plz evaluate hijack this log - postvirus

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Lypka109

Thread Starter
Joined
Apr 10, 2005
Messages
40
hi, recently i had a virus (moneypak) and i thought i got rid of all traces of it, but my computer is acting slow ever since i got rid of it. can someone please evaluate my hijackthis log and tell me what i need to get rid of? it looks like there's a lot of junk in there... thanks

Logfile of HijackThis v1.99.1
Scan saved at 9:51:21 PM, on 1/4/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
S:\Steam\Steam.exe
C:\Program Files\Ventrilo\32 bit\Ventrilo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
S:\TeamSpeak 3 Client\ts3client_win32.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\WinZip Registry Optimizer\Winzipro.exe
S:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>??????????????????????;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>?????n††??;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<lo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: AVG Rewards - {EE8BD456-055B-40ce-8A17-9B7D4600264D} - C:\Program Files\AVG Rewards\AVGRewards.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (file missing)
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: AVG Rewards - {6938E15C-5598-4df8-8BF0-D9FA23D4A3CB} - C:\Program Files\AVG Rewards\AVGRewards.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: RPM Poker - {00710644-edb6-40fb-b3e2-51b615e97d5a} - C:\Users\all\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RPM Poker\RPM Poker.lnk (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {93C449FA-ECFB-402F-A8C7-37E4F8D60E49} (Session2 Class) - http://dl.pmang.com/common/pmangctl/pmangax.cab
O16 - DPF: {D915AE88-270D-479D-8AC1-B3CDD62DBCBF} (CsWebGameController Class) - http://www.cosmicbreak.com/start/cswebgamelauncher.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - s:\Program Files\Hi-Rez Studios\HiPatchService.exe
O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
who helped you get rid of the virus
there are loads of junk & malware left showing in that log

Before we can think of doing anything we need to see all the logs requested in the sticky at the top of the page, to know exactly what we are dealing with

follow advice here and post the logs those programs make
 

Lypka109

Thread Starter
Joined
Apr 10, 2005
Messages
40
ok i downloaded all that and here it is:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe AIR
Adobe Flash Media Live Encoder 3.2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.4
Akamai NetSession Interface
Akamai NetSession Interface Service
AmericasCardroom
Apple Software Update
AVG 2013
AVG Rewards
Bandisoft MPEG-1 Decoder
Battlefield 3&#8482;
Battlelog Web Plugins
Bloodline Champions Beta
Brother MFL-Pro Suite MFC-465CN
Browser Guard 4.0
Cake Poker 2.0
CCleaner
Click to Call with Skype
CPUID CPU-Z 1.55
Deus Ex
DH Driver Cleaner Professional Edition
Diablo II
Diablo III
Dishonored
DragonNest
ESET Online Scanner v3
ESN Sonar
EVGA Precision 2.1.2
Far Cry 3
Fraps (remove only)
Ghost Recon Online (NCSA-Live)
Google Chrome
Google Update Helper
Hardware Helper
Hi-Rez Studios Authenticate and Update Service
HiJackThis
HijackThis 1.99.1
Hitman Absolution
Holdem Manager
Holdem Manager 2
IHA_MessageCenter
Internet Explorer Toolbar 4.6 by SweetPacks
Java Auto Updater
Java(TM) 6 Update 20
League of Legends
Lock Poker
Magic Workstation 0.94f
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office File Validation Add-In
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
MicroVolts
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MTG Card Images for Magic Workstation
MTG GamePack for Magic Workstation
Natural Selection 2
Nexon Game Manager
Nightmare House Final
NVIDIA 3D Vision Controller Driver 306.97
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Display Control Panel
NVIDIA Graphics Driver 306.97
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
OpenOffice.org 3.2
Origin
Pando Media Booster
PC Tools Spyware Doctor 9.1
PeerBlock 1.0.0 (r181)
Pidgin
PokerStars
PokerStars.net
PokerTracker 3 (remove only)
PostgreSQL 8.4
Pristontale 3133
PunkBuster Services
Quake Live Internet Explorer Plugin
Quake Live Mozilla Plugin
QuickTime
Recover My Files
RPM Poker
Sansa Updater
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Silent Storm
Skype&#8482; 6.0
Sleeping Dogs
Smite Closed Beta
Steam
STOPzilla
TeamSpeak 3 Client
TeamViewer 8
Tomb Raider: Underworld 1.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Uplay
Vegas Pro 9.0
VH Toolkit 1.0.44.0
VirtualDJ Home FREE
VLC media player 2.0.0
Vz In Home Agent
Winamp
Winamp Detector Plug-in
Winamp Toolbar
WinASO Registry Optimizer 4.8.0
Windows Live ID Sign-in Assistant
WinRAR archiver
Workspace Macro Pro 6.0
Yontoo 1.10.03
.
==== End Of File ===========================





DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457
Run by all at 19:03:30 on 2013-01-10
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\STOPzilla!\SZServer.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
S:\AVG\AVG2013\avgidsagent.exe
S:\AVG\AVG2013\avgwdsvc.exe
s:\Program Files\Hi-Rez Studios\HiPatchService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
S:\AVG\AVG2013\avgui.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
S:\Steam\Steam.exe
S:\AVG\AVG2013\avgnsx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchProtocolHost.exe
S:\TeamSpeak 3 Client\ts3client_win32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
S:\AVG\AVG2013\avgmfapx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - c:\program files\winamp toolbar\winamptb.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: AVG Rewards: {EE8BD456-055B-40ce-8A17-9B7D4600264D} - c:\program files\avg rewards\AVGRewards.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - c:\program files\winamp toolbar\winamptb.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - c:\program files\winamp toolbar\winamptb.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - LocalServer32 - <no file>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [CPN Notifier] c:\program files\lock poker\PokerNotifier.exe
mRun: [AVG_UI] "s:\avg\avg2013\avgui.exe" /TRAYONLY
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {6938E15C-5598-4df8-8BF0-D9FA23D4A3CB} - {6938E15C-5598-4df8-8BF0-D9FA23D4A3CB} - c:\program files\avg rewards\AVGRewards.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {93C449FA-ECFB-402F-A8C7-37E4F8D60E49} - hxxp://dl.pmang.com/common/pmangctl/pmangax.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D915AE88-270D-479D-8AC1-B3CDD62DBCBF} - hxxp://www.cosmicbreak.com/start/cswebgamelauncher.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AC85AE65-A470-45EF-BA73-9ABBA12F7094} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - LocalServer32 - <no file>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\all\appdata\roaming\mozilla\firefox\profiles\c5aijy8y.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - plugin: c:\program files\battlelog web plugins\1.118.0\npesnlaunch.dll
FF - plugin: c:\program files\battlelog web plugins\1.138.0\npesnlaunch.dll
FF - plugin: c:\program files\battlelog web plugins\sonar\0.70.4\npesnsonar.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\all\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\npPMangFX.dll
FF - plugin: c:\windows\system32\nppmuspec.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - ExtSQL: 2012-12-31 13:12; {83aace32-eca0-4c3a-b4d6-9ad594496b48}; c:\users\all\appdata\roaming\mozilla\firefox\profiles\c5aijy8y.default\extensions\{83aace32-eca0-4c3a-b4d6-9ad594496b48}
FF - ExtSQL: 2013-01-02 18:51; [email protected]; c:\users\all\appdata\roaming\mozilla\firefox\profiles\c5aijy8y.default\extensions\[email protected]
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 3ceb3dea-8d0e-4ea9-8fc4-a0f187ab80d9
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
.
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2013-01-09 02:59:04 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 02:59:01 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 02:58:50 1389568 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 02:58:39 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 02:58:39 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-08 03:12:43 -------- d-----w- c:\program files\MSXML 4.0
2013-01-06 23:23:09 77816 ----a-r- c:\windows\system32\drivers\sbapifs.sys
2013-01-06 23:22:45 -------- d-----w- c:\program files\STOPzilla!
2013-01-06 22:57:44 -------- d-----w- c:\users\all\appdata\roaming\AVG2013
2013-01-06 22:57:02 -------- d-----w- c:\users\all\appdata\roaming\TuneUp Software
2013-01-06 22:56:34 -------- d-----w- c:\programdata\AVG2013
2013-01-06 22:30:26 -------- d-----w- c:\program files\TeamViewer
2013-01-06 22:29:26 -------- d-----w- c:\users\all\appdata\roaming\TeamViewer
2013-01-05 02:48:29 -------- d-----w- c:\users\all\appdata\roaming\Nico Mak Computing
2013-01-05 02:48:23 17224 ----a-w- c:\windows\system32\roboot.exe
2013-01-05 02:39:25 388096 ----a-r- c:\users\all\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-01-05 02:39:24 -------- d-----w- c:\program files\Trend Micro
2013-01-03 06:15:01 -------- d-----w- c:\program files\SweetIM
2013-01-03 06:14:33 -------- d-----w- c:\program files\Yontoo
2013-01-03 06:14:30 -------- d-----w- c:\programdata\Tarma Installer
2013-01-03 06:14:24 -------- d-----w- c:\users\all\appdata\roaming\ExpressFiles
2013-01-03 00:03:13 -------- d-----w- c:\users\all\appdata\roaming\SUPERAntiSpyware.com
2013-01-02 23:56:34 -------- d-----w- c:\users\all\appdata\roaming\LavasoftStatistics
2013-01-02 23:53:59 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-01-02 23:52:35 -------- d-----w- c:\program files\Ad-Aware Antivirus
2013-01-02 23:52:20 -------- d-----w- c:\users\all\appdata\local\Downloaded Installations
2013-01-02 23:52:14 42864 ------w- c:\windows\system32\sbbd.exe
2013-01-02 23:52:14 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-01-02 23:51:57 -------- d-----w- c:\programdata\blekko toolbars
2013-01-02 23:51:56 -------- d-----w- c:\users\all\appdata\local\adawarebp
2013-01-02 23:51:56 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-01-02 23:51:53 -------- d-----w- c:\program files\Toolbar Cleaner
2013-01-02 23:51:53 -------- d-----w- c:\program files\adawaretb
2013-01-02 23:50:16 -------- d-----w- c:\users\all\appdata\roaming\Ad-Aware Antivirus
2013-01-02 23:48:37 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2013-01-02 23:30:21 -------- d-----w- c:\windows\B4F3A360E1E2479DADE79BE3B07F4539.TMP
2013-01-02 23:30:18 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-01-02 23:16:19 -------- d-----w- C:\NVIDIA
2012-12-31 18:26:47 769144 ----a-w- c:\windows\BDTSupport.dll
2012-12-31 18:26:47 62688 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-12-31 18:26:46 150648 ----a-w- c:\windows\SGDetectionTool.dll
2012-12-31 18:26:44 2280568 ----a-w- c:\windows\PCTBDCore.dll
2012-12-31 18:26:44 1690744 ----a-w- c:\windows\PCTBDRes.dll
2012-12-31 18:25:50 260760 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-12-31 18:25:50 178584 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-12-31 18:25:44 19464 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-12-31 18:25:41 71752 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-12-31 18:25:41 68272 ----a-w- c:\windows\system32\drivers\pctplsm.sys
2012-12-31 18:22:24 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-12-31 18:22:24 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-12-31 18:22:22 368616 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-12-31 18:22:22 163288 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-12-31 18:22:19 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-12-31 18:22:19 -------- d-----w- c:\program files\common files\PC Tools
2012-12-31 18:21:47 -------- d-----w- c:\users\all\appdata\roaming\TestApp
2012-12-31 18:13:09 -------- d-----w- c:\users\all\appdata\local\MFAData
2012-12-31 18:13:09 -------- d-----w- c:\users\all\appdata\local\Avg2013
2012-12-31 18:12:50 -------- d-----w- c:\users\all\appdata\roaming\AVG Rewards for Chrome
2012-12-31 18:12:50 -------- d-----w- c:\program files\AVG Rewards
2012-12-31 18:10:46 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-31 18:10:46 -------- d-----w- c:\programdata\Malwarebytes
2012-12-31 18:10:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-31 18:10:36 -------- d-----w- c:\users\all\appdata\local\Programs
2012-12-21 04:02:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 04:02:16 295424 ----a-w- c:\windows\system32\atmfd.dll
.
==================== Find3M ====================
.
2013-01-09 02:42:16 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 02:42:16 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-13 02:53:05 138032 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-12-13 02:52:59 281688 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-12-13 02:52:59 281688 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-12-11 21:52:45 281688 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-12-05 18:06:28 23416 ----a-r- c:\windows\system32\SZIO5.dll
2012-12-05 18:06:16 681848 ----a-r- c:\windows\system32\SZComp5.dll
2012-12-05 18:06:12 509816 ----a-r- c:\windows\system32\SZBase5.dll
2012-12-02 23:33:15 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-12-01 03:43:52 438632 ----a-w- c:\windows\system32\nvStreaming.exe
2012-11-26 15:55:48 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2012-11-26 15:55:48 61328 ----a-r- c:\windows\system32\drivers\is3srv.sys
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-10-22 18:02:46 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-10-15 08:48:52 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2006-10-28 05:14:54 463152 ----a-w- c:\program files\setup.exe
.
============= FINISH: 19:13:16.05 ===============





GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-10 20:33:06
Windows 6.1.7601 Service Pack 1 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600AAJB-56R1A0 rev.01.03E01 149.05GB
Running: omx484m6.exe; Driver: C:\Users\all\AppData\Local\Temp\kwtdrpog.sys


---- System - GMER 2.0 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8BE9FB60]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8BE9FE28]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8BEA0124]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x91ACD14A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x91ACD21A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x91ACCD7C]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendProcess [0x91ACCF6A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendThread [0x91ACD000]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x8BE9F75E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x91ACCECE]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x91ACD09C]

---- Kernel code sections - GMER 2.0 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C47A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C814D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11E3 82C88618 8 Bytes [60, FB, E9, 8B, 28, FE, E9, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 121B 82C88650 4 Bytes [24, 01, EA, 8B]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1357 82C8878C 8 Bytes [4A, D1, AC, 91, 1A, D2, AC, ...] {DEC EDX; SHR DWORD [ECX+EDX*4-0x6e532de6], 0x1}
.text ntkrnlpa.exe!KeRemoveQueueEx + 139F 82C887D4 4 Bytes [7C, CD, AC, 91] {JL 0xffffffcf; LODSB ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 165F 82C88A94 8 Bytes [6A, CF, AC, 91, 00, D0, AC, ...] {PUSH -0x31; LODSB ; XCHG ECX, EAX; ADD AL, DL; LODSB ; XCHG ECX, EAX}
.text ...
? System32\Drivers\spdr.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 93DD3D81 5 Bytes JMP 86B471D8
.text a5e5a2nx.SYS 91B99000 12 Bytes [44, 28, 02, 83, EE, 26, 02, ...] {INC ESP; SUB [EDX], AL; SUB ESI, 0x26; ADD AL, [EBX-0x7cfdf860]}
.text a5e5a2nx.SYS 91B9900D 9 Bytes [07, 02, 83, 48, 2B, 02, 83, ...] {POP ES; ADD AL, [EBX-0x7cfdd4b8]; ADD [EAX], AL}
.text a5e5a2nx.SYS 91B99017 20 Bytes [00, DE, C7, B8, 8B, E6, C5, ...]
.text a5e5a2nx.SYS 91B9902C 136 Bytes [00, 00, 00, 00, C0, 28, C4, ...]
.text a5e5a2nx.SYS 91B990B5 12 Bytes [54, C8, 82, F0, 39, C8, 82, ...]
.text ...
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x9FB3B300, 0x3B638, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9FB82300, 0x1BEE, 0xE8000020]
? C:\Users\all\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 2.0 ----

.text s:\Program Files\Origin\Origin.exe[4932] USER32.dll!SetFocus 7618ABAD 5 Bytes JMP 50D293E0 s:\Program Files\Origin\OriginClient.dll (Origin/Electronic Arts)
.text s:\Program Files\Origin\Origin.exe[4932] USER32.dll!SetForegroundWindow 7618B225 5 Bytes JMP 50D292C0 s:\Program Files\Origin\OriginClient.dll (Origin/Electronic Arts)
.text s:\Program Files\Origin\Origin.exe[4932] USER32.dll!ShowWindow 7618F2A9 5 Bytes JMP 50D29390 s:\Program Files\Origin\OriginClient.dll (Origin/Electronic Arts)
.text s:\Program Files\Origin\Origin.exe[4932] USER32.dll!SetWindowPos 76191BC4 5 Bytes JMP 50D29400 s:\Program Files\Origin\OriginClient.dll (Origin/Electronic Arts)
.text s:\Program Files\Origin\Origin.exe[4932] USER32.dll!SetActiveWindow 7619333A 5 Bytes JMP 50D29450 s:\Program Files\Origin\OriginClient.dll (Origin/Electronic Arts)
.text s:\Program Files\Origin\Origin.exe[4932] USER32.dll!BringWindowToTop 761B040B 5 Bytes JMP 50D292F0 s:\Program Files\Origin\OriginClient.dll (Origin/Electronic Arts)
.text s:\Program Files\Origin\Origin.exe[4932] USER32.dll!SwitchToThisWindow 761B6A17 5 Bytes JMP 50D29320 s:\Program Files\Origin\OriginClient.dll (Origin/Electronic Arts)
.text s:\Program Files\Origin\Origin.exe[4932] USER32.dll!ShowWindowAsync 761E4F03 5 Bytes JMP 50D29340 s:\Program Files\Origin\OriginClient.dll (Origin/Electronic Arts)
.text s:\Program Files\Origin\Origin.exe[4932] ole32.dll!DoDragDrop 75BCA827 5 Bytes JMP 50D292A0 s:\Program Files\Origin\OriginClient.dll (Origin/Electronic Arts)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5900] ntdll.dll!LdrGetProcedureAddress + 26 775C2239 7 Bytes JMP 5F914470 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5900] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 765B941E 7 Bytes JMP 5FB60459 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5900] kernel32.dll!QueryPerformanceCounter + 13 765BC435 7 Bytes JMP 5FB6047C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5900] kernel32.dll!LoadAppInitDlls + 355 765BF4F6 7 Bytes JMP 5F91F972 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5900] GDI32.dll!GetViewportOrgEx + 26C 7625884B 3 Bytes JMP 5FB603DA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5900] GDI32.dll!GetViewportOrgEx + 270 7625884F 3 Bytes JMP 017B823F

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\rdyboost\[email protected] ?Thu?, ?Jan ?10 ?13, 07:01:56 PM???????????????????????????????C
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x5D 0x32 0xED 0x43 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x25 0x40 0x6C 0x0B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x58 0x23 0x77 0xAE ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x5D 0x32 0xED 0x43 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x25 0x40 0x6C 0x0B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x58 0x23 0x77 0xAE ...

---- EOF - GMER 2.0 ----


thanks in advance
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
first

Please download AdwCleaner to your desktop.
  • Double click the adwcleaner.exe to run the tool.
  • Click Search.
  • When the scan finished, a notepad window will be opened.
  • Please post the contents here in your topic.
  • The logfile will also be saved in C:\AdwCleaner[R1].txt.
 

Lypka109

Thread Starter
Joined
Apr 10, 2005
Messages
40
# AdwCleaner v2.105 - Logfile created 01/11/2013 at 17:16:50
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : all - ALL-PC
# Boot Mode : Normal
# Running from : C:\Users\all\Downloads\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files\adawaretb
Folder Found : C:\Program Files\SweetIM
Folder Found : C:\Program Files\Winamp Toolbar
Folder Found : C:\Program Files\Yontoo
Folder Found : C:\ProgramData\blekko toolbars
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\Winamp Toolbar
Folder Found : C:\Users\all\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Found : C:\Users\all\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Found : C:\Users\all\AppData\Local\OpenCandy
Folder Found : C:\Users\all\AppData\Local\Winamp Toolbar
Folder Found : C:\Users\all\AppData\Locallow\adawaretb
Folder Found : C:\Users\all\AppData\Locallow\AVG Security Toolbar
Folder Found : C:\Users\all\AppData\Locallow\SweetIM
Folder Found : C:\Users\all\AppData\Roaming\Mozilla\Firefox\Profiles\c5aijy8y.default\adawaretb
Folder Found : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\SweetIM
Key Found : HKCU\Software\Winamp Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Key Found : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Found : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Found : HKLM\Software\SweetIM
Key Found : HKLM\Software\Tarma Installer
Key Found : HKLM\Software\Winamp Toolbar
Key Found : HKU\S-1-5-21-2906375110-3581957490-1177268750-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0 (en-US)

File : C:\Users\all\AppData\Roaming\Mozilla\Firefox\Profiles\c5aijy8y.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\all\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Chromium v directory_upgrade: true
}

File : C:\Users\all\AppData\Local\Chromium\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9512 octets] - [11/01/2013 17:16:50]

########## EOF - C:\AdwCleaner[R1].txt - [9572 octets] ##########
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
The logfile will also be saved in C:\AdwCleaner[S1].txt
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top