 2.0 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\[email protected] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0a063334
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\[email protected]:catalog:LastCatalogCrawlId 1
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\[email protected]:catalog:LastCatalogCrawlModified 111
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\6
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\[email protected] C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Crwl6.gthr
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\[email protected] 0x88 0x01 0x00 0x00 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\[email protected] 0
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\[email protected] 3
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\[email protected] 6
    Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\[email protected] 0

    ---- EOF - GMER 2.0 ----
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1084940

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice