1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Iminent infection

Discussion in 'Virus & Other Malware Removal' started by Ditteaux, Feb 20, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Ditteaux

    Ditteaux Thread Starter

    Joined:
    Feb 6, 2013
    Messages:
    57
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
    Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz, x86 Family 6 Model 14 Stepping 8
    Processor Count: 2
    RAM: 2038 Mb
    Graphics Card: Mobile Intel(R) 945GM Express Chipset Family, 128 Mb
    Hard Drives: C: Total - 98813 MB, Free - 57312 MB; D: Total - 14615 MB, Free - 1298 MB;
    Motherboard: Hewlett-Packard, 30A8
    Antivirus: AVG Anti-Virus Free Edition 2013, Updated: Yes, On-Demand Scanner: Enabled

    I've had this iminent infection for about six weeks. The computer is slowing down but no major problems yet. Except the post box and TSG keeps shutting down by itself. I have had to post SIX times to get everything up.------My first post says SIX replies but really I have NO REPLIES YET. There is more info after the scan logs.
     
  2. Ditteaux

    Ditteaux Thread Starter

    Joined:
    Feb 6, 2013
    Messages:
    57
    Re: Iminent infection - I had to start over because the post box AND TSG closed by itself
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:35:18 PM, on 2/19/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
    C:\Program Files\AVG\AVG2013\avgcsrvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\PROGRAM FILES\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\FreeCountdownTimer\FreeCountdownTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
    C:\Program Files\AVG\AVG2013\avgidsagent.exe
    C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\AVG\AVG2013\avgnsx.exe
    C:\Program Files\AVG\AVG2013\avgemcx.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
    C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Valued Customer\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: UnfriendApp - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [EKStatusMonitor] C:\PROGRAM FILES\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe
    O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [CAF6E3C2F867DCCF97853FB147A61702DEF3FBF5._service_run] "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_F97F917601DA14FA4DC7EC4D82679289] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [FreeCT] C:\Program Files\FreeCountdownTimer\FreeCountdownTimer.exe -autorun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe -update activex
    O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')
    O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
    O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: S10 Autologin - C:\Program Files\S10 Password Vault\AutologinIE.htm
    O8 - Extra context menu item: S10 Autotype... - C:\Program Files\S10 Password Vault\AutotypeIE.htm
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
    O15 - Trusted Zone: http://www.hulu.com
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/56.11/uploader2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1360213034431
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: Cron Service for Prey (CronService) - Fork Ltd. - C:\Prey\platform\windows\cronsvc.exe
    O23 - Service: Google Update Service (gupdate1c9b3e1d16862e4) (gupdate1c9b3e1d16862e4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
    O23 - Service: Kodak AiO Status Monitor Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: lxdd_device - Unknown owner - C:\WINDOWS\system32\lxddcoms.exe (file missing)
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe

    --
    End of file - 12156 bytes
     
  3. Ditteaux

    Ditteaux Thread Starter

    Joined:
    Feb 6, 2013
    Messages:
    57
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/29/2006 1:38:23 PM
    System Uptime: 2/19/2013 2:48:28 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 30A8
    Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | U1 | 1828/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 96 GiB total, 56.058 GiB free.
    D: is FIXED (FAT32) - 14 GiB total, 1.268 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\15FB4084683F0200
    Manufacturer: Microsoft
    Name: 1394 Net Adapter #2
    PNP Device ID: V1394\NIC1394\15FB4084683F0200
    Service: NIC1394
    .
    Class GUID: {4D36E970-E325-11CE-BFC1-08002BE10318}
    Description: Mass Storage Controller
    Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_30A5103C&REV_00\4&2EC23395&0&32F0
    Manufacturer:
    Name: Mass Storage Controller
    PNP Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_30A5103C&REV_00\4&2EC23395&0&32F0
    Service:
    .
    ==== System Restore Points ===================
    .
    RP1291: 2/1/2013 1:05:50 AM - System Checkpoint
    RP1292: 2/1/2013 2:10:31 AM - Installed NetWaiting
    RP1293: 2/1/2013 2:10:45 AM - Installed NetWaiting
    RP1294: 2/1/2013 2:11:10 AM - Installed NetWaiting
    RP1295: 2/2/2013 12:34:33 AM - Removed U3Launcher
    RP1296: 2/2/2013 5:20:02 PM - Installed Java(TM) 6 Update 39
    RP1297: 2/4/2013 12:17:11 PM - System Checkpoint
    RP1298: 2/5/2013 3:03:09 PM - System Checkpoint
    RP1299: 2/5/2013 8:18:31 PM - Restore Operation
    RP1300: 2/6/2013 11:30:34 PM - Restore Point before Corrupt Patch Registry keys
    RP1301: 2/6/2013 11:45:02 PM - December 10, 2012
    RP1302: 2/7/2013 12:03:19 AM - Software Distribution Service 3.0
    RP1303: 2/8/2013 7:04:08 AM - System Checkpoint
    RP1304: 2/10/2013 12:07:09 AM - System Checkpoint
    RP1305: 2/11/2013 12:48:41 AM - System Checkpoint
    RP1306: 2/11/2013 5:22:00 AM - Removed Apple Application Support
    RP1307: 2/11/2013 5:24:21 AM - Removed Apple Mobile Device Support
    RP1308: 2/11/2013 5:26:11 AM - Removed Bonjour
    RP1309: 2/11/2013 5:27:37 AM - Configured easy Internet sign-up
    RP1310: 2/11/2013 5:39:10 AM - Removed QuickTime
    RP1311: 2/11/2013 5:39:48 AM - Removed RAW FILE CONVERTER LE
    RP1312: 2/11/2013 5:40:22 AM - Removed Sonic Audio Module
    RP1313: 2/11/2013 5:40:43 AM - Removed Sonic Copy Module
    RP1314: 2/11/2013 5:41:29 AM - Removed Sonic Data Module
    RP1315: 2/11/2013 5:42:00 AM - Removed Sonic Express Labeler
    RP1316: 2/11/2013 5:42:38 AM - Removed Sonic Update Manager
    RP1317: 2/11/2013 5:42:52 AM - Removed SonicAC3Encoder
    RP1318: 2/11/2013 5:43:02 AM - Removed SonicMPEGEncoder
    RP1319: 2/11/2013 5:43:27 AM - Removed TourSetup
    RP1320: 2/11/2013 5:43:40 AM - Removed Windows 7 Upgrade Advisor
    RP1321: 2/11/2013 5:43:54 AM - Removed Windows 7 USB/DVD Download Tool
    RP1322: 2/11/2013 5:44:56 AM - Configured Customer Experience Enhancement
    RP1323: 2/11/2013 5:46:19 AM - Removed NetWaiting
    RP1324: 2/13/2013 2:43:52 AM - System Checkpoint
    RP1325: 2/13/2013 8:12:16 PM - Software Distribution Service 3.0
    RP1326: 2/15/2013 3:05:07 PM - System Checkpoint
    RP1327: 2/16/2013 4:33:37 PM - System Checkpoint
    RP1328: 2/18/2013 3:42:01 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.5)
    aioscnnr
    AVG 2013
    AVG PC TuneUp
    AVG PC TuneUp Language Pack (en-US)
    C4USelfUpdater
    Camera Driver
    center
    Conexant HD Audio
    Document Express DjVu Plug-in
    DriverAgent by TouchStone Software
    essentials
    FinePixViewer Ver.4.2
    Free Countdown Timer 2.7.2
    FUJIFILM USB Driver
    getPlus(R)_ocx
    Google Chrome
    Google Earth
    Google Talk Plugin
    Google Update Helper
    Google Updater
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hewlett-Packard ACLM.NET v1.1.0.0
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB932716-v2)
    HP Help and Support
    HP Product Detection
    HP Update
    HP User Guides--System Recovery
    HP User Guides 0019
    HP Wireless Assistant 2.00 E1
    HpSdpAppCoreApp
    InstallIQ Updater
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Internet Explorer (Enable DEP)
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java(TM) 6 Update 3
    Java(TM) 6 Update 39
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Junk Mail filter update
    K-Lite Codec Pack 7.0.0 (Standard)
    Kodak AIO Printer
    KODAK AiO Software
    LightScribe 1.4.105.1
    Lizardtech DjVu Control (autoinstall)
    Macromedia Flash Player 8
    Microsoft .NET Framework 1.0 Security Update (KB2698035)
    Microsoft .NET Framework 1.0 Security Update (KB2742607)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB2742597)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Automated Troubleshooting Services Shim
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Corporation
    Microsoft IntelliPoint 6.01
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft LifeCam
    Microsoft Media Manager 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft UI Engine
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MicroStaff WINASPI
    MSN
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    ocr
    Office 2003 Trial Assistant
    Picasa 3
    PreReq
    Samsung USB Driver
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2792100)
    Security Update for Windows Internet Explorer 8 (KB2797052)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2778344)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2799494)
    Security Update for Windows XP (KB2802968)
    Segoe UI
    Shipping Assistant 3.6
    Skype Click to Call
    Skype™ 6.1
    SonicAC3Encoder
    SonicMPEGEncoder
    swMSM
    The Weather Channel App
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Windows Internet Explorer 8 (KB971180)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Vongo
    WebFldrs XP
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Messenger 5.1
    Windows Presentation Foundation
    Windows XP Service Pack 3
    Wireless Home Network Setup
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/14/2013 2:39:57 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    2/14/2013 2:39:57 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The specified driver is invalid.
    2/14/2013 2:39:57 AM, error: Service Control Manager [7000] - The lxdd_device service failed to start due to the following error: The system cannot find the file specified.
    2/14/2013 2:39:57 AM, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
    2/13/2013 7:35:07 PM, error: Dhcp [1002] - The IP address lease 192.168.2.9 for the Network Card with network address 001302BE67A2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    2/13/2013 5:32:47 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    2/13/2013 4:28:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Cron Service for Prey service to connect.
    2/13/2013 4:28:00 PM, error: Service Control Manager [7000] - The Cron Service for Prey service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  4. Ditteaux

    Ditteaux Thread Starter

    Joined:
    Feb 6, 2013
    Messages:
    57
    I had to start over again because TSG keeps closing. Here is the next log:
    GMER 2.1.18952 - http://www.gmer.net
    Rootkit scan 2013-02-20 13:14:53
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.892C 111.79GB
    Running: tn3bqupj.exe; Driver: C:\DOCUME~1\VALUED~1\LOCALS~1\Temp\fgndrkog.sys


    ---- System - GMER 2.1 ----

    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xA4E1114A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xA4E1121A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA4E10D7C]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendProcess [0xA4E10F6A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendThread [0xA4E11000]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA4E10E32]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA4E10ECE]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA4E1109C]

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 48, 17, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 4B, 17, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 48, 17, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 49, 17, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED62
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 4A, 17, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 49, 17, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 4A, 17, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EDD3
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 48, 17, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EF01
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 49, 17, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 4A, 17, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 4B, 17, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[200] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C4, 86, 00] {SUB AH, AL; XCHG [EAX], AL}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, C7, 86, 00] {SUB BH, AL; XCHG [EAX], AL}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C4, 86, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C5, 86, 00] {TEST AL, 0xc5; XCHG [EAX], AL}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B915CDE
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, C6, 86, 00] {TEST AL, 0xc6; XCHG [EAX], AL}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C5, 86, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, C6, 86, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B915D4F
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C4, 86, 00] {TEST AL, 0xc4; XCHG [EAX], AL}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B915E7D
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C5, 86, 00] {SUB CH, AL; XCHG [EAX], AL}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, C6, 86, 00] {SUB DH, AL; XCHG [EAX], AL}
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, C7, 86, 00]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\WINDOWS\system32\SearchIndexer.exe[3124] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 70, 05, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 73, 05, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 70, 05, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 71, 05, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91DB8A
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 72, 05, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 71, 05, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 72, 05, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91DBFB
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 70, 05, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91DD29
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 71, 05, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 72, 05, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 73, 05, 01]
    .text C:\Program Files\Google\Chrome\Application\chrome.exe[4556] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

    ---- Devices - GMER 2.1 ----

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Services - GMER 2.1 ----

    Service C:\WINDOWS\system32 (*** hidden *** ) [AUTO] MCSTRM <-- ROOTKIT !!!

    ---- EOF - GMER 2.1 ----
     
  5. Ditteaux

    Ditteaux Thread Starter

    Joined:
    Feb 6, 2013
    Messages:
    57
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/29/2006 1:38:23 PM
    System Uptime: 2/19/2013 2:48:28 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 30A8
    Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | U1 | 1828/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 96 GiB total, 56.058 GiB free.
    D: is FIXED (FAT32) - 14 GiB total, 1.268 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\15FB4084683F0200
    Manufacturer: Microsoft
    Name: 1394 Net Adapter #2
    PNP Device ID: V1394\NIC1394\15FB4084683F0200
    Service: NIC1394
    .
    Class GUID: {4D36E970-E325-11CE-BFC1-08002BE10318}
    Description: Mass Storage Controller
    Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_30A5103C&REV_00\4&2EC23395&0&32F0
    Manufacturer:
    Name: Mass Storage Controller
    PNP Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_30A5103C&REV_00\4&2EC23395&0&32F0
    Service:
    .
    ==== System Restore Points ===================
    .
    RP1291: 2/1/2013 1:05:50 AM - System Checkpoint
    RP1292: 2/1/2013 2:10:31 AM - Installed NetWaiting
    RP1293: 2/1/2013 2:10:45 AM - Installed NetWaiting
    RP1294: 2/1/2013 2:11:10 AM - Installed NetWaiting
    RP1295: 2/2/2013 12:34:33 AM - Removed U3Launcher
    RP1296: 2/2/2013 5:20:02 PM - Installed Java(TM) 6 Update 39
    RP1297: 2/4/2013 12:17:11 PM - System Checkpoint
    RP1298: 2/5/2013 3:03:09 PM - System Checkpoint
    RP1299: 2/5/2013 8:18:31 PM - Restore Operation
    RP1300: 2/6/2013 11:30:34 PM - Restore Point before Corrupt Patch Registry keys
    RP1301: 2/6/2013 11:45:02 PM - December 10, 2012
    RP1302: 2/7/2013 12:03:19 AM - Software Distribution Service 3.0
    RP1303: 2/8/2013 7:04:08 AM - System Checkpoint
    RP1304: 2/10/2013 12:07:09 AM - System Checkpoint
    RP1305: 2/11/2013 12:48:41 AM - System Checkpoint
    RP1306: 2/11/2013 5:22:00 AM - Removed Apple Application Support
    RP1307: 2/11/2013 5:24:21 AM - Removed Apple Mobile Device Support
    RP1308: 2/11/2013 5:26:11 AM - Removed Bonjour
    RP1309: 2/11/2013 5:27:37 AM - Configured easy Internet sign-up
    RP1310: 2/11/2013 5:39:10 AM - Removed QuickTime
    RP1311: 2/11/2013 5:39:48 AM - Removed RAW FILE CONVERTER LE
    RP1312: 2/11/2013 5:40:22 AM - Removed Sonic Audio Module
    RP1313: 2/11/2013 5:40:43 AM - Removed Sonic Copy Module
    RP1314: 2/11/2013 5:41:29 AM - Removed Sonic Data Module
    RP1315: 2/11/2013 5:42:00 AM - Removed Sonic Express Labeler
    RP1316: 2/11/2013 5:42:38 AM - Removed Sonic Update Manager
    RP1317: 2/11/2013 5:42:52 AM - Removed SonicAC3Encoder
    RP1318: 2/11/2013 5:43:02 AM - Removed SonicMPEGEncoder
    RP1319: 2/11/2013 5:43:27 AM - Removed TourSetup
    RP1320: 2/11/2013 5:43:40 AM - Removed Windows 7 Upgrade Advisor
    RP1321: 2/11/2013 5:43:54 AM - Removed Windows 7 USB/DVD Download Tool
    RP1322: 2/11/2013 5:44:56 AM - Configured Customer Experience Enhancement
    RP1323: 2/11/2013 5:46:19 AM - Removed NetWaiting
    RP1324: 2/13/2013 2:43:52 AM - System Checkpoint
    RP1325: 2/13/2013 8:12:16 PM - Software Distribution Service 3.0
    RP1326: 2/15/2013 3:05:07 PM - System Checkpoint
    RP1327: 2/16/2013 4:33:37 PM - System Checkpoint
    RP1328: 2/18/2013 3:42:01 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.5)
    aioscnnr
    AVG 2013
    AVG PC TuneUp
    AVG PC TuneUp Language Pack (en-US)
    C4USelfUpdater
    Camera Driver
    center
    Conexant HD Audio
    Document Express DjVu Plug-in
    DriverAgent by TouchStone Software
    essentials
    FinePixViewer Ver.4.2
    Free Countdown Timer 2.7.2
    FUJIFILM USB Driver
    getPlus(R)_ocx
    Google Chrome
    Google Earth
    Google Talk Plugin
    Google Update Helper
    Google Updater
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hewlett-Packard ACLM.NET v1.1.0.0
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB932716-v2)
    HP Help and Support
    HP Product Detection
    HP Update
    HP User Guides--System Recovery
    HP User Guides 0019
    HP Wireless Assistant 2.00 E1
    HpSdpAppCoreApp
    InstallIQ Updater
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Internet Explorer (Enable DEP)
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java(TM) 6 Update 3
    Java(TM) 6 Update 39
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Junk Mail filter update
    K-Lite Codec Pack 7.0.0 (Standard)
    Kodak AIO Printer
    KODAK AiO Software
    LightScribe 1.4.105.1
    Lizardtech DjVu Control (autoinstall)
    Macromedia Flash Player 8
    Microsoft .NET Framework 1.0 Security Update (KB2698035)
    Microsoft .NET Framework 1.0 Security Update (KB2742607)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB2742597)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Automated Troubleshooting Services Shim
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Corporation
    Microsoft IntelliPoint 6.01
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft LifeCam
    Microsoft Media Manager 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft UI Engine
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MicroStaff WINASPI
    MSN
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    ocr
    Office 2003 Trial Assistant
    Picasa 3
    PreReq
    Samsung USB Driver
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2792100)
    Security Update for Windows Internet Explorer 8 (KB2797052)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2778344)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2799494)
    Security Update for Windows XP (KB2802968)
    Segoe UI
    Shipping Assistant 3.6
    Skype Click to Call
    Skype&#8482; 6.1
    SonicAC3Encoder
    SonicMPEGEncoder
    swMSM
    The Weather Channel App
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Windows Internet Explorer 8 (KB971180)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Vongo
    WebFldrs XP
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Messenger 5.1
    Windows Presentation Foundation
    Windows XP Service Pack 3
    Wireless Home Network Setup
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/14/2013 2:39:57 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    2/14/2013 2:39:57 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The specified driver is invalid.
    2/14/2013 2:39:57 AM, error: Service Control Manager [7000] - The lxdd_device service failed to start due to the following error: The system cannot find the file specified.
    2/14/2013 2:39:57 AM, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
    2/13/2013 7:35:07 PM, error: Dhcp [1002] - The IP address lease 192.168.2.9 for the Network Card with network address 001302BE67A2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    2/13/2013 5:32:47 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    2/13/2013 4:28:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Cron Service for Prey service to connect.
    2/13/2013 4:28:00 PM, error: Service Control Manager [7000] - The Cron Service for Prey service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  6. Ditteaux

    Ditteaux Thread Starter

    Joined:
    Feb 6, 2013
    Messages:
    57
    Hello, Ditteaux here, The problem is that I type a couple paragraphs in the post box and TSG goes offline by itself. I have started over several times then posted in short bursts - one scan log at a time. So sorry for the inconvenience. I don't know how else to do it. Computer has been slowing down some - but no major problems till right now. I guess the iminent infection explains the problem. Please let me know what I can do. Thanks in advance. D
     
  7. Ditteaux

    Ditteaux Thread Starter

    Joined:
    Feb 6, 2013
    Messages:
    57
    Hello, Ditteaux again, I have been to device mgr, I have deleted many old programs and many old files, disabled unnecessary extensions. System restore will not go back beyond Feb 1 2013, so no help there. I purchased this computer nearly 5 years ago and had no serious problems I couldn't solve till now. Please let me know if there is anything I can do to help. Thanks in advance Bob
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,285
    You posted the attach.txt log from DDD twice. Please post the dds.txt log.

    Also, please do the following:

    Please run the MGA Diagnostic Tool and post back the report it creates:
    • Download MGADiag to your desktop.
    • Double-click on MGADiag.exe to launch the program
    • Click "Continue"
    • Ensure that the "Windows" tab is selected (it should be by default).
    • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
    • Paste the MGA Diagnostic Report back here in your next reply.
     
  9. Ditteaux

    Ditteaux Thread Starter

    Joined:
    Feb 6, 2013
    Messages:
    57
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702
    Run by Valued Customer at 15:46:36 on 2013-02-19
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1128 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\PROGRAM FILES\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\FreeCountdownTimer\FreeCountdownTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
    C:\WINDOWS\system32\msdtc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
    C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Valued Customer\Desktop\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
    BHO: UnfriendApp: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - LocalServer32 - <no file>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - LocalServer32 - <no file>
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - LocalServer32 - <no file>
    TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - LocalServer32 - <no file>
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uRun: [CAF6E3C2F867DCCF97853FB147A61702DEF3FBF5._service_run] "c:\program files\google\chrome\application\chrome.exe" --type=service
    uRun: [GoogleChromeAutoLaunch_F97F917601DA14FA4DC7EC4D82679289] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    uRun: [FreeCT] c:\program files\freecountdowntimer\FreeCountdownTimer.exe -autorun
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
    uRun: [Google Update] "c:\documents and settings\valued customer\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_5_502_149_ActiveX.exe -update activex
    mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
    mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
    mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [EKStatusMonitor] c:\program files\kodak\aio\statusmonitor\EKStatusMonitor.exe
    mRun: [Conime] c:\windows\system32\conime.exe
    dRunOnce: [KodakHomeCenter] "c:\program files\kodak\aio\center\AiOHomeCenter.exe"
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: S10 Autologin - c:\program files\s10 password vault\AutologinIE.htm
    IE: S10 Autotype... - c:\program files\s10 password vault\AutotypeIE.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/56.11/uploader2.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1360213034431
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.2.1 74.128.17.114 74.128.19.102
    TCP: Interfaces\{03D87BB8-5C6E-4171-A518-8F4560DF8011} : DHCPNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
    TCP: Interfaces\{0A63B704-721E-4354-B504-245812ECA024} : DHCPNameServer = 192.168.2.1 74.128.17.114 74.128.19.102
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    Notify: LMIinit - LMIinit.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 55776]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 177376]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 94048]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 35552]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 179936]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 19936]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 159712]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 164832]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2012-1-27 54760]
    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2012-10-19 395200]
    R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\kodak\aio\statusmonitor\EKPrinterSDK.exe [2012-10-15 779200]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-12-19 47640]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
    R2 MMIndexer;Media Manager Indexer;c:\program files\common files\microsoft shared\media manager\AIRSVCU.EXE [1997-7-14 136704]
    R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-11-22 3290304]
    R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesService32.exe [2012-8-23 1532280]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesDriver32.sys [2012-7-4 10088]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-2-15 19968]
    S2 gupdate1c9b3e1d16862e4;Google Update Service (gupdate1c9b3e1d16862e4);c:\program files\google\update\GoogleUpdate.exe [2009-4-2 133104]
    S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
    S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-12-24 30576]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-8-21 13024]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2013-02-19 01:27:26 29 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
    2013-02-08 11:44:07 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-02-08 11:44:04 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-26 03:55:44 552448 ------w- c:\windows\system32\oleaut32.dll
    2013-01-15 21:56:10 477616 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-01-15 21:56:07 473520 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-15 20:14:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2013-01-07 01:19:45 2148864 ------w- c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:37:01 2027520 ------w- c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:20:00 1867264 ------w- c:\windows\system32\win32k.sys
    2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
    2012-12-30 08:37:55 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
    2012-12-26 20:16:29 916480 ----a-w- c:\windows\system32\wininet.dll
    2012-12-26 20:16:28 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-12-26 20:16:28 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-12-24 06:40:59 385024 ----a-w- c:\windows\system32\html.iec
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    .
    ============= FINISH: 15:52:05.06 ===============
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,285
    Please download AdwCleaner from here to your desktop

    Run AdwCleaner and select "Search" (do not select "Delete" at this time)

    Once the scan is finished a log will be produced. Please copy and paste the log into your next reply.
     
  11. Ditteaux

    Ditteaux Thread Starter

    Joined:
    Feb 6, 2013
    Messages:
    57
    Hi, I ran the MGA Diag.exe and copied to clipboard but clpbrd does not offer e SHARE option
     
  12. Ditteaux

    Ditteaux Thread Starter

    Joined:
    Feb 6, 2013
    Messages:
    57
    # AdwCleaner v2.112 - Logfile created 02/22/2013 at 13:07:10
    # Updated 10/02/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Valued Customer - YOUR-252739F5C3
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Valued Customer\My Documents\Downloads\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\user.js
    File Found : C:\WINDOWS\system32\conduitEngine.tmp
    Folder Found : C:\DOCUME~1\VALUED~1\LOCALS~1\Temp\BabylonToolbar
    Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
    Folder Found : C:\Documents and Settings\Valued Customer\Application Data\Babylon
    Folder Found : C:\Documents and Settings\Valued Customer\Application Data\PriceGong
    Folder Found : C:\Documents and Settings\Valued Customer\Application Data\Toolbar4
    Folder Found : C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Babylon
    Folder Found : C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Conduit
    Folder Found : C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Ilivid Player
    Folder Found : C:\Program Files\Conduit
    Folder Found : C:\Program Files\FunWebProducts

    ***** [Registry] *****

    Key Found : HKCU\Software\AppDataLow\Software\Freecause
    Key Found : HKCU\Software\AppDataLow\Software\Search Settings
    Key Found : HKCU\Software\InstallCore
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
    Key Found : HKCU\Software\PriceGong
    Key Found : HKCU\Software\SmartBar
    Key Found : HKCU\Software\Zugo
    Key Found : HKLM\Software\AVG Secure Search
    Key Found : HKLM\Software\Babylon
    Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2391419
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\Software\Freeze.com
    Key Found : HKLM\Software\FunWebProducts
    Key Found : HKLM\Software\Iminent
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{7ABD4437-12A5-4644-A954-F83B3FBE7FBF}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Google Chrome v24.0.1312.57

    File : C:\Documents and Settings\Valued Customer\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    Found [l.15] : homepage = "hxxp://search.iminent.com/?appId=2571A026-974E-43FE-B782-62D50C69CF94",
    Found [l.19] : urls_to_restore_on_startup = [ "hxxp://search.iminent.com/?appId=2571A026-974E-43FE-B782-62D50C69CF94", "hxxp://www.google.com/ig" ]
    Found [l.1925] : homepage = "hxxp://search.iminent.com/?appId=2571A026-974E-43FE-B782-62D50C69CF94",
    Found [l.2882] : urls_to_restore_on_startup = [ "hxxp://search.iminent.com/?appId=2571A026-974E-43FE-B782-62D50C69CF94", "hxxp://www.google.com/ig" ]

    *************************

    AdwCleaner[R1].txt - [10969 octets] - [22/02/2013 13:07:10]

    ########## EOF - C:\AdwCleaner[R1].txt - [11030 octets] ##########
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,285
    When the MGA Diagnostic report is copied to the clipboard you just need to open a reply here and paste it in. If you can't do that then save it to a Notepad file and then open that and copy and paste the log here.
     
  14. Ditteaux

    Ditteaux Thread Starter

    Joined:
    Feb 6, 2013
    Messages:
    57
    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-9TCCK-JPCBM-B2FQ8
    Windows Product Key Hash: B/IohRcCzV6LJrex8WpCdnxgTvg=
    Windows Product ID: 76487-OEM-2211906-00803
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 5.1.2600.2.00010100.3.0.med
    ID: {91A75204-7D2A-44A6-AAC7-DF71819F56CD}(3)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.7.69.2
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: B4D0AA8B-604-645_025D1FF3-230-1

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{91A75204-7D2A-44A6-AAC7-DF71819F56CD}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.med</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B2FQ8</PKey><PID>76487-OEM-2211906-00803</PID><PIDType>2</PIDType><SID>S-1-5-21-122302908-1542226243-4210850061</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Pavilion dv5000 (EZ406UA#ABA) </Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.23</Version><SMBIOSVersion major="2" minor="4"/><Date>20070413000000.000000+000</Date><SLPBIOS>Compaq,Hewlett,Hewlett,Compaq</SLPBIOS></BIOS><HWID>14003207018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>HP</name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: 3828:Compaq Computer Corporation|1357B:Compaq Computer Corporation|1357B:Compaq Computer Corporation|3828:Hewlett-Packard Company
    Marker string from OEMBIOS.DAT: Compaq,Hewlett,Hewlett,Compaq

    OEM Activation 2.0 Data-->
    N/A
     
  15. Ditteaux

    Ditteaux Thread Starter

    Joined:
    Feb 6, 2013
    Messages:
    57
    Hi, Great tip. I saved MGD diag log as a notepad file then - easy to copy and paste Thanx Cookiegal. Hey, I just read an Adobe Company release about a security patch coming out v.soon to plug a hole in clipboard. Just saying... Bob
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Iminent infection
  1. Scudstorm
    Replies:
    13
    Views:
    626
  2. Coach_Z
    Replies:
    16
    Views:
    1,787
  3. alaf
    Replies:
    1
    Views:
    603
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1090335

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice