Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Maybe Virus, Maybe Not

This is a discussion on Maybe Virus, Maybe Not within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi! Since I still can't afford a new computer, I'm trying to keep this one going a bit. Yeah, I


 
 
Thread Tools Search this Thread
Old 07-06-2016, 07:41 PM   #1
Registered Member
 
Join Date: Aug 2011
Posts: 127
OS: Windows XP



Hi! Since I still can't afford a new computer, I'm trying to keep this one going a bit. Yeah, I know it can't even accept Windows Updates anymore. But at least Avast still updates...most of the time. Recently Skype started opening by itself without anybody calling me.

So I've turned to you gents & ladies once again.

Anyway, the dds.txt log:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.79.2
Run by Keith at 19:26:20 on 2016-07-06
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.343 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Uploader] c:\program files\seagate\seagate dashboard 2.0\Seagate.Dashboard.Uploader.exe
mRun: [AmIcoSinglun] c:\program files\amicosinglun\AmIcoSinglun.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print 2.0\smartprintsetup.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350322420296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
TCP: Interfaces\{F18B2DB3-2D9E-4C86-BBEB-8F3085474E3C} : NameServer = 77.234.40.79
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\49.0.2623.112\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-4-17 60424]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-4-17 222056]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2015-3-18 35096]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-4-17 816304]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-4-17 438296]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-4-20 34008]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-4-17 91680]
R2 avast! Antivirus;Avast Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2016-6-22 197128]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2012-3-6 54760]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 VZWConfigService;VZW Config Service;c:\program files\novatel wireless\lte support\VZWMSConfig.exe [2011-3-21 148016]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [2015-7-13 184592]
R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2012-6-13 54416]
R3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2012-6-13 160272]
R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2012-6-13 160272]
R3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\drivers\PTDUWFLT.sys [2012-6-13 11920]
R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2012-6-13 113680]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2010-4-14 32408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;"c:\program files\hp\common\hpsupportsolutionsframeworkservice.exe" --> c:\program files\hp\common\HPSupportSolutionsFrameworkService.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2016-5-23 324224]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [2009-5-8 25600]
S3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\drivers\aswTap.sys [2014-7-14 35144]
S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [2014-3-6 35256]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gbalink;GBA Link Driver (gbalink.sys);c:\windows\system32\drivers\gbalink.sys [2010-10-7 19677]
S3 NWRmNet_001;Novatel Wireless Verizon RmNet Network Adapter;c:\windows\system32\drivers\NWRmNet_001.sys [2011-6-14 287744]
S3 NWUSBModem_001;Novatel Wireless Verizon USB Modem Driver;c:\windows\system32\drivers\nwusbmdm_001.sys [2011-6-14 176384]
S3 NWUSBPort_001;Novatel Wireless Verizon USB Status Port Driver;c:\windows\system32\drivers\nwusbser_001.sys [2011-6-14 176384]
S3 NWUSBPort2_001;Novatel Wireless Verizon USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2_001.sys [2011-6-14 176384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files\seagate\seagate dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2014-2-10 16000]
S4 Seagate MobileBackup Service;Seagate MobileBackup Service;c:\program files\seagate\seagate dashboard 2.0\MobileService.exe [2014-2-10 157264]
.
=============== File Associations ===============
.
ShellExec: AvastSZB.exe: open="c:\program files\avast software\szbrowser\Launcher.exe" "%1"
ShellExec: Cdj.exe: null="c:\program files\padus\discjuggler\Cdj.exe"
ShellExec: SZBrowser.exe: open="c:\program files\avast software\szbrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2016-06-24 04:19:10 -------- d-----w- c:\documents and settings\keith\local settings\application data\ESET
2016-06-24 03:32:55 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-06-24 03:30:23 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-06-24 01:55:47 -------- d-----w- C:\AdwCleaner
2016-06-22 18:16:23 -------- d-----w- c:\documents and settings\keith\local settings\application data\CEF
2016-06-22 17:54:59 921280 ----a-w- c:\windows\ucrtbase.dll
2016-06-22 17:54:43 53208 ----a-w- c:\windows\avastSS.scr
2016-06-14 22:05:44 -------- d-----r- c:\program files\Skype
.
==================== Find3M ====================
.
2016-06-22 17:54:54 91680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-06-22 17:54:54 60424 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-06-22 17:54:54 34008 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-06-22 17:54:54 222056 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-06-22 17:54:54 184592 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2016-06-22 17:54:29 816304 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-06-22 17:54:29 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-06-18 02:37:55 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-06-18 02:37:54 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-06-18 02:35:09 9166528 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
============= FINISH: 19:27:12.54 ===============


And attached is the "attach" file.

Thanks for your help!
Attached Files
File Type: txt attach.txt (20.5 KB, 27 views)
KeithEKimball is offline  
Sponsored Links
Advertisement
 
Old 07-07-2016, 09:42 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Hi again, Keith. Since XP is no longer supported, you will always be susceptible to infection due to vulnerabilities that remain in the outdated OS.

Also, are you aware that your System Restore appears to be disabled? Did you intentionally disable it?

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

Disable all antivirus and antispyware programs. Get help here

Double-click ComboFix.exe and follow the prompts to run it.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  • With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
  • It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Recovery Console is installed, this blue window will appear:


  • Please click Yes to continue scanning for malware.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done.
  • ComboFix may reboot your machine. This is normal.
  • When the tool is finished, it will produce a log for you.

Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-07-2016, 05:03 PM   #3
Registered Member
 
Join Date: Aug 2011
Posts: 127
OS: Windows XP



Hello again!

Nice to see you and thanks as always for helping me out.

I did *not* disable System Restore but when I look at it under "My Computer", it seems to be on. I certainly would like it to be!

AdwCleaner didn't report any malicious files from "Scan" so I didn't have to press "Clean". However, here is the program's log so your wiser head can prevail over mine; just in case.

# AdwCleaner v5.201 - Logfile created 07/07/2016 at 16:29:35
# Updated 30/06/2016 by ToolsLib
# Database : 2016-06-14.1 [Local]
# Operating system : Microsoft Windows XP Service Pack 3 (X86)
# Username : Keith - KIMBALL-PC
# Running from : C:\Documents and Settings\Keith\Desktop\AdwCleaner.exe
# Option : Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1188 bytes] - [23/06/2016 19:00:49]
C:\AdwCleaner\AdwCleaner[S1].txt - [1007 bytes] - [23/06/2016 18:57:26]
C:\AdwCleaner\AdwCleaner[S2].txt - [953 bytes] - [07/07/2016 15:47:13]
C:\AdwCleaner\AdwCleaner[S3].txt - [875 bytes] - [07/07/2016 16:29:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [947 bytes] ##########

And now the Combofix Log:

ComboFix 16-06-30.01 - Keith 07/07/2016 16:41:15.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.536 [GMT -7:00]
Running from: c:\documents and settings\Keith\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2016-06-07 to 2016-07-07 )))))))))))))))))))))))))))))))
.
.
2016-06-24 04:19 . 2016-06-24 06:15 -------- d-----w- c:\documents and settings\Keith\Local Settings\Application Data\ESET
2016-06-24 03:32 . 2016-06-24 03:32 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-06-24 03:30 . 2016-06-24 03:30 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-06-24 01:55 . 2016-07-07 23:29 -------- d-----w- C:\AdwCleaner
2016-06-23 01:42 . 2016-06-23 01:42 -------- d-----w- c:\documents and settings\Lois\Local Settings\Application Data\CEF
2016-06-22 18:16 . 2016-06-22 18:16 -------- d-----w- c:\documents and settings\Keith\Local Settings\Application Data\CEF
2016-06-22 17:54 . 2016-06-22 17:54 921280 ----a-w- c:\windows\ucrtbase.dll
2016-06-22 17:54 . 2016-06-22 17:54 319248 ----a-w- c:\windows\system32\aswBoot.exe
2016-06-22 17:54 . 2016-06-22 17:54 53208 ----a-w- c:\windows\avastSS.scr
2016-06-21 19:22 . 2016-06-21 20:43 -------- d-----w- c:\documents and settings\Lois\Application Data\Skype
2016-06-14 22:05 . 2016-06-14 22:05 -------- d-----w- c:\program files\Common Files\Skype
2016-06-14 22:05 . 2016-06-21 19:22 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-07-05 04:45 . 2014-04-17 17:52 438296 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-06-22 17:54 . 2014-04-17 17:52 66688 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2016-06-22 17:54 . 2015-07-14 03:04 184592 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2016-06-22 17:54 . 2014-04-20 10:40 34008 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-06-22 17:54 . 2014-04-17 17:52 91680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-06-22 17:54 . 2014-04-17 17:52 60424 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-06-22 17:54 . 2014-04-17 17:52 222056 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-06-22 17:54 . 2014-04-17 17:52 64272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2016-06-22 17:54 . 2015-03-18 23:44 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-06-22 17:54 . 2014-04-17 17:52 816304 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-06-18 02:37 . 2013-02-05 18:22 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-06-18 02:37 . 2011-09-22 21:51 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-06-18 02:35 . 2016-03-25 01:34 9166528 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-06-22 17:54 831464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uploader"="c:\program files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe" [2014-02-10 126056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2009-04-10 237568]
"nwiz"="nwiz.exe" [2009-07-06 1630208]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-06-22 8897712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-06 13578240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Lois\Start Menu\Programs\Startup\
OpenOffice 4.0.1.lnk - c:\program files\OpenOffice 4\program\quickstart.exe [2015-10-21 117248]
OpenOffice 4.1.1.lnk - c:\program files\OpenOffice 4\program\quickstart.exe [2015-10-21 117248]
OpenOffice 4.1.2.lnk - c:\program files\OpenOffice 4\program\quickstart.exe [2015-10-21 117248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Keith^Start Menu^Programs^Startup^Seagate NA77HH4Z Product Registration.lnk]
path=c:\documents and settings\Keith\Start Menu\Programs\Startup\Seagate NA77HH4Z Product Registration.lnk
backup=c:\windows\pss\Seagate NA77HH4Z Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 02:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DBAgent]
2014-02-10 20:49 1519176 ----a-w- c:\program files\Seagate\Seagate Dashboard 2.0\DBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2013-05-30 21:50 96056 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Message Center 2]
2010-05-26 02:16 619008 ----a-w- c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-07-06 19:28 13578240 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 10:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2016-06-29 07:56 26424960 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2008-07-17 20:10 888832 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2008-04-15 11:41 1040384 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2015-04-11 01:44 271744 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Seagate Dashboard Services"=2 (0x2)
"Seagate MobileBackup Service"=2 (0x2)
"ACDaemon"=2 (0x2)
"wuauserv"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [4/17/2014 10:52 AM 60424]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [4/17/2014 10:52 AM 222056]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [3/18/2015 4:44 PM 35096]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/17/2014 10:52 AM 816304]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [4/17/2014 10:52 AM 438296]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [4/20/2014 3:40 AM 34008]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [4/17/2014 10:52 AM 91680]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [6/28/2013 5:48 PM 14624]
R2 VZWConfigService;VZW Config Service;c:\program files\Novatel Wireless\LTE Support\VZWMSConfig.exe [3/21/2011 12:41 PM 148016]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [7/13/2015 8:04 PM 184592]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;"c:\program files\Hp\Common\HPSupportSolutionsFrameworkService.exe" --> c:\program files\Hp\Common\HPSupportSolutionsFrameworkService.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5/23/2016 3:17 PM 324224]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [5/8/2009 6:15 PM 25600]
S3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\drivers\aswTap.sys [7/14/2014 6:33 AM 35144]
S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [3/6/2014 4:42 PM 35256]
S3 gbalink;GBA Link Driver (gbalink.sys);c:\windows\system32\drivers\gbalink.sys [10/7/2010 12:22 AM 19677]
S3 NWRmNet_001;Novatel Wireless Verizon RmNet Network Adapter;c:\windows\system32\drivers\NWRmNet_001.sys [6/14/2011 6:47 PM 287744]
S3 NWUSBModem_001;Novatel Wireless Verizon USB Modem Driver;c:\windows\system32\drivers\nwusbmdm_001.sys [6/14/2011 6:47 PM 176384]
S3 NWUSBPort_001;Novatel Wireless Verizon USB Status Port Driver;c:\windows\system32\drivers\nwusbser_001.sys [6/14/2011 6:47 PM 176384]
S3 NWUSBPort2_001;Novatel Wireless Verizon USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2_001.sys [6/14/2011 6:47 PM 176384]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [6/13/2012 3:07 PM 54416]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [6/13/2012 3:07 PM 160272]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [6/13/2012 3:07 PM 160272]
S3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\drivers\PTDUWFLT.sys [6/13/2012 3:07 PM 11920]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [6/13/2012 3:07 PM 113680]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [4/14/2010 8:29 PM 32408]
S4 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2/10/2014 1:50 PM 16000]
S4 Seagate MobileBackup Service;Seagate MobileBackup Service;c:\program files\Seagate\Seagate Dashboard 2.0\MobileService.exe [2/10/2014 1:51 PM 157264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-21 01:43 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-17 02:37]
.
2016-06-22 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 04:12]
.
2016-06-21 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 04:12]
.
2016-07-07 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 04:12]
.
2016-06-21 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 04:12]
.
2016-06-22 c:\windows\Tasks\At5.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 04:12]
.
2016-06-21 c:\windows\Tasks\At6.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 04:12]
.
2016-06-21 c:\windows\Tasks\At7.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 04:12]
.
2016-06-21 c:\windows\Tasks\At8.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-17 04:12]
.
2016-07-07 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-22 17:54]
.
2016-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-11-11 21:47]
.
2016-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-11-11 21:47]
.
2015-04-13 c:\windows\Tasks\Keith DBAgent 2 0.job
- c:\program files\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-02-10 20:49]
.
2016-07-07 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-06 01:59]
.
2016-04-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-06 01:59]
.
2016-07-07 c:\windows\Tasks\SafeZone scheduled Autoupdate 1460427312.job
- c:\program files\AVAST Software\SZBrowser\launcher.exe [2015-11-05 13:03]
.
2015-04-13 c:\windows\Tasks\Seagate_Install_Launch.job
- c:\program files\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-02-10 20:50]
.
.
------- Supplementary Scan -------
.
TCP: Interfaces\{F18B2DB3-2D9E-4C86-BBEB-8F3085474E3C}: NameServer = 77.234.40.79
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2016-07-07 16:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1078081533-1844823847-1801674531-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_22_0_0_192_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_22_0_0_192_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1840)
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\MSVCP140.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\VCRUNTIME140.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-crt-runtime-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\ucrtbase.DLL
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-core-string-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-core-errorhandling-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-core-file-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-core-namedpipe-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-core-handle-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-core-file-l2-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-core-heap-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-core-libraryloader-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-core-synch-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-core-processthreads-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-core-processenvironment-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-core-datetime-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-core-localization-l1-2-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-core-sysinfo-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-core-synch-l1-2-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-core-console-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-core-debug-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-core-processthreads-l1-1-1.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-core-file-l1-2-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-core-profile-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-core-memory-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-core-util-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-core-rtlsupport-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-core-interlocked-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-crt-string-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-crt-stdio-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-crt-locale-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-crt-math-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-crt-multibyte-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-crt-time-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-crt-filesystem-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-crt-environment-l1-1-0.dll
c:\windows\WinSxS\x86_Avast.VC140.CRT_fcc99ee6193ebbca_14.0.23918.0_x-ww_d1a3fa5e\api-ms-win-crt-utility-l1-1-0.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2016-07-07 16:53:17
ComboFix-quarantined-files.txt 2016-07-07 23:53
ComboFix2.txt 2016-07-07 23:13
ComboFix3.txt 2016-06-24 02:29
.
Pre-Run: 269,441,691,648 bytes free
Post-Run: 269,423,190,016 bytes free
.
- - End Of File - - 43F8852903F9FDCCC7D4A50DB98A1143
8F558EB6672622401DA993E1E865C861

Okay, ready for the next step.
KeithEKimball is offline  
Sponsored Links
Advertisement
 
Old 07-08-2016, 03:21 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Keith. You're very welcome!

It appears you used msconfig to disable Skype, correct?

Please use msconfig to re-enable it, then run DDS again, and post the first log, DDS.txt, in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-10-2016, 07:12 PM   #5
Registered Member
 
Join Date: Aug 2011
Posts: 127
OS: Windows XP



Hello!

Say, I have Spyware Blaster and Avast...should I get rid of Spyware Blaster?

Anyway, as requested, I did indeed reenable Skype back into booting up with msconfig and reran DDS, here's the new DDS Log:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.79.2
Run by Keith at 19:02:35 on 2016-07-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.448 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Skype\Updater\Updater.exe
C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Uploader] c:\program files\seagate\seagate dashboard 2.0\Seagate.Dashboard.Uploader.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [AmIcoSinglun] c:\program files\amicosinglun\AmIcoSinglun.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print 2.0\smartprintsetup.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1350322420296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
TCP: Interfaces\{F18B2DB3-2D9E-4C86-BBEB-8F3085474E3C} : NameServer = 77.234.40.79
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\49.0.2623.112\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-4-17 60424]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-4-17 222056]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2015-3-18 35096]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-4-17 816304]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-4-17 438296]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-4-20 34008]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-4-17 91680]
R2 avast! Antivirus;Avast Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2016-6-22 197128]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2012-3-6 54760]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2016-5-23 324224]
R2 VZWConfigService;VZW Config Service;c:\program files\novatel wireless\lte support\VZWMSConfig.exe [2011-3-21 148016]
R3 aswStmXP;Avast StreamFilter Driver;c:\windows\system32\drivers\aswStmXP.sys [2015-7-13 184592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;"c:\program files\hp\common\hpsupportsolutionsframeworkservice.exe" --> c:\program files\hp\common\HPSupportSolutionsFrameworkService.exe [?]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [2009-5-8 25600]
S3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\drivers\aswTap.sys [2014-7-14 35144]
S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [2014-3-6 35256]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gbalink;GBA Link Driver (gbalink.sys);c:\windows\system32\drivers\gbalink.sys [2010-10-7 19677]
S3 NWRmNet_001;Novatel Wireless Verizon RmNet Network Adapter;c:\windows\system32\drivers\NWRmNet_001.sys [2011-6-14 287744]
S3 NWUSBModem_001;Novatel Wireless Verizon USB Modem Driver;c:\windows\system32\drivers\nwusbmdm_001.sys [2011-6-14 176384]
S3 NWUSBPort_001;Novatel Wireless Verizon USB Status Port Driver;c:\windows\system32\drivers\nwusbser_001.sys [2011-6-14 176384]
S3 NWUSBPort2_001;Novatel Wireless Verizon USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2_001.sys [2011-6-14 176384]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2012-6-13 54416]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2012-6-13 160272]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2012-6-13 160272]
S3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\drivers\PTDUWFLT.sys [2012-6-13 11920]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2012-6-13 113680]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2010-4-14 32408]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files\seagate\seagate dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2014-2-10 16000]
S4 Seagate MobileBackup Service;Seagate MobileBackup Service;c:\program files\seagate\seagate dashboard 2.0\MobileService.exe [2014-2-10 157264]
.
=============== File Associations ===============
.
ShellExec: AvastSZB.exe: open="c:\program files\avast software\szbrowser\Launcher.exe" "%1"
ShellExec: Cdj.exe: null="c:\program files\padus\discjuggler\Cdj.exe"
ShellExec: SZBrowser.exe: open="c:\program files\avast software\szbrowser\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2016-07-07 22:50:53 98816 ----a-w- c:\windows\sed.exe
2016-07-07 22:50:53 256000 ----a-w- c:\windows\PEV.exe
2016-07-07 22:50:53 208896 ----a-w- c:\windows\MBR.exe
2016-06-24 04:19:10 -------- d-----w- c:\documents and settings\keith\local settings\application data\ESET
2016-06-24 03:32:55 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-06-24 03:30:23 121560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-06-24 01:55:47 -------- d-----w- C:\AdwCleaner
2016-06-22 18:16:23 -------- d-----w- c:\documents and settings\keith\local settings\application data\CEF
2016-06-22 17:54:59 921280 ----a-w- c:\windows\ucrtbase.dll
2016-06-22 17:54:43 53208 ----a-w- c:\windows\avastSS.scr
2016-06-14 22:05:44 -------- d-----r- c:\program files\Skype
.
==================== Find3M ====================
.
2016-06-22 17:54:54 91680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-06-22 17:54:54 60424 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-06-22 17:54:54 34008 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-06-22 17:54:54 222056 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2016-06-22 17:54:54 184592 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2016-06-22 17:54:29 816304 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-06-22 17:54:29 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-06-18 02:37:55 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-06-18 02:37:54 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-06-18 02:35:09 9166528 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
============= FINISH: 19:03:25.53 ===============


Okay, ready!
KeithEKimball is offline  
Old 07-10-2016, 07:51 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Keith. SpywareBlaster won't interfere with avast, if that's what you're asking.

Skype should not run on startup after this regfix. Let me know.

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad(don't forget to copy and paste REGEDIT4):

Code:
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=-
Save the file as fix.reg and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.reg and choose Yes to merge/add it to the registry. Please delete the file afterwards.

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-2.2.1.1043.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs):

Java(TM) 7 Update 79

These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Go here and follow the prompts to install the latest Java > java.com: Java + You

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel(using Classic View) and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.
  • You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
  • Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
  • Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
  • At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
  • When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
  • Tick the option Enable detection of potentially unwanted applications
  • Click on Advanced settings
  • Make sure that the option Clean threats automatically is unticked.
  • Ensure these options are ticked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Click Scan
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Please copy/paste the contents of the log in your next reply.
  • To close ESET Online Scanner, select Do not clean then Finish
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-11-2016, 10:35 PM   #7
Registered Member
 
Join Date: Aug 2011
Posts: 127
OS: Windows XP



Hullo!

Yeah, as to Spyware Blaster & Avast, I see a lot of posts showing how only one main antivirus software per computer is a good idea. So I wondered if I was violating that rule without meaning to. Sounds like I can just keep both.

When I first turned the computer on to check this board, though, I found a program on the start bar saying, "AmIcoSinglun". This was without having any external drives plugged in yet. Right or left clicking on the icon meant nothing to it.

So I went on to this board and did the regfix for Skype as suggested; no problems with that. Uninstalled Java, no problems there, and rebooted. The AmIcoSinglun finally disappeared. Java seemed to reinstall without problems.

Eset, after scanning all internal and external drives, didn't find ANY threats so I don't have the report for that. However, here is the MBAM log, and I will try surfing the web a bit to explore system behavior.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/11/2016
Scan Time: 6:32:10 PM
Logfile: MBAM Log.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.11.10
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Keith

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 445296
Time Elapsed: 1 hr, 29 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Thanks again!
KeithEKimball is offline  
Old 07-12-2016, 08:15 AM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Keith. You're welcome. Let me know and I will give you some final instructions.

Yes, SpywareBlaster is not an antivirus so it won't interfere with avast!.

------------------------------------------------------

"AmIcoSinglun" is from Alcor Micro USB Card Reader, which is installed on your machine.

SystemLookup - Global Search

If you don't want AmIcoSinglun to open on startup, do this:

Open Notepad and copy/paste the entire contents of the codebox below into Notepad(don't forget to copy and paste REGEDIT4):

Code:
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun"=-
Save the file as fix.reg and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.reg and choose Yes to merge/add it to the registry. Please delete the file afterwards.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-12-2016, 06:47 PM   #9
Registered Member
 
Join Date: Aug 2011
Posts: 127
OS: Windows XP



Hi!

Great, I'll leave Spyware and AmIcoSinglun alone.

Well, I've been using this computer off and on during the last day and it seems okay now. No Skype opening, the computer runs faster, etc. Maybe we're in the clear now.
KeithEKimball is offline  
Old 07-12-2016, 11:01 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Congratulations. Well done! Your logs appear clean. You should be good to go.

Please disable avast! before uninstalling ComboFix and then re-enable it after doing so.

Go to Start >> Run and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Scan('Threat Scan' by default, or 'Scan Now' under the Dashboard tab) weekly.

Empty your Recycle Bin if it does not do so automatically.

----------------------------------------------------

Please read this and, if possible, contribute as much as you can:

Help BleepingComputer Defend Freedom of Speech

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

Also, support is ending for some versions of Windows > https://windows.microsoft.com/en-us/w...ce-packs?os=xp

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.

    *Note*- By default, whenever ComboFix deletes any file, it replaces any Hosts file with the default Windows Hosts file. Therefore, you will once again need to replace the default Hosts file with the MVPS HOSTS file.

  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here
    • Download Host.zip and Save it to your Desktop.
    • Right-click hosts.zip and select 'Extract all files' or 'Extract files...'.
    • Follow the prompts and click 'Finish'.
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    • Once updated you should see another prompt that the task was completed.
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-14-2016, 12:01 AM   #11
Registered Member
 
Join Date: Aug 2011
Posts: 127
OS: Windows XP



Hi!

Deleted/uninstalled everything per its individual instructions, yay!

Updated the HOSTS too.

I'll be donating something to Bleeping Computer. I know exactly how they feel; somebody trying to bully them!!

Anyway, thanks again for your aid; I'll mark this as a successful "closed topic".
KeithEKimball is offline  
Old 07-14-2016, 07:57 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, Keith! Glad to have helped.

And thanks for the donation.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Computer screen has no signal when booting
Hi My computer would seem like it is starting up (fans turning and lights blinking) but my computer screen doesn't receive any signal. When the screen display comes back, a Windows Error Recovery menu would show up. Any form of help will be appreciated. :smile: Thank you.
karhn Windows 7 , Windows Vista Support 8 09-27-2014 12:17 AM
Suspecting infection deep in the system
I've had a major problem with my laptop for quite a while now. When I launch certain programs I get the following error -> X.exe - Application Error The application failed to initialize properly (0xc000007b) Click OK to terminate the application. This error comes up if I try to start my...
Starenigma Resolved HJT Threads 17 05-01-2013 04:04 AM
Audio-commercial virus
Hey folks, I have attached the requested logs, however for the ark.txt file I had to run it with only the "Sections" and "C Drive" checked. My computer froze on a black screen once while running the full scan and I had to reboot my computer via removing the laptop battery, and shut down the "gmer"...
fks Resolved HJT Threads 18 09-03-2011 08:23 AM
xp security 2011/ malware removal tool
hello fellow tech heads i've had a day from hell trying to remove the above trojan. none of the things found on the net worked for me like booting into safe mode as the virus was still active and stopping things. blocking task manager so i took things into my own hands and downloaded rkill which...
dragon-lilly Resolved HJT Threads 31 05-26-2011 03:18 PM
computer freezes redirects to different sites on google
Please help. My computer has been running slow and many times when I upload a page it says it is not responding. The other issue is that when I do a search on google and click on the correct search,it directs me to another soliciting site. I have tried to run GMER both ways and it just will not...
lubo1 Inactive Malware Help Topics 8 02-21-2011 09:28 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:11 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts