1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows Installer Service and Cryptographic Service and other issues

Discussion in 'Virus & Other Malware Removal' started by Gladriella, Oct 4, 2012.

Thread Status:
Not open for further replies.
  1. Gladriella

    Gladriella Thread Starter

    Joined:
    Sep 23, 2012
    Messages:
    6
    1st posted in Windows XP forum. Macboatmaster suggested I post my issue here.
    Link to original thread:
    http://forums.techguy.org/windows-xp/1070120-windows-installer-service-cryptographic-service.html

    Brief Summary of issue:
    MSE would not start. dependancy error.
    Windows Installer giving error when I try to install program. Unable to reinstall Windows Installer, get cryptographic error.
    services.mcs has no dependacy tab, unable to right click to properties to start service
    lost task bar, was able to recover although open programs do not show.
    unable to cut ans paste (why I didn't paste original post here)


    I have run HijackThis.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:47:22 PM, on 10/3/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Dell\QuickSet\Quickset.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Kelly Bornt\My Documents\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://www.bing.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://go.microsoft.com/fwlink/?LinkId=69157
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -

    C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

    Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -

    C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

    C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

    /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft

    IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
    O4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program

    Files\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
    O4 - HKLM\..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate

    Dashboard\MemeoLauncher.exe --silent --no_ui
    O4 - HKLM\..\Run: [ssdiag] C:\WINDOWS\ssdiag.exe
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe"

    -hide -runkey
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

    -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-21-2591072826-2466525617-3533519498-1005\..\Run: [ctfmon.exe]

    C:\WINDOWS\system32\ctfmon.exe (User '?')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver -

    res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program

    Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF -

    res://C:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF -

    res://C:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF -

    res://C:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program

    Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program

    Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program

    Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program

    Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage

    Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

    Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

    http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_s

    ite.cab?1201388917281
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -

    http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) -

    http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -

    http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

    C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader -

    {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon -

    {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) -

    Adobe Systems Incorporated -

    C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program

    Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program

    Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. -

    C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

    Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

    C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems,

    Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. -

    C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common

    Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: MemeoBackgroundService - Memeo - C:\Program

    Files\Memeo\AutoBackup\MemeoBackgroundService.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla

    Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program

    Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program

    Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program

    Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation -

    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo -

    C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity

    Solution\ServiceLayer.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program

    Files\Skype\Updater\Updater.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter)

    (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support

    Center\bin\sprtsvc.exe
    O23 - Service: WLANKEEPER - IntelĀ® Corporation - C:\Program

    Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 9904 bytes

    DDS.txt file:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
    Run by Kelly Bornt at 19:12:03 on 2012-10-03
    .
    ============== Running Processes ===============
    .
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Dell\QuickSet\Quickset.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Kelly Bornt\My Documents\Downloads\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Kelly Bornt\My Documents\Downloads\dds.scr
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.bing.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    mURLSearchHooks: H - No File
    mWinlogon: Userinit=c:\windows\system32\userinit.exe
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe
    mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
    mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
    mRun: [ssdiag] c:\windows\ssdiag.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201388917281
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
    DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} - hxxp://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{E2350427-BFC0-49A2-804A-09D4E01FCA4A} : DhcpNameServer = 192.168.1.1 192.168.1.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\kelly bornt\application data\mozilla\firefox\profiles\e2kprd35.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://swagbucks.com/?cmd=home
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=
    FF - component: c:\documents and settings\kelly bornt\application data\mozilla\firefox\profiles\e2kprd35.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg9\toolbar\firefox\[email protected]\components\xpavgtbapi.dll
    FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
    FF - plugin: c:\documents and settings\kelly bornt\application data\mozilla\firefox\profiles\e2kprd35.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\plugins\np-mswmp.dll
    FF - plugin: c:\documents and settings\kelly bornt\application data\mozilla\firefox\profiles\e2kprd35.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
    FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
    R? gupdate;Google Update Service (gupdate)
    R? gupdatem;Google Update Service (gupdatem)
    R? Lbd;Lbd
    R? Leapfrog-USBLAN;Leapfrog-USBLAN
    R? McrdSvc;Media Center Extender Service
    R? MozillaMaintenance;Mozilla Maintenance Service
    R? SkypeUpdate;Skype Updater
    R? Symantec Core LC;Symantec Core LC
    S? dc3d;MS Hardware Device Detection Driver (USB)
    S? MemeoBackgroundService;MemeoBackgroundService
    S? MpFilter;Microsoft Malware Protection Driver
    S? SeagateDashboardService;Seagate Dashboard Service
    .
    =============== Created Last 30 ================
    .
    2012-09-23 20:44:15 -------- d-----w- c:\documents and settings\kelly bornt\application data\QuickScan
    2012-09-23 20:09:55 -------- d-----w- c:\windows\system32\CatRoot2
    2012-09-23 06:31:13 -------- d-----w- c:\documents and settings\kelly bornt\local settings\application data\MFAData
    2012-09-23 06:31:13 -------- d-----w- c:\documents and settings\kelly bornt\local settings\application data\Avg2013
    2012-09-22 17:30:45 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d02d2807-6013-4947-8e4c-cd5cc4ef052e}\mpengine.dll
    2012-09-21 00:34:40 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2012-09-15 21:35:42 -------- d-----r- c:\program files\Skype
    2012-09-13 22:35:41 -------- d-----w- C:\b3893af9ec5de478726a65d5
    2012-09-13 21:53:09 -------- d-----w- C:\813a6c57d8297ef49569
    2012-09-09 20:28:34 -------- d-----w- c:\documents and settings\kelly bornt\local settings\application data\LostKing
    2012-09-08 16:58:00 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
    2012-09-05 00:30:39 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    .
    ==================== Find3M ====================
    .
    2012-09-05 00:30:38 73416 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
    2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
    2006-02-25 02:34:44 774144 -c--a-w- c:\program files\RngInterstitial.dll
    .
    ============= FINISH: 19:13:43.17 ===============

    attach.txt has been attached

    ark.txt:
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-10-04 01:11:17
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541060G9AT00 rev.MB3OA61A
    Running: hfds0sth.exe; Driver: C:\DOCUME~1\KELLYB~1\LOCALS~1\Temp\pxtdqpow.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    ? System32\Drivers\hiber_WMILIB.SYS The system cannot find the path specified. !
    ? C:\DOCUME~1\KELLYB~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\firefox.exe[1012] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01180C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1012] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 013B7B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1012] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 013B7B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1012] kernel32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 01183FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[1012] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 013B7AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    Device A8A1AD20

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Classes\.application\[email protected] bootstrap.application.1
    Reg HKLM\SOFTWARE\Classes\.xaml\[email protected] bootstrap.xaml.1
    Reg HKLM\SOFTWARE\Classes\.xbap\[email protected] bootstrap.xbap.1
    Reg HKLM\SOFTWARE\Classes\.xps\[email protected] bootstrap.xps.1

    ---- EOF - GMER 1.0.15 ----


    Thank you.
    Gladriella
     

    Attached Files:

  2. Gladriella

    Gladriella Thread Starter

    Joined:
    Sep 23, 2012
    Messages:
    6
    After further reading of others with my issue, I decideded to restore my system. I look forward to learning how to rebuild a stronger and more protected system. This thread is closed.
     
  3. Macboatmaster

    Macboatmaster Trusted Advisor

    Joined:
    Jan 14, 2010
    Messages:
    20,381
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1071353

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice