-
May 29th, 2014, 02:06 AM
#1
[RESOLVED] Dell Vostro 200 Win XP SaveNShare Survivor
Hi,
I have a friend who's returned with his ailing Dell Vostro 200 Minitower running WinXP Pro SP3. I first wrote about this machine in this thread, http://discussions.virtualdr.com/sho...ll-XP-Machines. At that time, the machine was the victim of the vGrabber thing, among other things.
Today, he has returned because the machine has become useless. It is extremely slow, boot time over 15 minutes, constant delays and lags just using the system.
I've discovered a history of bad internet usage without good security practices. There were video recording/streaming stuff (vGrabber reincarnated!), download managers (EZDownloader) and PDF Creators, as well as Optimizer, PC Optimizer Pro, and two or three others. Also AVG anti-virus was installed ... but NOT UPDATED since Jul 2013!! AND there were NO PASSWORDS on both user accounts!!! I went to open Chrome ... and 3 tabs appeared ... one with Google, the middle with vGrabber Search, and the 3rd was some kind of "Google hack" for lack of better word.
After removing a lot of programs, I followed Midknyte's instructions. I've run Malwarebyte and DDS, and am posting them below.
The biggest thing is the SaveNShare. It has rendered MSIE useless, will have to reinstall. I believe I removed it from FF and Chrome. And the scans say that there are no more active threats. But I'm not at all convinced that it's gone. I believe it's still lurking somewhere, inert. I feel like it may yet come back (I'm strangely reminded of The Replicators in Stargate SG-1 Season 4 & 5 .. almost got 'em all ... but it only takes a little part of one little bug ... and then they'll be back, and that in FORCE!)
----- // Malwarebytes // ------
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/29/2014
Scan Time: 12:08:14 AM
Logfile: Scan 052914 0045hrs.txt
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.29.03
Rootkit Database: v2014.05.21.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: dg
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 301687
Time Elapsed: 14 min, 52 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
------- // DDS - ATTACH // -------
NOTE: I know that no one requested this part yet ... but I'm including this because it may be the one piece I need reviewed to show me where I still need to clean things out. Particularly, "savEEnsharoe" is STILL LISTED under Installed Programs, even though I can't find the sucker.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/7/2005 11:24:05 AM
System Uptime: 5/28/2014 11:49:12 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0CU409
Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz | Socket 775 | 1795/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 86.843 GiB free.
D: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP539: 2/28/2014 8:00:55 PM - System Checkpoint
RP540: 3/2/2014 2:07:56 PM - System Checkpoint
RP541: 3/3/2014 9:18:09 PM - System Checkpoint
RP542: 3/4/2014 9:28:36 PM - System Checkpoint
RP543: 3/6/2014 7:43:30 AM - System Checkpoint
RP544: 3/7/2014 8:47:44 AM - System Checkpoint
RP545: 3/8/2014 8:52:04 AM - System Checkpoint
RP546: 3/9/2014 10:08:54 AM - System Checkpoint
RP547: 3/10/2014 4:30:38 PM - System Checkpoint
RP548: 3/12/2014 7:33:54 AM - System Checkpoint
RP549: 3/12/2014 10:31:13 PM - Software Distribution Service 3.0
RP550: 3/14/2014 7:43:06 AM - System Checkpoint
RP551: 3/15/2014 8:47:30 AM - System Checkpoint
RP552: 3/16/2014 12:22:01 PM - System Checkpoint
RP553: 3/17/2014 1:29:58 PM - System Checkpoint
RP554: 3/18/2014 10:57:40 PM - Software Distribution Service 3.0
RP555: 3/20/2014 7:07:26 AM - System Checkpoint
RP556: 3/21/2014 7:34:49 AM - System Checkpoint
RP557: 3/22/2014 6:30:34 PM - System Checkpoint
RP558: 3/23/2014 7:19:56 PM - System Checkpoint
RP559: 3/26/2014 7:11:47 AM - System Checkpoint
RP560: 3/26/2014 11:38:03 PM - Software Distribution Service 3.0
RP561: 3/28/2014 12:26:44 AM - System Checkpoint
RP562: 3/29/2014 7:44:17 AM - System Checkpoint
RP563: 3/30/2014 11:34:31 AM - System Checkpoint
RP564: 3/31/2014 3:30:19 PM - System Checkpoint
RP565: 4/3/2014 7:35:21 AM - System Checkpoint
RP566: 4/5/2014 2:12:41 PM - System Checkpoint
RP567: 4/6/2014 8:47:01 PM - System Checkpoint
RP568: 4/8/2014 7:03:38 AM - System Checkpoint
RP569: 4/9/2014 8:25:43 AM - System Checkpoint
RP570: 4/10/2014 3:00:47 AM - Software Distribution Service 3.0
RP571: 4/11/2014 6:50:43 AM - System Checkpoint
RP572: 4/12/2014 7:22:11 AM - System Checkpoint
RP573: 4/13/2014 8:39:41 AM - System Checkpoint
RP574: 4/14/2014 9:17:33 AM - System Checkpoint
RP575: 4/15/2014 12:00:10 PM - System Checkpoint
RP576: 4/16/2014 4:58:43 PM - System Checkpoint
RP577: 4/17/2014 5:54:05 PM - System Checkpoint
RP578: 4/19/2014 11:48:45 AM - System Checkpoint
RP579: 4/20/2014 7:52:41 PM - System Checkpoint
RP580: 4/22/2014 11:29:21 PM - System Checkpoint
RP581: 4/24/2014 6:57:27 AM - System Checkpoint
RP582: 4/25/2014 7:31:04 AM - System Checkpoint
RP583: 4/26/2014 7:35:22 AM - System Checkpoint
RP584: 4/27/2014 1:07:46 PM - System Checkpoint
RP585: 4/28/2014 3:40:08 PM - System Checkpoint
RP586: 4/29/2014 3:42:13 PM - System Checkpoint
RP587: 4/30/2014 4:10:19 PM - System Checkpoint
RP588: 5/2/2014 8:28:51 AM - System Checkpoint
RP589: 5/3/2014 1:31:52 PM - System Checkpoint
RP590: 5/3/2014 11:23:35 PM - Software Distribution Service 3.0
RP591: 5/5/2014 6:52:54 AM - System Checkpoint
RP592: 5/6/2014 7:28:37 AM - System Checkpoint
RP593: 5/7/2014 7:48:56 AM - System Checkpoint
RP594: 5/9/2014 7:10:18 AM - System Checkpoint
RP595: 5/10/2014 10:18:08 AM - System Checkpoint
RP596: 5/11/2014 10:45:51 AM - System Checkpoint
RP597: 5/12/2014 7:44:46 PM - System Checkpoint
RP598: 5/13/2014 8:22:53 PM - System Checkpoint
RP599: 5/15/2014 7:36:04 AM - System Checkpoint
RP600: 5/16/2014 6:21:23 AM - Software Distribution Service 3.0
RP601: 5/17/2014 10:23:25 AM - System Checkpoint
RP602: 5/18/2014 10:54:52 AM - System Checkpoint
RP603: 5/19/2014 11:35:55 AM - System Checkpoint
RP604: 5/20/2014 6:37:19 PM - System Checkpoint
RP605: 5/24/2014 7:09:14 PM - System Checkpoint
RP606: 5/26/2014 9:00:36 PM - System Checkpoint
RP607: 5/27/2014 8:52:47 PM - avast! antivirus system restore point
RP608: 5/28/2014 6:53:20 PM - Configured EA Download Manager
RP609: 5/28/2014 6:57:40 PM - Removed Hyphen Demo
RP610: 5/28/2014 7:09:24 PM - Removed Kelloggs_Desktop_Widget
RP611: 5/28/2014 7:15:03 PM - Removed Living 3D Dolphins Animated Wallpaper
RP612: 5/28/2014 8:57:51 PM - Removed AVG Free 8.5
RP613: 5/28/2014 8:59:24 PM - Installed AVG Free 8.5
RP614: 5/28/2014 9:11:05 PM - Removed Print Perfect Greeting Cards
RP615: 5/28/2014 9:33:19 PM - Removed SPORE™
RP616: 5/28/2014 9:34:45 PM - Configured EA Download Manager
RP617: 5/28/2014 9:47:07 PM - Removed Apple Mobile Device Support
RP618: 5/28/2014 9:47:57 PM - Removed Apple Application Support
RP619: 5/28/2014 9:49:04 PM - Removed Apple Software Update
RP620: 5/28/2014 11:37:33 PM - Removed iTunes
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.07)
AOL Toolbar
avast! Free Antivirus
AZentoo
BufferChm
C4400
C4400_Help
Cards_Calendar_OrderGift_DoMorePlugout
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Photo Navigator 1.5
DocProc
DocProcQFolder
eSupportQFolder
Google Chrome
Google Earth
Google Update Helper
GPBaseService
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
iExplorer 3.1.0.1
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.12.0
Java Auto Updater
Java(TM) 6 Update 30
Java(TM) 7 Update 5
JavaFX 2.1.1
Malwarebytes Anti-Malware version 2.0.1.1004
MarketResearch
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Software Update for Web Folders (English) 12
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Lite
OCR Software by I.R.I.S. 10.0
PanoStandAlone
PowerCinema NE for Everio
PowerDirector Express
PowerProducer
PS_AIO_03_C4400_ProductContext
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PSSWCORE
Realtek High Definition Audio Driver
savEEnsharoe
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB2964358)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Shop for HP Supplies
SmartWebPrintingOC
SolutionCenter
Status
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoToolkit01
WeatherBug
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
5/28/2014 9:47:59 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/28/2014 9:46:59 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/28/2014 5:47:25 PM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147500037 (0x80004005).
5/28/2014 5:12:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/28/2014 5:10:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/28/2014 5:10:46 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/28/2014 5:10:25 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswRvrt aswSnx aswSP aswTdi aswVmm AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
5/28/2014 5:10:25 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/28/2014 5:10:25 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/28/2014 5:10:25 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/28/2014 5:10:25 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/28/2014 5:10:25 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/28/2014 4:09:27 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
5/28/2014 4:09:19 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
5/28/2014 4:09:19 PM, error: Service Control Manager [7000] - The Coupon AlertService service failed to start due to the following error: The system cannot find the path specified.
5/28/2014 10:48:06 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
5/28/2014 10:48:06 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
5/28/2014 10:48:06 PM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
5/28/2014 10:48:06 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
5/28/2014 10:48:06 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/27/2014 9:42:23 PM, error: Sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
5/27/2014 6:21:29 PM, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 001D098EDD47 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
------- // DDS - FILE 2 // -------
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by dg at 1:10:28 on 2014-05-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.96 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\dg\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\dg\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\dg\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\dg\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
mStart Page = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
mCustomizeSearch = hxxp://www.google.com
dURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: <No Name>: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\program files\microsoft money\system\mnyside.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: Azentoo Apps: {EBED69BF-0606-45DF-A14C-40B72B1A59D5} - c:\program files\azentoo\AZentoo Apps.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - <orphaned>
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\dg\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [hpqSRMon] <no file>
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} - c:\program files\microsoft money\system\mnyside.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1347694073484
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{0DDC238D-44D2-48C6-875A-E1D7DF5A6BBC} : DHCPNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dg\application data\mozilla\firefox\profiles\9znn2c3a.default\
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\dg\application data\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlaySushiFF.dll
FF - plugin: c:\documents and settings\dg\local settings\application data\google\update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\dg\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_214.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2014-05-27 20:56; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: 1969-12-31 19:00; {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}; c:\documents and settings\dg\application data\mozilla\firefox\profiles\9znn2c3a.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-5-27 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-5-27 180632]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2014-5-27 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-5-27 411680]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-27 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-5-27 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-5-27 50344]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-5-4 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-5-4 857912]
R3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\drivers\cbfs3.sys [2012-9-9 299024]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-7 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-5-4 107736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpuz134;cpuz134;\??\c:\docume~1\dg\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\dg\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 ToolkitDisk;ToolkitDisk;c:\windows\system32\drivers\toolkitdisk.sys [2011-9-20 57152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-05-29 03:43:08 -------- d-----w- C:\Scan Logs 05-28-14
2014-05-29 02:46:37 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-29 02:45:39 -------- d-----w- C:\AdwCleaner
2014-05-28 01:07:40 -------- d-----w- c:\documents and settings\dg\application data\AVAST Software
2014-05-28 00:56:24 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-28 00:56:23 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-28 00:56:21 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-28 00:56:21 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-28 00:56:20 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-28 00:55:56 43152 ----a-w- c:\windows\avastSS.scr
2014-05-28 00:52:47 -------- d-----w- c:\program files\AVAST Software
2014-05-28 00:47:39 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2014-05-25 00:59:39 -------- d-----w- c:\documents and settings\dg\application data\HpUpdate
2014-05-25 00:58:59 -------- d-----w- c:\windows\Hewlett-Packard
2014-05-08 13:48:42 227704 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2014-05-04 11:46:20 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-04 11:44:47 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-04 11:44:47 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
.
==================== Find3M ====================
.
2014-05-29 01:34:46 1026 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2014-05-28 00:56:08 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1401238910703
2014-05-28 00:56:07 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys.1401238910703
2014-05-15 11:46:18 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-15 11:46:18 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-03 13:50:56 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-17 11:03:14 252288 ----a-r- c:\windows\system32\cpnprt2.cid
2014-03-06 17:59:23 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:59:22 43520 ------w- c:\windows\system32\licmgr10.dll
2014-03-06 17:59:22 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 17:59:22 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-03-06 00:46:54 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 1:11:22.03 ===============
Last edited by Peter Macintosh; May 29th, 2014 at 02:09 AM.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|