1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Need help with windows XP and IE, Norton 360, ETC....

Discussion in 'Virus & Other Malware Removal' started by KingBlood, Dec 14, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. KingBlood

    KingBlood Thread Starter

    Joined:
    Dec 14, 2012
    Messages:
    5
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:20:59 PM, on 12/14/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Norton 360\Engine\20.2.0.19\ccSvcHst.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Owner.KING-MACHINE\My Documents\Downloads\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
    O2 - BHO: (no name) - {2E1FE051-0501-492C-AC3D-7C72D62172B8} - (no file)
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.2.0.19\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.2.0.19\IPS\IPSBHO.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.2.0.19\coIEPlg.dll
    O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [NSSInstallation] C:\Documents and Settings\Owner.KING-MACHINE\My Documents\Downloads\NSSstub.exe /runonce
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User 'Default user')
    O4 - Startup: GameStop Now.lnk = C:\Program Files\Impulse\Now\GameStopNow.exe
    O9 - Extra button: (no name) - AutorunsDisabled - (no file)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} (SonyOnlineInstallerX) - http://www-cdn.freerealms.com/gamedata/plugins/1.0.3.93/FreeRealmsInstaller.cab?v=1044
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1330731603812
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O18 - Filter hijack: text/html - {2afec806-edc5-4de5-8e7f-b122d70c5a3e} - (no file)
    O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HTTP SSL (HTTPFilter32) - Unknown owner - C:\WINDOWS\system32\blackbox32.exe (file missing)
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\20.2.0.19\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

    --
    End of file - 7433 bytes
     
  2. KingBlood

    KingBlood Thread Starter

    Joined:
    Dec 14, 2012
    Messages:
    5
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
    Run by Owner at 22:27:39 on 2012-12-14
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1919.1122 [GMT -5:00]
    .
    .
    ============== Running Processes ================
    .
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Norton 360\Engine\20.2.0.19\ccSvcHst.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Owner.KING-MACHINE\My Documents\Downloads\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    .
    ============== Pseudo HJT Report ===============
    .
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    uSearch Page = hxxp://www.google.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: {2E1FE051-0501-492C-AC3D-7C72D62172B8} - <orphaned>
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.2.0.19\CoIEPlg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.2.0.19\ips\IPSBHO.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.2.0.19\CoIEPlg.dll
    EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - c:\program files\internet explorer\iedvtool.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRunOnce: [NSSInstallation] c:\documents and settings\owner.king-machine\my documents\downloads\NSSstub.exe /runonce
    dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
    dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www-cdn.freerealms.com/gamedata/plugins/1.0.3.93/FreeRealmsInstaller.cab?v=1044
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1330731603812
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{6E73FA65-CF0A-40CA-B3B1-204E2E9ECD04} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{CE3DACA0-F710-4780-99E0-6A4E7B459DB0} : DHCPNameServer = 192.168.0.1
    Filter: text/html - {2afec806-edc5-4de5-8e7f-b122d70c5a3e} - LocalServer32 - <no file>
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Notification Packages = scecli scecli
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1402000.013\SymDS.sys [2012-12-14 368288]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1402000.013\SymEFA.sys [2012-12-14 927904]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\bashdefs\20121130.005\BHDrvx86.sys [2012-11-29 995488]
    R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1402000.013\ccSetx86.sys [2012-12-14 134304]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1402000.013\Ironx86.sys [2012-12-14 175264]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 N360;Norton 360;c:\program files\norton 360\engine\20.2.0.19\ccSvcHst.exe [2012-12-14 143928]
    R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-3-5 218688]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\ipsdefs\20121214.001\IDSXpx86.sys [2012-12-14 373728]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\virusdefs\20121214.008\NAVENG.SYS [2012-12-14 92704]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\virusdefs\20121214.008\NAVEX15.SYS [2012-12-14 1601184]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
    S2 HTTPFilter32;HTTP SSL ;c:\windows\system32\blackbox32.exe --> c:\windows\system32\blackbox32.exe [?]
    S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
    S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\3.0.207\mcchsvc.exe" --> c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [?]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-6-17 14336]
    S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2011-3-15 10112]
    .
    =============== File Associations ===============
    .
    ShellExec: DigitalTheatre.exe: open="c:\program files\arcsoft\totalmedia extreme\digital theatre\uDigital Theatre.exe" "%1"
    ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1"
    .
    =============== Created Last 30 ================
    .
    2012-12-15 02:07:49 -------- d-----w- c:\program files\NortonInstaller
    2012-12-15 00:45:59 -------- d-----w- c:\documents and settings\owner.king-machine\application data\Malwarebytes
    2012-12-15 00:45:38 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-12-09 16:49:32 -------- d-----w- c:\documents and settings\owner.king-machine\application data\TuneUp Software
    2012-12-09 16:47:14 -------- d-----w- c:\program files\AVG
    2012-12-09 16:42:49 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
    2012-12-09 16:42:49 -------- d-----w- c:\documents and settings\owner.king-machine\local settings\application data\MFAData
    2012-12-09 16:42:49 -------- d-----w- c:\documents and settings\owner.king-machine\local settings\application data\Avg2013
    2012-12-09 16:42:49 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    2012-12-09 09:22:19 -------- d-----w- c:\documents and settings\owner.king-machine\application data\DriverCure
    2012-12-09 09:22:18 -------- d-----w- c:\documents and settings\owner.king-machine\application data\SpeedyPC Software
    2012-12-09 09:21:53 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software
    2012-12-09 05:15:40 -------- d-----w- c:\documents and settings\owner.king-machine\local settings\application data\FixItCenter
    2012-12-09 05:09:57 -------- d-----w- c:\windows\MATS
    2012-12-09 05:09:55 -------- d-----w- c:\program files\Microsoft Fix it Center
    2012-12-09 04:21:06 -------- d-----w- c:\program files\Microsoft
    2012-12-09 04:18:12 -------- dc-h--w- c:\windows\ie8
    2012-12-09 04:17:55 -------- d--h--w- c:\windows\msdownld.tmp
    2012-12-05 07:01:00 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
    2012-12-05 07:01:00 19424 ----a-w- c:\program files\mozilla firefox\xpcom.dll
    2012-12-05 07:01:00 15112160 ----a-w- c:\program files\mozilla firefox\xul.dll
    .
    ==================== Find3M ====================
    .
    2012-12-15 02:08:59 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2012-12-14 01:25:21 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-14 01:25:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-09 01:00:02 586400 ----a-r- c:\windows\system32\drivers\n360\1402000.013\srtsp.sys
    2012-10-04 01:40:35 927904 ----a-r- c:\windows\system32\drivers\n360\1402000.013\SymEFA.sys
    2012-10-04 01:40:20 368288 ----a-r- c:\windows\system32\drivers\n360\1402000.013\SymDS.sys
    2012-10-04 01:19:14 134304 ----a-r- c:\windows\system32\drivers\n360\1402000.013\ccSetx86.sys
    .
    ============= FINISH: 22:29:03.09 ===============
     
  3. KingBlood

    KingBlood Thread Starter

    Joined:
    Dec 14, 2012
    Messages:
    5
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/27/2006 6:25:01 PM
    System Uptime: 12/14/2012 9:06:07 PM (1 hours ago)
    .
    Motherboard: To be filled by O.E.M. | | MS-7207
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | CPU 1 | 2210/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 228 GiB total, 19.498 GiB free.
    D: is FIXED (FAT32) - 5 GiB total, 3.399 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP245: 11/24/2012 11:15:56 AM - System Checkpoint
    RP246: 11/26/2012 12:26:53 AM - System Checkpoint
    RP247: 11/27/2012 8:17:55 PM - System Checkpoint
    RP248: 11/28/2012 8:49:36 PM - System Checkpoint
    RP249: 11/29/2012 11:25:38 PM - System Checkpoint
    RP250: 11/30/2012 11:38:27 PM - System Checkpoint
    RP251: 12/2/2012 12:27:15 AM - System Checkpoint
    RP252: 12/3/2012 12:51:00 AM - System Checkpoint
    RP253: 12/4/2012 1:13:41 AM - System Checkpoint
    RP254: 12/5/2012 1:32:54 AM - System Checkpoint
    RP255: 12/6/2012 2:19:24 AM - System Checkpoint
    RP256: 12/7/2012 3:10:41 AM - System Checkpoint
    RP257: 12/8/2012 3:35:31 AM - System Checkpoint
    RP258: 12/8/2012 6:40:24 PM - Installed Windows Internet Explorer 8.
    RP259: 12/8/2012 10:54:20 PM - Restore Operation
    RP260: 12/8/2012 11:19:33 PM - Installed Windows Internet Explorer 8.
    RP261: 12/8/2012 11:59:33 PM - Installed Windows XP KB942288-v3.
    RP262: 12/9/2012 11:47:13 AM - Installed AVG 2013
    RP263: 12/9/2012 11:48:03 AM - Installed AVG 2013
    RP264: 12/10/2012 9:42:40 PM - System Checkpoint
    RP265: 12/12/2012 12:08:57 AM - System Checkpoint
    RP266: 12/13/2012 12:36:28 AM - System Checkpoint
    RP267: 12/14/2012 1:28:54 AM - System Checkpoint
    RP268: 12/14/2012 8:08:49 PM - Removed AVG 2013
    RP269: 12/14/2012 8:10:29 PM - Removed AVG 2013
    .
    ==== Installed Programs ======================
    .
    AC3Filter 1.63b
    Adobe AIR
    Adobe Download Manager
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Shockwave Player 11.5
    AOL Coach Version 2.0(Build:20041026.5 en)
    AOL You've Got Pictures Screensaver
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft PhotoImpression 5
    ArcSoft Software Suite
    ArcSoft TotalMedia Extreme
    Avi2Dvd 0.6.1
    Bejeweled 2 Deluxe
    BitTorrent
    Blackhawk Striker 2
    Blasterball 2 Revolution
    Bonjour
    Chessmaster Challenge
    CoreAAC Audio Decoder (remove only)
    Coupon Printer for Windows
    Critical Update for Windows Media Player 11 (KB959772)
    DAEMON Tools Lite
    Digital Media Reader
    Diner Dash
    DNA
    DVD Solution
    DVDFab 8.0.7.3 (29/01/2011)
    eMule
    ffdshow [rev 3299] [2010-03-03]
    Gateway Game Console
    Gateway Games
    GearDrvs
    Google Update Helper
    Guitar Pro 5.2
    Haali Media Splitter
    HandBrake 0.9.5
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    ImgBurn
    ImpulseĀ®
    InCD
    iTunes
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 2
    Java Auto Updater
    Java(TM) 6 Update 18
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Automated Troubleshooting Services Shim
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Digital Image Starter Edition 2006
    Microsoft Digital Image Starter Edition 2006 Editor
    Microsoft Digital Image Starter Edition 2006 Library
    Microsoft Fix it Center
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money 2006
    Microsoft National Language Support Downlevel APIs
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Multimedia Keyboard Driver
    Napster Burn Engine
    Nero 6 Ultra Edition
    Nero Media Player
    NeroVision Express 2
    Norton 360
    NVIDIA Drivers
    Penguins!
    Polar Bowler
    Polar Golfer
    Power2Go 4.0
    PowerDVD
    QuickTime
    Realtek High Definition Audio Driver
    Recovery Software Suite eMachines
    SCRABBLE
    Seagate Manager Installer
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB913433)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Soft Data Fax Modem with SmartCP
    Sonic Encoders
    Starcraft
    StoneLoops of Jurassica
    Tradewinds
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB953356)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Installer for WildTangent Games App
    Update Rollup 2 for Windows XP Media Center Edition 2005
    VC80CRTRedist - 8.0.50727.6195
    Viewpoint Media Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Warcraft III: All Products
    WebFldrs XP
    WildTangent Games App (Gateway Games)
    WildTangent Web Driver
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows PowerShell(TM) 1.0
    Windows XP Media Center Edition 2005 KB2502898
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/9/2012 9:46:31 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    12/9/2012 9:44:44 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    12/9/2012 10:59:11 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
    12/7/2012 7:55:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
    12/14/2012 8:16:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccSet_N360 eeCtrl Fips IPSec Lbd MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SRTSP SRTSPX SymIRON SYMTDI Tcpip
    12/13/2012 8:48:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVGIDSDriver AVGIDSShim Avgldx86 Avgtdix BHDrvx86 ccSet_N360 eeCtrl Fips IPSec Lbd MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SRTSP SRTSPX SymIRON SYMTDI Tcpip
    12/13/2012 8:48:20 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    12/13/2012 8:48:20 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/13/2012 8:48:20 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/13/2012 8:48:20 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    12/13/2012 8:48:20 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/13/2012 8:48:20 PM, error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/13/2012 8:48:20 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/13/2012 8:47:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    12/13/2012 8:47:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/13/2012 8:41:11 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    12/13/2012 8:41:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd SRTSP
    12/13/2012 8:40:21 PM, error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
    12/13/2012 8:40:21 PM, error: SRTSP [4] - Error loading virus definitions.
    12/12/2012 10:25:04 PM, error: Service Control Manager [7031] - The Google Software Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================
     
  4. KingBlood

    KingBlood Thread Starter

    Joined:
    Dec 14, 2012
    Messages:
    5
    While my last scan completes, I'll let you know the symptoms I'm experiencing. IE explorer icon is missing from my start menu. When I did try to open IE or when a program attempts to access it, IE will flash for a fraction of a second and close. Windows update will not run. Norton 360 scan will not complete and typically freezes around the 3,000 file being scanned and will not progress, forcing me to force it closed with task manager. Firefox appears to be unaffected by my current problems.
     
  5. KingBlood

    KingBlood Thread Starter

    Joined:
    Dec 14, 2012
    Messages:
    5
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-12-15 02:30:04
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500BB-00RDA0 rev.20.00K20
    Running: l6xtyeqj.exe; Driver: C:\DOCUME~1\OWNER~1.KIN\LOCALS~1\Temp\kgrcrpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT 89A5A5E8 ZwAlertResumeThread
    SSDT 89193640 ZwAlertThread
    SSDT 89A1B988 ZwAllocateVirtualMemory
    SSDT 89224E10 ZwAssignProcessToJobObject
    SSDT 89C27EC0 ZwConnectPort
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB0632ED0]
    SSDT 892E7FC0 ZwCreateMutant
    SSDT 892E7CA8 ZwCreateSymbolicLinkObject
    SSDT 89225C00 ZwCreateThread
    SSDT 891F8E10 ZwDebugActiveProcess
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB0633150]
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB0633810]
    SSDT 89C26968 ZwDuplicateObject
    SSDT 892EA608 ZwFreeVirtualMemory
    SSDT 892D90E8 ZwImpersonateAnonymousToken
    SSDT 89CDF7F0 ZwImpersonateThread
    SSDT 89ACEE50 ZwLoadDriver
    SSDT 892219D8 ZwMapViewOfSection
    SSDT 89223A00 ZwOpenEvent
    SSDT 8922A660 ZwOpenProcess
    SSDT 8A95A9C8 ZwOpenProcessToken
    SSDT 8922C298 ZwOpenSection
    SSDT 89A78520 ZwOpenThread
    SSDT 892E7D38 ZwProtectVirtualMemory
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwRenameKey [0xB0633D80]
    SSDT 891D8148 ZwResumeThread
    SSDT 89A7B220 ZwSetContextThread
    SSDT 892D7A08 ZwSetInformationProcess
    SSDT 8A99DA90 ZwSetSystemInformation
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB0633AA0]
    SSDT 891D9E10 ZwSuspendProcess
    SSDT 891FE8B0 ZwSuspendThread
    SSDT 89CB7828 ZwTerminateProcess
    SSDT 8A955C78 ZwTerminateThread
    SSDT 89AE6B00 ZwUnmapViewOfSection
    SSDT 8920F290 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2C14 805044B0 8 Bytes CALL C0D9EA5A
    .text ntkrnlpa.exe!ZwCallbackReturn + 2D48 805045E4 4 Bytes CALL FAD97379
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7F93360, 0x1FE48D, 0xE8000020]
    ? C:\DOCUME~1\OWNER~1.KIN\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\firefox.exe[820] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003D0048
    .text C:\Program Files\Mozilla Firefox\firefox.exe[820] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 002B004C
    .text C:\Program Files\Mozilla Firefox\firefox.exe[820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01784470 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[820] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 019D047C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[820] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 019D0459 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[820] kernel32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 0178F972 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[820] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 003D012A
    .text C:\Program Files\Mozilla Firefox\firefox.exe[820] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 019D03DA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[820] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 003D02F0
    .text C:\Program Files\Mozilla Firefox\firefox.exe[820] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 003D020C
    .text C:\Program Files\Mozilla Firefox\firefox.exe[820] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 003D0764
    .text C:\Program Files\Mozilla Firefox\firefox.exe[820] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 003D0680
    .text C:\Program Files\Mozilla Firefox\firefox.exe[820] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003D04B8
    .text C:\Program Files\Mozilla Firefox\firefox.exe[820] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 7 Bytes JMP 003D03D4
    .text C:\Program Files\Mozilla Firefox\firefox.exe[820] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003D059C
    .text C:\Program Files\Mozilla Firefox\firefox.exe[820] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 003D0848
    .text C:\Program Files\Seagate\SeagateManager\Backup\MaxBackServiceInt.exe[1500] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003A0048
    .text C:\Program Files\Seagate\SeagateManager\Backup\MaxBackServiceInt.exe[1500] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0038004C
    .text C:\Program Files\Seagate\SeagateManager\Backup\MaxBackServiceInt.exe[1500] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 003A020E
    .text C:\Program Files\Seagate\SeagateManager\Backup\MaxBackServiceInt.exe[1500] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 003A012A
    .text C:\Program Files\Seagate\SeagateManager\Backup\MaxBackServiceInt.exe[1500] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 003A0682
    .text C:\Program Files\Seagate\SeagateManager\Backup\MaxBackServiceInt.exe[1500] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 003A059E
    .text C:\Program Files\Seagate\SeagateManager\Backup\MaxBackServiceInt.exe[1500] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003A03D6
    .text C:\Program Files\Seagate\SeagateManager\Backup\MaxBackServiceInt.exe[1500] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003A02F2
    .text C:\Program Files\Seagate\SeagateManager\Backup\MaxBackServiceInt.exe[1500] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [56, 88, EB, F9] {PUSH ESI; MOV BL, CH; STC }
    .text C:\Program Files\Seagate\SeagateManager\Backup\MaxBackServiceInt.exe[1500] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003A04BA
    .text C:\Program Files\Seagate\SeagateManager\Backup\MaxBackServiceInt.exe[1500] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 003A0766
    .text C:\Program Files\Seagate\SeagateManager\Backup\MaxBackServiceInt.exe[1500] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 003A084A
    .text C:\Documents and Settings\Owner.KING-MACHINE\My Documents\Downloads\l6xtyeqj.exe[1720] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
    .text C:\Documents and Settings\Owner.KING-MACHINE\My Documents\Downloads\l6xtyeqj.exe[1720] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
    .text C:\Documents and Settings\Owner.KING-MACHINE\My Documents\Downloads\l6xtyeqj.exe[1720] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
    .text C:\Documents and Settings\Owner.KING-MACHINE\My Documents\Downloads\l6xtyeqj.exe[1720] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
    .text C:\Documents and Settings\Owner.KING-MACHINE\My Documents\Downloads\l6xtyeqj.exe[1720] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
    .text C:\Documents and Settings\Owner.KING-MACHINE\My Documents\Downloads\l6xtyeqj.exe[1720] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
    .text C:\Documents and Settings\Owner.KING-MACHINE\My Documents\Downloads\l6xtyeqj.exe[1720] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
    .text C:\Documents and Settings\Owner.KING-MACHINE\My Documents\Downloads\l6xtyeqj.exe[1720] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
    .text C:\Documents and Settings\Owner.KING-MACHINE\My Documents\Downloads\l6xtyeqj.exe[1720] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
    .text C:\Documents and Settings\Owner.KING-MACHINE\My Documents\Downloads\l6xtyeqj.exe[1720] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
    .text C:\Documents and Settings\Owner.KING-MACHINE\My Documents\Downloads\l6xtyeqj.exe[1720] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
    .text C:\Documents and Settings\Owner.KING-MACHINE\My Documents\Downloads\l6xtyeqj.exe[1720] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3068] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00390048
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3068] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 0037004C
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3068] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 0039020E
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3068] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 0039012A
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3068] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 00390682
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3068] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 0039059E
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3068] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003903D6
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3068] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003902F2
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3068] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [55, 88, EB, F9] {PUSH EBP; MOV BL, CH; STC }
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3068] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003904BA
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3068] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 00390766
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[3068] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 0039084A
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3272] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 01B80048
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3272] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 01A6004C
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3272] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 01B8020E
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3272] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 01B8012A
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3272] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 01B80682
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3272] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 01B8059E
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3272] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 01B803D6
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3272] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 01B802F2
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3272] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [D4, 89, EB, F9] {AAM 0x89; JMP 0xfffffffffffffffd}
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3272] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 01B804BA
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3272] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 01B80766
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3272] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 0085A8A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3272] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 01B8084A
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3272] USER32.dll!GetMenuContextHelpId + 1A 7E465319 7 Bytes JMP 0085AED5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device InCDfs.SYS (InCD File System Driver/Ahead Software AG)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\[email protected] 2
    Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\[email protected] 256
    Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\[email protected] 7
    Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\[email protected] 256
    Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\[email protected] 4
    Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\[email protected] 256
    Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\[email protected] 4
    Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\[email protected] 256
    Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\[email protected] 4
    Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\[email protected] 256
    Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\[email protected] 7
    Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\[email protected] 256
    Reg HKLM\SYSTEM\controlset002\Services\MRxDAV\[email protected]

    ---- EOF - GMER 1.0.15 ----
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1080980

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice