Gwalch Y Mor
2013-08-24, 15:11
I am hoping someone can help me .For the last three weeks my PC has been slow starting up . I have windows XP Home as an OS and up to now I have had very little problems with it . I downloaded Spybot SD and the program found these :-
WIN32.Downloader.gen
Montera.Toolbar
WIN32.Downloader.bltu
Ask.MyGlobalSearch
Delta.Toolbar
Babylon
Yontoo.Pagerage
The PC is now clean of these but is still slow starting . I have looked in System Configuration Facility and do not have any suspect programs in star up , however when I have tried Diagnostic Start up the Pc boots up straight away .
I looked at Spybot's "System Start Up" and found a entry at "Winlogon" called crypt32chain under "Value" , it,s "Command Line" is Crypt32.dll .
Is this a legitimate process ?
I would be very grateful if someone can help , as it sometimes takes up to 4-5 minuets for my pc to start.
I would like to mention that I was unable to download "aswMBR" through Google Chrome ( had to download via IE),however I did not have any problems downloading DDS through Chrome.
Edit
Removed second "attach.txt log"
DDS 2
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Garry at 10:06:26 on 2013-08-25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1395 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} -
uRun: [HijackThis startup scan] c:\program files\trendmicro\hijackthis\HijackThis.exe /startupscan
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1357393069968
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{D6340577-E52A-44FD-854C-8FF8A543E0C9} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{F8E9D2E3-53A1-4DA8-BA02-5CEAD26B4DCA} : DHCPNameServer = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
.
============= SERVICES / DRIVERS ===============
.
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2005-2-11 16640]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-16 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-15 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-15 22856]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys --> c:\windows\system32\drivers\ctgame.sys [?]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 gearsec;gearsec; [x]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S4 Update WK;Update WK;c:\program files\webconnect\updateWebConnect.exe [2013-8-17 199976]
.
=============== Created Last 30 ================
.
2013-08-25 07:07:54 7166848 ----a-w- c:\docume~1\alluse~1\application data\microsoft\microsoft antimalware\definition updates\{219a5390-8fc4-4db3-8037-8e84ff1be0cd}\mpengine.dll
2013-08-23 11:27:08 -------- d-----w- C:\ComboFix
2013-08-22 16:13:05 -------- d-----w- c:\docume~1\garry\applic~1\Process Hacker 2
2013-08-22 15:57:59 -------- d-----w- c:\program files\Process Hacker 2
2013-08-22 15:48:32 7166848 ----a-w- c:\docume~1\alluse~1\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-08-22 15:19:16 -------- d-----w- c:\program files\Free Window Registry Repair
2013-08-21 17:36:05 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2013-08-21 17:36:01 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2013-08-21 17:36:01 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2013-08-21 17:34:59 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2013-08-21 17:33:56 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2013-08-21 17:32:58 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2013-08-21 17:31:59 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2013-08-21 17:30:59 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2013-08-21 17:29:53 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2013-08-21 17:28:57 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2013-08-21 17:27:57 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2013-08-21 17:26:58 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2013-08-21 17:25:59 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2013-08-21 17:24:58 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2013-08-21 17:23:57 27296 -c--a-w- c:\windows\system32\dllcache\perc2.sys
2013-08-21 17:22:57 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2013-08-21 17:21:59 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2013-08-21 17:20:52 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2013-08-21 17:20:47 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2013-08-21 17:20:40 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2013-08-21 17:20:38 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2013-08-21 17:20:37 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2013-08-21 17:20:28 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2013-08-21 17:20:25 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2013-08-21 17:20:23 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2013-08-21 17:20:16 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2013-08-21 17:20:14 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2013-08-21 17:20:09 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2013-08-21 17:20:03 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2013-08-21 17:20:01 34304 -c--a-w- c:\windows\system32\dllcache\migisol.exe
2013-08-21 17:18:59 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2013-08-21 17:17:57 471102 -c--a-w- c:\windows\system32\dllcache\imskdic.dll
2013-08-21 17:16:59 18560 -c--a-w- c:\windows\system32\dllcache\i2omp.sys
2013-08-21 17:15:59 165888 -c--a-w- c:\windows\system32\dllcache\hpgt53.dll
2013-08-21 17:14:58 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2013-08-21 17:13:59 595647 -c--a-w- c:\windows\system32\dllcache\es56cvmp.sys
2013-08-21 17:12:58 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2013-08-21 17:11:59 7424 -c--a-w- c:\windows\system32\dllcache\ddsmc.sys
2013-08-21 17:10:59 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll
2013-08-21 17:08:15 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2013-08-21 17:07:58 102400 -c--a-w- c:\windows\system32\dllcache\binlsvc.dll
2013-08-21 17:06:43 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2013-08-21 14:19:15 -------- d-----w- c:\program files\Emsisoft HiJackFree
2013-08-21 13:53:55 -------- d-----w- c:\program files\Microsoft Security Client
2013-08-20 17:36:26 -------- d-----w- c:\docume~1\garry\local settings\application data\avgchrome
2013-08-20 17:28:28 -------- d-----w- c:\docume~1\garry\local settings\application data\TopArcadeHits
2013-08-20 17:28:22 -------- d-----w- c:\program files\WebConnect
2013-08-20 11:32:59 -------- d-----w- C:\mbar
2013-08-20 11:08:35 -------- d-----w- c:\docume~1\alluse~1\application data\Malwarebytes' Anti-Malware (portable)
2013-08-19 21:17:53 -------- d-sha-r- C:\cmdcons
2013-08-16 12:09:02 1893504 ----a-w- C:\rkill.com
2013-08-16 10:04:14 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-08-16 10:04:14 -------- d-----w- c:\windows\system32\wbem\Repository
2013-08-16 10:03:56 -------- d-----w- c:\program files\Microsoft Download Manager
2013-08-15 15:26:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-08-15 06:53:09 -------- d-----w- C:\cmdcons(2)
2013-08-15 06:52:08 -------- d-----w- C:\ComboFix(4)
2013-08-09 19:02:03 -------- d-----w- c:\program files\Huawei Modems
2013-08-09 19:00:12 -------- d-----w- c:\windows\system32\MRT
2013-07-31 20:48:17 -------- d-----w- c:\docume~1\garry\local settings\application data\DoNotTrackPlus
2013-07-31 20:29:31 -------- d-----w- c:\program files\CheckPoint
2013-07-31 19:21:20 -------- d-----w- c:\docume~1\alluse~1\application data\CheckPoint
.
==================== Find3M ====================
.
2013-08-21 17:35:19 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-21 17:35:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47:13 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47:12 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52:59 385024 ----a-w- c:\windows\system32\html.iec
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet(5).dll
2013-06-07 21:56:06 1215488 ----a-w- c:\windows\system32\urlmon(5).dll
2013-06-07 21:56:06 105984 ----a-w- c:\windows\system32\url(5).dll
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-28 01:59:37 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2013-05-28 00:41:07 6144 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 10:07:30.04 ===============
aswMBR
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-08-25 10:07:46
-----------------------------
10:07:46.125 OS Version: Windows 5.1.2600 Service Pack 3
10:07:46.125 Number of processors: 2 586 0x4B02
10:07:46.125 ComputerName: GARRY-EC0E7D6DA UserName: Garry
10:07:47.031 Initialize success
10:14:27.125 AVAST engine defs: 13082500
10:20:58.156 Disk 0 \Device\Harddisk0\DR0 -> \Device\00000073
10:20:58.156 Disk 0 Vendor: Maxtor_6L200M0 BANC1G10 Size: 190782MB BusType: 3
10:20:58.156 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000074
10:20:58.156 Disk 1 Vendor: Hitachi_HDP725050GLA360 GM4OA52A Size: 476940MB BusType: 3
10:20:58.265 Disk 1 MBR read successfully
10:20:58.265 Disk 1 MBR scan
10:20:58.312 Disk 1 Windows XP default MBR code
10:20:58.312 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 63
10:20:58.312 Disk 1 scanning sectors +976770144
10:20:58.343 Disk 1 scanning C:\WINDOWS\system32\drivers
10:21:06.890 Service scanning
10:21:20.093 Modules scanning
10:21:24.140 Disk 1 trace - called modules:
10:21:24.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
10:21:24.156 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8ab0aab8]
10:21:24.156 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000076[0x8ab2cf18]
10:21:24.156 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\00000074[0x8ab2b030]
10:21:24.984 AVAST engine scan C:\WINDOWS
10:21:32.593 AVAST engine scan C:\WINDOWS\system32
10:24:53.531 AVAST engine scan C:\WINDOWS\system32\drivers
10:25:18.187 AVAST engine scan C:\Documents and Settings\Garry
10:49:20.796 AVAST engine scan C:\Documents and Settings\All Users
10:55:53.921 Scan finished successfully
11:06:47.359 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Garry\Desktop\MBR.dat"
11:06:47.359 The log file has been saved successfully to "C:\Documents and Settings\Garry\Desktop\aswMBR.txt"
WIN32.Downloader.gen
Montera.Toolbar
WIN32.Downloader.bltu
Ask.MyGlobalSearch
Delta.Toolbar
Babylon
Yontoo.Pagerage
The PC is now clean of these but is still slow starting . I have looked in System Configuration Facility and do not have any suspect programs in star up , however when I have tried Diagnostic Start up the Pc boots up straight away .
I looked at Spybot's "System Start Up" and found a entry at "Winlogon" called crypt32chain under "Value" , it,s "Command Line" is Crypt32.dll .
Is this a legitimate process ?
I would be very grateful if someone can help , as it sometimes takes up to 4-5 minuets for my pc to start.
I would like to mention that I was unable to download "aswMBR" through Google Chrome ( had to download via IE),however I did not have any problems downloading DDS through Chrome.
Edit
Removed second "attach.txt log"
DDS 2
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Garry at 10:06:26 on 2013-08-25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1395 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} -
uRun: [HijackThis startup scan] c:\program files\trendmicro\hijackthis\HijackThis.exe /startupscan
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1357393069968
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{D6340577-E52A-44FD-854C-8FF8A543E0C9} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{F8E9D2E3-53A1-4DA8-BA02-5CEAD26B4DCA} : DHCPNameServer = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\progra~1\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\progra~1\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
.
============= SERVICES / DRIVERS ===============
.
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2005-2-11 16640]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-16 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-15 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-15 22856]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\commonfx.sys --> c:\windows\system32\drivers\COMMONFX.SYS [?]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\ctaudfx.sys --> c:\windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\cterfxfx.sys --> c:\windows\system32\drivers\CTERFXFX.SYS [?]
S3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys --> c:\windows\system32\drivers\ctgame.sys [?]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\ctsblfx.sys --> c:\windows\system32\drivers\CTSBLFX.SYS [?]
S3 gearsec;gearsec; [x]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S4 Update WK;Update WK;c:\program files\webconnect\updateWebConnect.exe [2013-8-17 199976]
.
=============== Created Last 30 ================
.
2013-08-25 07:07:54 7166848 ----a-w- c:\docume~1\alluse~1\application data\microsoft\microsoft antimalware\definition updates\{219a5390-8fc4-4db3-8037-8e84ff1be0cd}\mpengine.dll
2013-08-23 11:27:08 -------- d-----w- C:\ComboFix
2013-08-22 16:13:05 -------- d-----w- c:\docume~1\garry\applic~1\Process Hacker 2
2013-08-22 15:57:59 -------- d-----w- c:\program files\Process Hacker 2
2013-08-22 15:48:32 7166848 ----a-w- c:\docume~1\alluse~1\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-08-22 15:19:16 -------- d-----w- c:\program files\Free Window Registry Repair
2013-08-21 17:36:05 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2013-08-21 17:36:01 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2013-08-21 17:36:01 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2013-08-21 17:34:59 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2013-08-21 17:33:56 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2013-08-21 17:32:58 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2013-08-21 17:31:59 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2013-08-21 17:30:59 16256 -c--a-w- c:\windows\system32\dllcache\symc810.sys
2013-08-21 17:29:53 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2013-08-21 17:28:57 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2013-08-21 17:27:57 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2013-08-21 17:26:58 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2013-08-21 17:25:59 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2013-08-21 17:24:58 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2013-08-21 17:23:57 27296 -c--a-w- c:\windows\system32\dllcache\perc2.sys
2013-08-21 17:22:57 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2013-08-21 17:21:59 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2013-08-21 17:20:52 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2013-08-21 17:20:47 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2013-08-21 17:20:40 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2013-08-21 17:20:38 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2013-08-21 17:20:37 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2013-08-21 17:20:28 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2013-08-21 17:20:25 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2013-08-21 17:20:23 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2013-08-21 17:20:16 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2013-08-21 17:20:14 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2013-08-21 17:20:09 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2013-08-21 17:20:03 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2013-08-21 17:20:01 34304 -c--a-w- c:\windows\system32\dllcache\migisol.exe
2013-08-21 17:18:59 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2013-08-21 17:17:57 471102 -c--a-w- c:\windows\system32\dllcache\imskdic.dll
2013-08-21 17:16:59 18560 -c--a-w- c:\windows\system32\dllcache\i2omp.sys
2013-08-21 17:15:59 165888 -c--a-w- c:\windows\system32\dllcache\hpgt53.dll
2013-08-21 17:14:58 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2013-08-21 17:13:59 595647 -c--a-w- c:\windows\system32\dllcache\es56cvmp.sys
2013-08-21 17:12:58 334208 -c--a-w- c:\windows\system32\dllcache\ds1wdm.sys
2013-08-21 17:11:59 7424 -c--a-w- c:\windows\system32\dllcache\ddsmc.sys
2013-08-21 17:10:59 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll
2013-08-21 17:08:15 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2013-08-21 17:07:58 102400 -c--a-w- c:\windows\system32\dllcache\binlsvc.dll
2013-08-21 17:06:43 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2013-08-21 14:19:15 -------- d-----w- c:\program files\Emsisoft HiJackFree
2013-08-21 13:53:55 -------- d-----w- c:\program files\Microsoft Security Client
2013-08-20 17:36:26 -------- d-----w- c:\docume~1\garry\local settings\application data\avgchrome
2013-08-20 17:28:28 -------- d-----w- c:\docume~1\garry\local settings\application data\TopArcadeHits
2013-08-20 17:28:22 -------- d-----w- c:\program files\WebConnect
2013-08-20 11:32:59 -------- d-----w- C:\mbar
2013-08-20 11:08:35 -------- d-----w- c:\docume~1\alluse~1\application data\Malwarebytes' Anti-Malware (portable)
2013-08-19 21:17:53 -------- d-sha-r- C:\cmdcons
2013-08-16 12:09:02 1893504 ----a-w- C:\rkill.com
2013-08-16 10:04:14 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-08-16 10:04:14 -------- d-----w- c:\windows\system32\wbem\Repository
2013-08-16 10:03:56 -------- d-----w- c:\program files\Microsoft Download Manager
2013-08-15 15:26:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-08-15 06:53:09 -------- d-----w- C:\cmdcons(2)
2013-08-15 06:52:08 -------- d-----w- C:\ComboFix(4)
2013-08-09 19:02:03 -------- d-----w- c:\program files\Huawei Modems
2013-08-09 19:00:12 -------- d-----w- c:\windows\system32\MRT
2013-07-31 20:48:17 -------- d-----w- c:\docume~1\garry\local settings\application data\DoNotTrackPlus
2013-07-31 20:29:31 -------- d-----w- c:\program files\CheckPoint
2013-07-31 19:21:20 -------- d-----w- c:\docume~1\alluse~1\application data\CheckPoint
.
==================== Find3M ====================
.
2013-08-21 17:35:19 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-21 17:35:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-26 02:47:17 920064 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 02:47:13 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-26 02:47:12 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-07-25 15:52:59 385024 ----a-w- c:\windows\system32\html.iec
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet(5).dll
2013-06-07 21:56:06 1215488 ----a-w- c:\windows\system32\urlmon(5).dll
2013-06-07 21:56:06 105984 ----a-w- c:\windows\system32\url(5).dll
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-28 01:59:37 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2013-05-28 00:41:07 6144 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 10:07:30.04 ===============
aswMBR
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-08-25 10:07:46
-----------------------------
10:07:46.125 OS Version: Windows 5.1.2600 Service Pack 3
10:07:46.125 Number of processors: 2 586 0x4B02
10:07:46.125 ComputerName: GARRY-EC0E7D6DA UserName: Garry
10:07:47.031 Initialize success
10:14:27.125 AVAST engine defs: 13082500
10:20:58.156 Disk 0 \Device\Harddisk0\DR0 -> \Device\00000073
10:20:58.156 Disk 0 Vendor: Maxtor_6L200M0 BANC1G10 Size: 190782MB BusType: 3
10:20:58.156 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000074
10:20:58.156 Disk 1 Vendor: Hitachi_HDP725050GLA360 GM4OA52A Size: 476940MB BusType: 3
10:20:58.265 Disk 1 MBR read successfully
10:20:58.265 Disk 1 MBR scan
10:20:58.312 Disk 1 Windows XP default MBR code
10:20:58.312 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 63
10:20:58.312 Disk 1 scanning sectors +976770144
10:20:58.343 Disk 1 scanning C:\WINDOWS\system32\drivers
10:21:06.890 Service scanning
10:21:20.093 Modules scanning
10:21:24.140 Disk 1 trace - called modules:
10:21:24.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
10:21:24.156 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8ab0aab8]
10:21:24.156 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000076[0x8ab2cf18]
10:21:24.156 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\00000074[0x8ab2b030]
10:21:24.984 AVAST engine scan C:\WINDOWS
10:21:32.593 AVAST engine scan C:\WINDOWS\system32
10:24:53.531 AVAST engine scan C:\WINDOWS\system32\drivers
10:25:18.187 AVAST engine scan C:\Documents and Settings\Garry
10:49:20.796 AVAST engine scan C:\Documents and Settings\All Users
10:55:53.921 Scan finished successfully
11:06:47.359 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Garry\Desktop\MBR.dat"
11:06:47.359 The log file has been saved successfully to "C:\Documents and Settings\Garry\Desktop\aswMBR.txt"