1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan.Agent, Stolen.Data, Malware.Trace

Discussion in 'Virus & Other Malware Removal' started by Travelbaron, Sep 2, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Travelbaron

    Travelbaron Thread Starter

    Joined:
    Sep 2, 2012
    Messages:
    2
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
    Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz, x86 Family 6 Model 14 Stepping 8
    Processor Count: 2
    RAM: 501 Mb
    Graphics Card: Mobile Intel(R) 945GM Express Chipset Family, 128 Mb
    Hard Drives: C: Total - 57223 MB, Free - 21471 MB;
    Motherboard: FUJITSU, FJNB1B5
    Antivirus: Symantec Endpoint Protection, Updated: No, On-Demand Scanner: Enabled

    I run Malwarebytes and continually get the following:
    Trojan.Agent File C:\Documents and Settings\1000ApplicationData\torrent.exe
    Stolen.Data File C:\Documents and Settings\1000ApplicationData\key
    Malware.Trace Registry Key HKCU\Software\VB and VBA Program Settings\SrvID

    I clear them and they are back right away.
    Here is the hijackthis.log information:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:01:09 PM, on 9/2/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\CmgShieldSvc.exe
    C:\WINDOWS\system32\EMSService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\o2flash.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    c:\Program Files\Zune\ZuneBusEnum.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    C:\WINDOWS\System32\CMGShieldUI.exe
    C:\WINDOWS\Dll32Agent.Exe
    C:\WINDOWS\system32\EmsServiceHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\AClient\Bin\XCDiffCache.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\IdleProc.exe
    C:\Documents and Settings\1000\Application Data\Verizon\UA_ar\UtilityApplication.exe
    c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\reg.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\VideoLAN\VLC\vlc.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\1000\My Documents\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo1.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo1.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\Datamngr\BROWSE~1.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo1.dll
    O4 - HKLM\..\Run: [WSPPurge] C:\Program Files\Aflac\Common\WSPPurge.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Aflac_Do_Not_Remove] C:\Aflac2000\WSPInfo.exe
    O4 - HKLM\..\Run: [!SysInit] c:\windows\system32\mschksys.exe
    O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [CmgShieldUI] C:\WINDOWS\System32\CMGShieldUI.exe
    O4 - HKLM\..\Run: [EmsService] EmsServiceHelper.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [VerifyAfariaDownload] C:\Program Files\Aflac\SNG\VerifyAfariadownload.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
    O4 - HKLM\..\Run: [Afaria Client Event Monitor] C:\Program Files\AClient\Bin\XCMonitor.exe
    O4 - HKLM\..\Run: [Afaria Client File Differencing] C:\Program Files\AClient\Bin\XCDiffCache.exe
    O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [cvcss] C:\Documents and Settings\1000\Application Data\cvcss.exe
    O4 - Startup: Launch Utility Application.lnk = C:\Documents and Settings\1000\Application Data\Verizon\UA_ar\UtilityApplication.exe
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1345063325546
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1345063305203
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: CMGShield - Credant Technologies, Inc. - C:\WINDOWS\system32\CmgShieldSvc.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    O23 - Service: EMS - CREDANT Technologies, Inc. - C:\WINDOWS\system32\EMSService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\WINDOWS\system32\o2flash.exe
    O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

    --
    End of file - 13245 bytes

    Here is the dds.txt information:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
    Run by 9V8X at 17:04:05 on 2012-09-02
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\CmgShieldSvc.exe
    C:\WINDOWS\system32\EMSService.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\o2flash.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    c:\Program Files\Zune\ZuneBusEnum.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    C:\WINDOWS\System32\CMGShieldUI.exe
    C:\WINDOWS\Dll32Agent.Exe
    C:\WINDOWS\system32\EmsServiceHelper.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\AClient\Bin\XCDiffCache.exe
    C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\IdleProc.exe
    C:\Documents and Settings\1000\Application Data\Verizon\UA_ar\UtilityApplication.exe
    c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe
    C:\WINDOWS\system32\reg.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\VideoLAN\VLC\vlc.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\1000\My Documents\Downloads\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\1000\My Documents\Downloads\dds.com
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bing.com/
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    uInternet Connection Wizard,ShellNext = iexplore
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo1.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo1.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
    BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\search~1\datamngr\BROWSE~1.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
    BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers\YontooIEClient.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo1.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [cvcss] c:\documents and settings\1000\application data\cvcss.exe
    mRun: [WSPPurge] c:\program files\aflac\common\WSPPurge.exe
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [Aflac_Do_Not_Remove] c:\aflac2000\WSPInfo.exe
    mRun: [!SysInit] c:\windows\system32\mschksys.exe
    mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\ssmmgr.exe /autorun
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [CmgShieldUI] c:\windows\system32\CMGShieldUI.exe
    mRun: [EmsService] EmsServiceHelper.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [VerifyAfariaDownload] c:\program files\aflac\sng\VerifyAfariadownload.exe
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
    mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
    mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
    mRun: [Afaria Client Event Monitor] c:\program files\aclient\bin\XCMonitor.exe
    mRun: [Afaria Client File Differencing] c:\program files\aclient\bin\XCDiffCache.exe
    mRun: [DATAMNGR] c:\progra~1\search~1\datamngr\DATAMN~1.EXE
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1345063325546
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1345063305203
    DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{D72EBCF1-5283-4765-BBCF-4B3E85E7D4E8} : DhcpNameServer = 192.168.1.1
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\search~1\datamngr\datamngr.dll c:\progra~1\search~1\datamngr\IEBHO.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Authentication Packages = msv1_0 nwprovau
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\1000\application data\mozilla\firefox\profiles\uknh0onq.default\
    FF - prefs.js: browser.search.selectedEngine - Search Results
    FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/413
    FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=126&systemid=413&sr=0&q=
    FF - component: c:\documents and settings\1000\application data\mozilla\firefox\profiles\uknh0onq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
    FF - component: c:\program files\searchqu toolbar\datamngr\firefoxextension\components\DataMngrHlpFF3.dll
    FF - plugin: c:\documents and settings\1000\application data\move networks\plugins\npqmp071500000347.dll
    FF - plugin: c:\documents and settings\1000\application data\mozilla\firefox\profiles\uknh0onq.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
    FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\npjpi170_05.dll
    FF - plugin: c:\program files\java\jre7\bin\npoji610.dll
    FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Move Media Player: [email protected] - c:\documents and settings\1000\application data\Move Networks
    FF - Ext: Freeze.com NetAssistant: {1266764D-FC4F-4FA7-B63B-884D53B1680F} - c:\documents and settings\1000\application data\NetAssistant
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Yontoo Layers: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: uTorrentControl2 Community Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - %profile%\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
    R? CmgShieldNP;CmgShieldNP
    R? COH_Mon;COH_Mon
    R? gupdate;Google Update Service (gupdate)
    R? gupdatem;Google Update Service (gupdatem)
    R? PTDMBus;PANTECH USB Modem Composite Device Driver
    R? PTDMMdm;PANTECH USB Modem Drivers
    R? PTDMVsp;PANTECH USB Modem Serial Port
    R? PTDMWFLT;PTDMWWAN Filter Driver
    R? PTDMWWAN;PANTECH USB Modem WWAN Driver
    R? TOPAZUSB;TopazUsb.Sys Topaz Tablet USB Driver
    R? vsdatant;vsdatant
    R? WMZuneComm;Zune Windows Mobile Connectivity Service
    S? ccEvtMgr;Symantec Event Manager
    S? ccSetMgr;Symantec Settings Manager
    S? CMGShield;CMGShield
    S? CmgShieldCEF;CmgShieldCEF
    S? CMGShieldReg;CMGShieldReg
    S? EMS;EMS
    S? EraserUtilRebootDrv;EraserUtilRebootDrv
    S? MBAMProtector;MBAMProtector
    S? MBAMService;MBAMService
    S? MBAMSwissArmy;MBAMSwissArmy
    S? NAVENG;NAVENG
    S? NAVEX15;NAVEX15
    S? O2MDRDR;O2MDRDR
    S? O2SDRDR;O2SDRDR
    S? SafDskNT;SafDskNT
    S? Symantec AntiVirus;Symantec Endpoint Protection
    .
    =============== Created Last 30 ================
    .
    2012-09-02 22:50:57 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-08-23 00:21:04 -------- d-----w- c:\documents and settings\1000\AppData
    2012-08-22 17:27:13 -------- d-----w- c:\documents and settings\1000\application data\Malwarebytes
    2012-08-22 17:26:26 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-08-22 17:26:24 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-22 17:26:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-22 00:28:10 -------- d-----w- c:\documents and settings\all users\application data\boost_interprocess
    2012-08-22 00:27:56 -------- d-----w- c:\program files\Searchqu Toolbar
    2012-08-22 00:27:34 360448 ----a-w- c:\windows\system32\TubeFinder.exe
    2012-08-22 00:27:30 119568 ----a-w- c:\windows\system32\VB6FR.DLL
    2012-08-22 00:27:29 84512 ----a-w- c:\windows\system32\PICCLP32.OCX
    2012-08-22 00:27:29 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx
    2012-08-22 00:27:28 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
    2012-08-22 00:27:27 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
    2012-08-22 00:27:26 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
    2012-08-22 00:27:26 24576 ----a-w- c:\windows\system32\ControlSubX.ocx
    2012-08-22 00:27:23 -------- d-----w- c:\program files\Free FLV Converter
    2012-08-22 00:27:23 -------- d-----w- c:\documents and settings\1000\application data\FreeFLVConverter
    2012-08-16 07:45:50 221184 ----a-w- c:\windows\system32\wmpns.dll
    2012-08-16 07:00:37 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
    2012-08-16 02:19:49 315904 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp70w.dll
    2012-08-16 02:19:46 123904 ----a-w- c:\windows\system32\hpf3l70w.dll
    2012-08-16 02:12:19 452408 ----a-w- c:\windows\system32\hpzids01.dll
    2012-08-16 02:11:44 589824 ----a-w- c:\windows\system32\hpost_d02d.dll
    2012-08-16 02:11:43 372736 ----a-w- c:\windows\system32\hppldcoi.dll
    2012-08-16 02:11:43 315392 ----a-w- c:\windows\system32\hposc_d02a.dll
    2012-08-16 02:11:42 713728 ----a-w- c:\windows\system32\hposwia_d02d.dll
    2012-08-15 23:30:14 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
    2012-08-15 23:29:39 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
    2012-08-15 23:26:54 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
    2012-08-15 23:26:54 3072 ------w- c:\windows\system32\iacenc.dll
    2012-08-15 23:17:18 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
    2012-08-15 23:05:28 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2012-08-15 22:20:58 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2012-08-15 22:20:46 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2012-08-15 22:19:45 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2012-08-15 22:19:30 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2012-08-15 22:18:21 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2012-08-15 22:16:05 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2012-08-15 20:43:22 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-08-11 00:23:52 -------- d-----w- c:\program files\AClient
    2012-08-11 00:22:47 -------- d-----w- c:\program files\common files\AfariaCommon
    2012-08-10 21:39:46 -------- d-----w- c:\documents and settings\1000\local settings\application data\LogMeIn Rescue Applet
    2012-08-08 23:42:31 -------- d-----w- c:\program files\VideoLAN
    2012-08-08 23:39:41 -------- d-----w- c:\documents and settings\1000\local settings\application data\TNT2
    2012-08-08 16:13:13 60304 ----a-w- c:\documents and settings\1000\g2mdlhlpx.exe
    2012-08-05 06:43:23 -------- d-----w- c:\documents and settings\1000\application data\tiger-k
    2012-08-05 06:43:22 -------- d-----w- c:\documents and settings\all users\application data\Leawo
    2012-08-05 06:43:22 -------- d-----w- c:\documents and settings\1000\application data\Leawo
    2012-08-05 06:41:13 175616 ----a-w- c:\windows\system32\unrar.dll
    2012-08-05 06:41:08 -------- d-----w- c:\program files\K-Lite Codec Pack
    2012-08-05 06:39:41 606208 ----a-w- c:\windows\system32\xvidcore.dll
    2012-08-05 06:39:41 139264 ----a-w- c:\windows\system32\xvid.ax
    2012-08-05 06:39:23 -------- d-----w- c:\program files\Leawo
    2012-08-05 06:35:05 -------- d-----w- c:\documents and settings\1000\application data\Xilisoft
    2012-08-05 06:26:49 -------- d-----w- c:\documents and settings\1000\application data\GetRightToGo
    .
    ==================== Find3M ====================
    .
    2012-08-15 00:28:54 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-15 00:28:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-19 16:27:47 467968 ----a-w- c:\documents and settings\1000\application data\cvcss.zgy
    2012-07-19 16:27:47 467968 ----a-w- c:\documents and settings\1000\application data\cvcss.exe
    2012-07-19 05:36:13 558133 ----a-w- c:\windows\system32\sqlite3.dll
    2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
    2012-07-06 05:07:08 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-07-06 05:06:30 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-07-06 05:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
    2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-07-02 17:49:32 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec
    2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-05 00:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
    2006-11-28 21:33:52 143360 --sha-r- c:\windows\IdleProc.exe
    2006-11-28 21:33:52 200704 --sha-r- c:\windows\MsCae32.dll
    2006-11-28 21:33:52 172032 --sha-r- c:\windows\system32\MsChkSys.dll
    2006-11-28 21:33:52 339968 --sha-r- c:\windows\system32\MsChkSys.exe
    2006-11-28 21:33:52 22528 --sha-r- c:\windows\system32\Optic32.dll
    2006-11-28 21:33:52 176128 --sha-r- c:\windows\system32\SafPwd32.dll
    2006-11-28 21:33:52 77824 --sha-r- c:\windows\system32\SdwChang.exe
    2006-11-28 21:33:52 90112 --sha-r- c:\windows\system32\SdwCreat.exe
    2006-11-28 21:33:52 77824 --sha-r- c:\windows\system32\SdwExpan.exe
    2006-11-28 21:33:52 282624 --sha-r- c:\windows\system32\SdwLib.dll
    2006-11-28 21:33:52 110592 --sha-r- c:\windows\system32\SdwMap32.exe
    2006-11-28 21:33:52 77824 --sha-w- c:\windows\system32\drivers\SafDskNT.sys
    .
    ============= FINISH: 17:05:50.90 ===============

    I've attached the Attach.txt file

    I received the following error message so I attached the ark.txt file. I hope that is acceptable.



    Thank you in advance for your help. It's really appreciated.
     

    Attached Files:

  2. Travelbaron

    Travelbaron Thread Starter

    Joined:
    Sep 2, 2012
    Messages:
    2
    Is there any other information I need to supply?
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1067521