1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: noproblemppc

Discussion in 'Windows XP' started by jdn, Sep 13, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. jdn

    jdn Thread Starter

    Joined:
    Dec 23, 2009
    Messages:
    187
    Recently started getting a window appearing every time I get on the internet asking to compare various services .It's from a company called noproblemppc. Anyone know how I can get rid of this?
     
  2. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,939
    Like a pop up ad?


    What browser are you using?
     
  3. jdn

    jdn Thread Starter

    Joined:
    Dec 23, 2009
    Messages:
    187
    Yes, a pop up. I am using Mozilla Firefox. I tried to attach a photo of it. Not sure if it worked.
     

    Attached Files:

  4. DoubleHelix

    DoubleHelix Banned

    Joined:
    Dec 9, 2004
    Messages:
    24,388
    Did you allow someone who called you to connect to your computer to "fix" problems they said your computer reportedly had?
     
  5. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,579
    Your pop-up is probably associated with this site.

    ----------------------------------------------------------

    Go here and click the green "Download latest version" link to download and save HiJackThis 2.0.4

    After it's been downloaded and saved, close all open windows first, then double-click the saved file to install it.

    Allow it to install in its default location - C:\Program Files.

    After it's been installed, start it and allow its main window to load.

    Uncheck "Do not show this window when I start HiJackThis".

    Click "Do a system scan and save a log file".

    When the scan is finished in 30 - 60 seconds, a log file will appear.

    Save that log file.

    Return here to your thread, then copy-and-paste the ENTIRE log file here.

    ----------------------------------------------------------
     
  6. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Joined:
    Mar 3, 2004
    Messages:
    83,939
    Please do this too:

    Please download DDS by sUBs to your desktop from one of the following locations:

    http://download.bleepingcomputer.com/sUBs/dds.scr
    http://www.forospyware.com/sUBs/dds

    Disable any script blocker you may have, as they may interfere and then double-click the DDS.scr to run the tool.

    When DDS has finished scanning, it will open two logs named as follows:

    DDS.txt
    Attach.txt


    Save them both to your desktop and then proceed on to the next step.

    Please download GMER from: http://gmer.net/index.php

    Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

    Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.

    Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

    If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are unchecked on the right-hand side:

    IAT/EAT
    Any drive letter other than the primary system drive (which is generally C).

    Click the Scan button and when the scan is finished, click Save and save the log in Notepad with the name ark.txt to your desktop.

    Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the PC during the scan as it may cause it to freeze.

    Please post the requested logs/reports, as follows:

    Copy and paste the contents of the DDS.txt file.
    Upload as an attachment the Attach.txt file.
    Copy and paste the contents of the ark.txt file.
     
  7. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,048
    Yeah, according to WOT, the site has a poor reputation. (n)
     
  8. jdn

    jdn Thread Starter

    Joined:
    Dec 23, 2009
    Messages:
    187
    I'm going to answer your comments one at a time.

    For Double Helix No one had access to work on my computer.

    For all: When I use Internet Explorer, the popup does not appear.
     
  9. jdn

    jdn Thread Starter

    Joined:
    Dec 23, 2009
    Messages:
    187
    For Flavalee

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:03:14 AM, on 7/5/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/nero/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/nero/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.foxsports.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/nero/defaults/su/*http://www.yahoo.com
    O1 - Hosts: ::1 localhost #[IPv6]
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
    O4 - HKCU\..\Run: [Cookienator] "C:\Program Files\Cookienator\cookienator.exe" /auto
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    O4 - Global Startup: E Mail.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    O4 - Global Startup: Shortcut to FMRMD32.EXE.lnk = D:\Createacard\FMRMD32.EXE
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1276602761203
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - (no file)
    O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - (no file)
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

    --
    End of file - 4878 bytes
     
  10. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,579
    Don't forget to submit the requested logs and information in post #6.

    -------------------------------------------------------

    Download and save and then install the free version of

    Malwarebytes Anti-Malware 1.65.0.1400

    SUPERAntiSpyware 5.5.0.1016

    Make sure to update their definition files during the install process.

    Make sure to uncheck and decline to install any extras, such as toolbars and homepages, they may offer.

    Make sure to uncheck or decline to use the "Pro" or "Trial" version, if it's offered.

    After they're installed and updated, restart the computer.

    DON'T run any scans with them yet.

    -------------------------------------------------------
     
  11. jdn

    jdn Thread Starter

    Joined:
    Dec 23, 2009
    Messages:
    187
    For Cheeseball81

    When I went to GMER I got a message that said "GMER has found system Modification caused by rootkit activity"

    I don't know what a CD Emulation program is so I don't know if I have one.

    DDS.txt
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
    Run by Jack at 12:42:34 on 2012-09-14
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1400 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    svchost.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\GEARSec.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Mozilla Firefox\firefox.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/sp/*http://www.yahoo.com
    uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/sb/*http://www.yahoo.com/search/ie.html
    uStart Page = hxxp://msn.foxsports.com/
    uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/nero/defaults/su/*http://www.yahoo.com
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll
    TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    uRun: [Gadwin PrintScreen] "c:\program files\gadwin systems\printscreen\PrintScreen.exe" /nosplash
    uRun: [Cookienator] "c:\program files\cookienator\cookienator.exe" /auto
    uRun: [RoxioDragToDisc] c:\program files\roxio\drag-to-disc\DrgToDsc.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\email~1.lnk - c:\program files\mozilla thunderbird\thunderbird.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - d:\createacard\FMRMD32.EXE
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1345045081250
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{B966DE5D-DB48-498C-AD0E-BEAEFF1DD448} : DhcpNameServer = 192.168.1.1
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Notify: igfxcui - igfxdev.dll
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Notification Packages = :\windows\syste
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\jack\application data\mozilla\firefox\profiles\m6co0c4z.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Search
    FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/|http://maps.google.com/|http://www.weather.com/weather/map/interactive/15642:4:US?animation=true
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3198785&SearchSource=2&q=
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
    FF - component: c:\documents and settings\jack\application data\mozilla\firefox\profiles\m6co0c4z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\documents and settings\jack\application data\mozilla\firefox\profiles\m6co0c4z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
    FF - component: c:\documents and settings\jack\application data\mozilla\firefox\profiles\m6co0c4z.default\extensions\{4e77edad-9566-4089-88d1-c81498cee770}\components\dtTransparency.dll
    FF - component: c:\documents and settings\jack\application data\mozilla\firefox\profiles\m6co0c4z.default\extensions\{4e77edad-9566-4089-88d1-c81498cee770}\components\dtTransparency3.5.dll
    FF - component: c:\documents and settings\jack\application data\mozilla\firefox\profiles\m6co0c4z.default\extensions\{4e77edad-9566-4089-88d1-c81498cee770}\components\dtTransparency3.6.dll
    FF - plugin: c:\documents and settings\jack\application data\move networks\plugins\npqmp071706000001.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10516.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\musicnotes\npmusicn.dll
    FF - plugin: c:\program files\musicnotes\NPSibelius.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.funmoods_i.hmpg - true
    FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
    FF - user.js: extensions.funmoods_i.dfltSrch - true
    FF - user.js: extensions.funmoods_i.srchPrvdr - Search
    FF - user.js: extensions.funmoods_i.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - true
    FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make
    FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=make&q=
    FF - user.js: extensions.funmoods_i.id - f8b0668800000000000000167638ac6c
    FF - user.js: extensions.funmoods_i.instlDay - 15457
    FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
    FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.168:52:55
    FF - user.js: extensions.funmoods_i.prtnrId - funmoods
    FF - user.js: extensions.funmoods_i.prdct - funmoods
    FF - user.js: extensions.funmoods_i.aflt - make
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods_i.tlbrId - base
    FF - user.js: extensions.funmoods_i.instlRef -
    FF - user.js: extensions.funmoods_i.dfltLng -
    FF - user.js: extensions.funmoods_i.excTlbr - false
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    ============= SERVICES / DRIVERS ===============
    .
    R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-1-23 40560]
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
    R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2012-6-12 16064]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-11-21 12184]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2008-12-24 80256]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
    S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2012-6-12 53952]
    S3 PSVolAcc;PSVolAcc;c:\windows\system32\drivers\PSVolAcc.sys [2012-6-12 12992]
    S3 wimmount;wimmount;c:\windows\system32\drivers\wimmount.sys [2009-7-13 19024]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
    S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-13 250568]
    S4 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
    S4 Freemake Improver;Freemake Improver;c:\documents and settings\all users\application data\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2012-4-27 96768]
    S4 gupdate1ca833a9bea4bcb;Google Update Service (gupdate1ca833a9bea4bcb);c:\program files\google\update\GoogleUpdate.exe [2009-12-22 133104]
    S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-22 133104]
    S4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-7 114144]
    S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2011-3-15 428384]
    S4 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2012-6-12 224960]
    S4 SgtSch2Svc;Seagate Scheduler2 Service;"c:\program files\common files\seagate\schedule2\schedul2.exe" --> c:\program files\common files\seagate\schedule2\schedul2.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-09-14 16:15:10 388096 ----a-r- c:\documents and settings\jack\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2012-09-14 11:37:28 7022536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{efb3e4d7-1f90-44ba-b864-5015ddb622da}\mpengine.dll
    2012-09-14 10:06:27 7022536 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2012-09-04 23:48:18 -------- d-----w- c:\documents and settings\jack\local settings\application data\Thunderbird
    2012-09-02 10:16:29 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-08-31 11:22:52 -------- d--h--w- c:\documents and settings\jack\YSI
    2012-08-31 11:22:47 -------- d-----w- c:\documents and settings\jack\application data\YouSendIt
    2012-08-31 11:19:55 -------- d-----w- c:\program files\YouSendIt Desktop App
    .
    ==================== Find3M ====================
    .
    2012-09-02 10:22:53 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-09-02 10:22:52 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-09-02 10:15:42 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-09-02 10:15:40 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-09-02 10:15:40 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
    2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
    2012-06-27 02:14:52 4472832 ----a-w- c:\windows\system32\GPhotos.scr
    2012-06-25 20:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
    2006-05-03 16:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
    2007-02-21 17:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
    2008-03-16 19:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
    2010-01-07 04:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
    .
    ============= FINISH: 12:44:19.40 ===============


    ark. txt
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-09-14 13:01:13
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-f WDC_WD800JD-75MSA1 rev.10.01E01
    Running: gmer.exe; Driver: C:\DOCUME~1\Jack\LOCALS~1\Temp\pxtdypog.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    ? C:\DOCUME~1\Jack\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\firefox.exe[716] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 011C0C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[716] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 013F7B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[716] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 013F7B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[716] kernel32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 011C3FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[716] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 013F7AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    Device 9E41CD20

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  12. jdn

    jdn Thread Starter

    Joined:
    Dec 23, 2009
    Messages:
    187
    For flavallee

    I have both programs with the latest definition updates. If you want me to run them, should I do a quick or full scan?
     
  13. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,579
    I suggest you go to Control Panel - Add Or Remove Programs, then uninstall/remove

    CCleaner

    Defraggler

    EasyCleaner

    MyDefrag

    TweakUI


    Registry cleaner/fixer/tweak/tuneup type programs are a good way to damage Windows and break programs and generate error/warning messages and wreak havoc with a computer.

    -----------------------------------------------------
     
  14. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,579
    A complete/full scan will take much longer to run than a quick scan, and it usually isn't needed.

    DON'T run a quick scan with them until you've heard from Cheeseball81 to see what she wants you to do.

    Once you're given the "all clear" to run a quick scan, make sure not to use the computer while each scan is in progress.

    Once each quick scan is finished, make sure to select and remove EVERYTHING it found.

    --------------------------------------------------------
     
  15. jdn

    jdn Thread Starter

    Joined:
    Dec 23, 2009
    Messages:
    187
    I don't use the CCleaner program or any other program to clean the registry. I have only been using Deflagger for analysis purposes. Should I still remove them?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads
  1. Nimatatar
    Replies:
    2
    Views:
    290
  2. CraigMB
    Replies:
    3
    Views:
    350
  3. spicefamily
    Replies:
    6
    Views:
    397
  4. KuddlyKat
    Replies:
    19
    Views:
    981
  5. **__**
    Replies:
    1
    Views:
    336
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1068785