Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: Suspected Various Malware Infections

  1. 2013-07-03, 18:49 #1
    64 Impala
    64 Impala is offline
    Junior Member
    Join Date
    Aug 2012
    Posts
    27

    Default Suspected Various Malware Infections

    Hi

    This computer is showing an almost full Hard Disk, and I know that can cause problems. I am in the process of changing up to another computer and wish to ensure non of this stuff follows on to a Win 7 machine.

    My computer has recently started exhibiting signs of virus. Running Spybot, AVG free anti virus and malwarebytes free have not revealed any problems at this time, but spybot has removed problems recently.

    In Firefox I'm getting Popups with "Oyodomo" and "Globalconsumersurvey" included in the URL, with IE I'm getting redirects that have "doubleclick" mentioned in the browsing history. In both I am getting words double underlined that when hovered over produce a popup.

    DDS.TXT:

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
    Run by My Dell at 10:03:02 on 2013-07-03
    Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.3062.1682 [GMT -6:00]
    .
    AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Internet Security 2013 *Enabled*
    .
    ============== Running Processes ================
    .
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
    C:\Program Files\Wave Systems Corp\Common\DataServer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Cerience\RepliGo\RepliGoMon.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SlimDrivers\SlimDrivers.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\Secunia\PSI\sua.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ww.google.ca/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: PDFXChange 2012: {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - c:\program files\tracker software\pdf-xchange 5\PXCIEaddin5.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: RepliGoIEHelperCtl Class: {91DE4477-9CDC-4806-9BCB-28A963988E94} - c:\program files\cerience\repligo\RepliGoIEHelper.dll
    BHO: TopArcadeHits Games: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - c:\documents and settings\my dell.dell-713227d0bd\local settings\application data\toparcadehits\Toparcadehits.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: &RepliGo: {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - c:\program files\cerience\repligo\RepliGoIEBar.dll
    TB: &RepliGo: {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - c:\program files\cerience\repligo\RepliGoIEBar.dll
    TB: PDFXChange 2012: {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - c:\program files\tracker software\pdf-xchange 5\PXCIEaddin5.dll
    uRun: [SugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
    uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [SlimDrivers] "c:\program files\slimdrivers\SlimDrivers.exe" -boot
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [Document Manager] c:\program files\wave systems corp\services manager\docmgr\bin\docmgr.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [RepliGo Assistant] "c:\program files\cerience\repligo\RepliGoMon.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe
    mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
    mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\mydell~1.del\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\embass~1.lnk - c:\program files\wave systems corp\services manager\secure update\AutoUpdate.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Download with &Media Finder - c:\program files\media finder\hook.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - c:\documents and settings\my dell.dell-713227d0bd\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
    DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
    DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287422520338
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxps://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.254 75.153.176.1
    TCP: Interfaces\{1E24E7FC-B0E0-444F-86EA-C763C4CC3788} : DHCPNameServer = 192.168.1.254 75.153.176.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs= c:\windows\system32\wxvault.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    LSA: Authentication Packages = msv1_0 wvauth
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\my dell.dell-713227d0bd\application data\mozilla\firefox\profiles\wh5e9l1s.default-1344572621156\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.ca
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - ExtSQL: 2013-05-31 13:50; toolbarbutton@obviousidea.us; c:\documents and settings\my dell.dell-713227d0bd\application data\mozilla\firefox\profiles\wh5e9l1s.default-1344572621156\extensions\toolbarbutton@obviousidea.us
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 60216]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 245048]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 96568]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 39224]
    R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [2011-8-22 149376]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 208184]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 22328]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 170808]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 182072]
    R1 RapportCerberus_51755;RapportCerberus_51755;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_51755.sys [2013-3-24 317112]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-6-18 103120]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-5-14 4937264]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]
    R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2012-8-2 154624]
    R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2013-2-9 625304]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-6-18 1124632]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-7-25 1326176]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-7-25 681056]
    R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
    R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2012-8-15 45288]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
    S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
    S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
    S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-6-18 102448]
    S3 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-6-18 174320]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-8-15 13464]
    .
    =============== Created Last 30 ================
    .
    2013-06-24 01:45:38 144896 ----a-w- c:\windows\system32\javacpl.cpl
    2013-06-24 01:45:30 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-06-24 00:49:30 -------- d-----w- c:\documents and settings\my dell.dell-713227d0bd\local settings\application data\MetaGeek,_LLC
    2013-06-24 00:32:30 -------- d-----w- c:\program files\MetaGeek
    2013-06-24 00:17:04 -------- d-----w- c:\documents and settings\my dell.dell-713227d0bd\local settings\application data\TopArcadeHits
    2013-06-18 22:14:28 102448 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2013-06-09 01:59:48 -------- d-----w- c:\program files\iPod
    2013-06-09 01:59:41 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-06-09 01:51:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2013-06-09 01:51:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2013-06-09 01:51:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2013-06-09 01:51:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2013-06-09 01:51:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2013-06-08 03:57:19 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
    2013-06-08 03:57:15 -------- d-----w- c:\program files\Spyware Terminator
    2013-06-08 03:29:02 -------- d-----w- c:\program files\Mozilla Maintenance Service
    .
    ==================== Find3M ====================
    .
    2013-07-02 12:40:23 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
    2013-06-24 01:45:02 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-06-24 01:45:02 789416 ----a-w- c:\windows\system32\deployJava1.dll
    2013-06-16 21:20:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-06-16 21:20:24 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-05-07 22:30:06 920064 ----a-w- c:\windows\system32\wininet.dll
    2013-05-07 22:30:05 43520 ------w- c:\windows\system32\licmgr10.dll
    2013-05-07 22:30:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2013-05-07 21:53:29 385024 ------w- c:\windows\system32\html.iec
    2013-05-03 01:30:20 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-05-03 00:38:17 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-05-01 09:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2013-05-01 09:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
    2013-04-04 20:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 10:03:56.60 ===============

    aswMBR Log;

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-07-03 10:10:17
    -----------------------------
    10:10:17.843 OS Version: Windows 5.1.2600 Service Pack 3
    10:10:17.843 Number of processors: 2 586 0xF02
    10:10:17.843 ComputerName: OLDGUY1 UserName: My Dell
    10:10:18.843 Initialize success
    10:18:43.140 AVAST engine defs: 13070300
    10:18:49.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    10:18:49.421 Disk 0 Vendor: ST980825AS 8.04 Size: 76319MB BusType: 3
    10:18:49.640 Disk 0 MBR read successfully
    10:18:49.640 Disk 0 MBR scan
    10:18:49.703 Disk 0 Windows XP default MBR code
    10:18:49.703 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
    10:18:49.734 Disk 0 scanning sectors +156296385
    10:18:49.781 Disk 0 scanning C:\WINDOWS\system32\drivers
    10:19:07.062 Service scanning
    10:19:34.000 Modules scanning
    10:19:48.062 Disk 0 trace - called modules:
    10:19:48.078 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
    10:19:48.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8add1ab8]
    10:19:48.078 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000008d[0x8ae02f18]
    10:19:48.078 5 ACPI.sys[b9e64620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ae6e940]
    10:19:48.718 AVAST engine scan C:\WINDOWS
    10:19:53.343 AVAST engine scan C:\WINDOWS\system32
    10:23:26.437 AVAST engine scan C:\WINDOWS\system32\drivers
    10:23:49.765 AVAST engine scan C:\Documents and Settings\My Dell.DELL-713227D0BD
    10:27:27.687 File: C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\Computer Stuph\Fix it\dds.com **INFECTED** Win32:Malware-gen
    10:28:54.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\MBR.dat"
    10:28:54.500 The log file has been saved successfully to "C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\aswMBR.txt"
    Attached Files Attached Files
  2. 2013-08-06, 04:19 #2
    OCD
    OCD is offline
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hello 64 Impala,

    My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.
    • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

    Please stay with this topic until I let you know that your system appears to be "All Clear"

    Important: All tools MUST be run from the Desktop.

    =========================

    1. Security Check

    Download Security Check by screen317 from here or here.
    • Save it to your Desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    =========================


    2. ComboFix

    Refer to the ComboFix User's Guide

    • Download ComboFix from the following location:

      Link

      * IMPORTANT !!! Place ComboFix.exe on your Desktop
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
      You can get help on disabling your protection programs here
    • Double click on ComboFix.exe & follow the prompts.
    • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
    • When finished, it shall produce a log for you. Post that log in your next reply

      Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

      ---------------------------------------------------------------------------------------------
    • Ensure your AntiVirus and AntiSpyware applications are re-enabled.
      ---------------------------------------------------------------------------------------------

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

    =========================

    In your next post please provide the following:

    • checkup.txt
    • ComboFix.txt
    • What symptoms are you experiencing?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days
  3. 2013-08-06, 08:19 #3
    64 Impala
    64 Impala is offline
    Junior Member
    Join Date
    Aug 2012
    Posts
    27

    Default

    Hello OCD

    Thank you for taking on this task.

    Please find attached the two results files you requested.

    It has been some time since I posted my request and in that time I have deleted some curious add-ons from Firefox, so the system reflected in my original post may not be accurate now.

    As for symptoms, I am no longer getting the double underlined words that when hovered over, pop up ads.

    Tonight, however, a curious thing happened wherein a large number of windows( it appeared greater than 20) suddenly opened to all sorts of processes, hardware and software I did not recognise. It took a while to close them as initially the system stalled under the weight of them.

    Regards

    64 Impala

    ==========================

    Results of screen317's Security Check version 0.99.71
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    AVG AntiVirus Free Edition 2013
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    SpywareBlaster 5.0
    Spybot - Search & Destroy
    Secunia PSI (3.0.0.3001)
    Malwarebytes Anti-Malware version 1.75.0.1300
    CCleaner
    Java 7 Update 25
    Adobe Flash Player 11.7.700.224
    Mozilla Firefox (22.0)
    ````````Process Check: objlist.exe by Laurent````````
    AVG avgwdsvc.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 24% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````

    =======================

    ComboFix 13-08-05.03 - My Dell 05/08/2013 23:46:21.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.3062.2166 [GMT -6:00]
    Running from: c:\documents and settings\My Dell.DELL-713227D0BD\Desktop\ComboFix.exe
    AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Internet Security 2013 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\_r_a_p_.tmp
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\RAIDTest
    c:\documents and settings\My Dell.DELL-713227D0BD\Local Settings\Application Data\TopArcadeHits
    c:\documents and settings\My Dell.DELL-713227D0BD\Local Settings\Application Data\TopArcadeHits\tah.config
    c:\documents and settings\My Dell.DELL-713227D0BD\Local Settings\Application Data\TopArcadeHits\Toparcadehits.dll
    c:\documents and settings\My Dell.DELL-713227D0BD\Local Settings\Application Data\TopArcadeHits\uninstaller.exe
    c:\documents and settings\My Dell.DELL-713227D0BD\WINDOWS
    C:\install.exe
    c:\windows\Fonts\MSMINCHO.TTF
    c:\windows\Fonts\myriad.ttf
    c:\windows\Fonts\myriadb.ttf
    c:\windows\Fonts\myriadc.ttf
    c:\windows\Fonts\MyriadWebPro-Bold.ttf
    c:\windows\Fonts\MyriadWebPro-Condensed.ttf
    c:\windows\Fonts\MyriadWebPro-CondensedIt.ttf
    c:\windows\Fonts\MyriadWebPro-Italic.ttf
    c:\windows\Fonts\MyriadWebPro.ttf
    c:\windows\system32\Cache
    c:\windows\system32\Cache\272512937d9e61a4.fb
    c:\windows\system32\Cache\287204568329e189.fb
    c:\windows\system32\Cache\28bc8f716fd76a47.fb
    c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
    c:\windows\system32\Cache\32c84fe32bb74d60.fb
    c:\windows\system32\Cache\3917078cb68ec657.fb
    c:\windows\system32\Cache\4fc942c6fe9907dd.fb
    c:\windows\system32\Cache\590ba23ce359fd0c.fb
    c:\windows\system32\Cache\610289e025a3ee9a.fb
    c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
    c:\windows\system32\Cache\6b5b47d6f9d0ebe2.fb
    c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
    c:\windows\system32\Cache\6d03dad1035885d3.fb
    c:\windows\system32\Cache\a8556537add6dfc5.fb
    c:\windows\system32\Cache\ad10a52aff5e038d.fb
    c:\windows\system32\Cache\c1fa887b03019701.fb
    c:\windows\system32\Cache\c4d28dca2e7648be.fb
    c:\windows\system32\Cache\d201ef9910cd39de.fb
    c:\windows\system32\Cache\d2e94710a5708128.fb
    c:\windows\system32\Cache\d79b9dfe81484ec4.fb
    c:\windows\system32\Cache\f998975c9cc711ee.fb
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-07-06 to 2013-08-06 )))))))))))))))))))))))))))))))
    .
    .
    2013-08-05 16:11 . 2013-08-05 16:11 -------- d-----w- c:\windows\LastGood
    2013-08-02 02:24 . 2013-08-02 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Licenses
    2013-08-02 02:24 . 2013-08-02 02:25 -------- d-----w- c:\program files\SpywareBlaster
    2013-07-28 22:25 . 2013-07-28 23:08 -------- dc----w- c:\documents and settings\My Dell.DELL-713227D0BD\Local Settings\Application Data\MigWiz
    2013-07-28 21:55 . 2013-07-28 21:55 -------- d-----w- c:\program files\Windows Easy Transfer 7
    2013-07-28 21:43 . 2013-07-28 21:43 -------- d-----w- c:\program files\Renesas Electronics
    2013-07-28 21:43 . 2013-07-28 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
    2013-07-18 04:39 . 2013-07-18 04:40 -------- d-----w- c:\program files\Dude
    2013-07-17 03:12 . 2013-07-17 03:12 102448 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-08-06 05:20 . 2012-08-15 17:12 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
    2013-07-28 20:15 . 2012-03-29 14:47 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-07-28 20:15 . 2011-05-29 18:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-07-20 07:51 . 2012-09-21 10:46 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2013-07-20 07:50 . 2012-10-22 20:02 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2013-07-20 07:50 . 2012-10-15 10:48 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2013-07-20 07:50 . 2012-10-02 10:30 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2013-07-10 07:32 . 2012-09-14 10:05 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2013-07-01 07:45 . 2012-10-05 10:32 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2013-06-24 01:45 . 2013-06-24 01:45 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-06-24 01:45 . 2013-06-24 01:45 144896 ----a-w- c:\windows\system32\javacpl.cpl
    2013-06-24 01:45 . 2012-07-05 03:57 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-06-24 01:45 . 2010-11-20 05:02 789416 ----a-w- c:\windows\system32\deployJava1.dll
    2013-06-08 05:55 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
    2013-06-07 21:56 . 2006-03-04 03:33 920064 ----a-w- c:\windows\system32\wininet.dll
    2013-06-07 21:56 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2013-06-07 21:56 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2013-06-04 07:23 . 2004-08-04 10:00 562688 ----a-w- c:\windows\system32\qedit.dll
    2013-06-04 01:40 . 2004-08-04 10:00 1876736 ----a-w- c:\windows\system32\win32k.sys
    2013-05-09 06:28 . 2006-10-19 04:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
    @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
    [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
    2012-12-21 01:19 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
    @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
    [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
    2012-12-21 01:19 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
    @="{A759AFF6-5851-457D-A540-F4ECED148351}"
    [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
    2012-12-21 01:19 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
    @="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
    [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
    2012-12-21 01:19 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2012-12-21 11179720]
    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
    "SlimDrivers"="c:\program files\SlimDrivers\SlimDrivers.exe" [2013-03-29 29387072]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
    "nwiz"="nwiz.exe" [2007-11-17 1626112]
    "NVHotkey"="nvHotkey.dll" [2007-11-17 86016]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
    "Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 102400]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2012-08-15 2801664]
    "RepliGo Assistant"="c:\program files\Cerience\RepliGo\RepliGoMon.exe" [2005-10-28 172032]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2000-01-01 1821576]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2000-01-01 1313640]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
    "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
    "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
    "NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
    .
    c:\documents and settings\My Dell.DELL-713227D0BD\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-8-25 192512]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-7-25 572000]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\wxvault.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 wvauth
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Dude\\dude.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
    "c:\\Program Files\\Canon\\Color Network ScanGear\\SgTool.exe"=
    "c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"=
    "c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1121:TCP"= 1121:TCP:Akamai NetSession Interface
    "1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    "56338:UDP"= 56338:UDP:Color Network ScanGear
    "86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15/10/2012 04:48 60216]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 04:46 246072]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14/09/2012 04:05 39224]
    R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
    R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [22/08/2011 13:56 149376]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22/10/2012 14:02 208184]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21/09/2012 04:45 22328]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [02/10/2012 04:30 171320]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21/09/2012 04:46 182072]
    R1 RapportCerberus_53984;RapportCerberus_53984;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus32_53984.sys [21/07/2013 05:20 317424]
    R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [16/07/2013 21:12 103152]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [23/07/2013 19:09 283136]
    R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [09/02/2013 14:21 625304]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [16/07/2013 21:12 1124632]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [25/07/2012 02:46 1326176]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [25/07/2012 02:46 681056]
    R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [15/08/2012 11:16 45288]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [28/07/2013 15:44 85768]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [28/07/2013 15:44 177800]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01/09/2010 02:30 15544]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [04/07/2013 15:53 4939312]
    S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [05/01/2012 09:42 75624]
    S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [02/08/2012 19:30 154624]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/09/2011 22:01 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [02/09/2011 22:01 136176]
    S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568]
    S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [16/07/2013 21:12 102448]
    S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [16/07/2013 21:12 174320]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [15/08/2012 11:12 13464]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [06/05/2008 16:06 11520]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - BASFND
    *Deregistered* - BASFND
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:15]
    .
    2013-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
    .
    2013-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-03 04:01]
    .
    2013-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-03 04:01]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ww.google.ca/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - c:\documents and settings\My Dell.DELL-713227D0BD\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    TCP: DhcpNameServer = 192.168.1.254 75.153.176.1
    FF - ProfilePath - c:\documents and settings\My Dell.DELL-713227D0BD\Application Data\Mozilla\Firefox\Profiles\wh5e9l1s.default-1344572621156\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.ca
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-{C1C3E833-420E-4D78-9BA7-86AEBB272384} - c:\documents and settings\My Dell.DELL-713227D0BD\Local Settings\Application Data\TopArcadeHits\uninstaller.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-08-05 23:56
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4092416611-4004006793-4236126182-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1160)
    c:\windows\system32\wxvault.dll
    c:\windows\system32\detoured.dll
    c:\windows\System32\BCMLogon.dll
    .
    - - - - - - - > 'lsass.exe'(1216)
    c:\windows\system32\wxvault.dll
    c:\windows\system32\detoured.dll
    c:\windows\system32\wvauth.dll
    c:\windows\system32\biolsp.dll
    .
    Completion time: 2013-08-06 00:00:21
    ComboFix-quarantined-files.txt 2013-08-06 06:00
    .
    Pre-Run: 3,582,365,696 bytes free
    Post-Run: 3,883,110,400 bytes free
    .
    - - End Of File - - 879B3293C2233AD296F0F3605878952D
    8F558EB6672622401DA993E1E865C861
    Attached Files Attached Files
    Last edited by OCD; 2013-08-06 at 16:12. Reason: copy & pasted logs into thread
  4. 2013-08-06, 16:22 #4
    OCD
    OCD is offline
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi 64 Impala,

    Please copy & paste all requested logs directly into your reply, do not attach them unless specifically asked to do so. Doing so requires us to download the file to view it which takes extra time. I appreciate your cooperation.

    =========================

    1. Re-run DDS
    • Disable any script blocking protection (How to Disable your Security Programs)
      Right click and select "Run as Administrator"
    • Right click DDS icon to run the tool (may take up to 3 minutes to run)
    • When done, DDS.txt will open.
    • After a few moments, attach.txt will open in a second window.
    • Save both reports to your desktop.

    =========================


    In your next post please provide the following:

    • DDS.txt
    • How is the computer running at the moment?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days
  5. 2013-08-06, 19:38 #5
    64 Impala
    64 Impala is offline
    Junior Member
    Join Date
    Aug 2012
    Posts
    27

    Default

    OCD

    Sorry about not reading the instructions fully.

    Except for that weird thing yesterday I referred to in my last post, the computer seems to be running fine.

    Another interesting thing is I see in the DDS.txt and in the Windows Security Alerts that AVG Firewall is "AVG Internet Security 2013 *Enabled*". The AVG interface is urging me to "activate now" insinuating that the firewall is not active. Am I misreading that, because other than the AVG interface, I have no idea how to deactivate the firewall.

    Regards

    64 Impala

    Here is DDS.TXT...

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
    Run by My Dell at 11:00:16 on 2013-08-06
    Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.3062.2270 [GMT -6:00]
    .
    AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Internet Security 2013 *Enabled*
    .
    ============== Running Processes ================
    .
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Cerience\RepliGo\RepliGoMon.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files\SlimDrivers\SlimDrivers.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
    C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Wave Systems Corp\Common\DataServer.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Secunia\PSI\sua.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ww.google.ca/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: PDFXChange 2012: {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - c:\program files\tracker software\pdf-xchange 5\PXCIEaddin5.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: RepliGoIEHelperCtl Class: {91DE4477-9CDC-4806-9BCB-28A963988E94} - c:\program files\cerience\repligo\RepliGoIEHelper.dll
    BHO: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - <orphaned>
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: &RepliGo: {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - c:\program files\cerience\repligo\RepliGoIEBar.dll
    TB: &RepliGo: {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - c:\program files\cerience\repligo\RepliGoIEBar.dll
    TB: PDFXChange 2012: {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - c:\program files\tracker software\pdf-xchange 5\PXCIEaddin5.dll
    uRun: [SugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
    uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
    uRun: [SlimDrivers] "c:\program files\slimdrivers\SlimDrivers.exe" -boot
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [Document Manager] c:\program files\wave systems corp\services manager\docmgr\bin\docmgr.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [RepliGo Assistant] "c:\program files\cerience\repligo\RepliGoMon.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe
    mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
    mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
    StartupFolder: c:\docume~1\mydell~1.del\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\embass~1.lnk - c:\program files\wave systems corp\services manager\secure update\AutoUpdate.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Download with &Media Finder - c:\program files\media finder\hook.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - c:\documents and settings\my dell.dell-713227d0bd\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
    DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
    DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287422520338
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxps://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.254 75.153.176.1
    TCP: Interfaces\{1E24E7FC-B0E0-444F-86EA-C763C4CC3788} : DHCPNameServer = 192.168.1.254 75.153.176.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs= c:\windows\system32\wxvault.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    LSA: Authentication Packages = msv1_0 wvauth
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\my dell.dell-713227d0bd\application data\mozilla\firefox\profiles\wh5e9l1s.default-1344572621156\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.ca
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
    FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 60216]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 246072]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 96568]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 39224]
    R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [2011-8-22 149376]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 208184]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 22328]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 171320]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 182072]
    R1 RapportCerberus_53984;RapportCerberus_53984;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\53984\RapportCerberus32_53984.sys [2013-7-21 317424]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-7-16 103152]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-7-23 283136]
    R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2012-8-2 154624]
    R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2013-2-9 625304]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-7-16 1124632]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-7-25 1326176]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-7-25 681056]
    R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
    R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2012-8-15 45288]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2013-7-28 85768]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2013-7-28 177800]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]
    S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
    S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
    S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-7-16 102448]
    S3 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-7-16 174320]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-8-15 13464]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    .
    =============== Created Last 30 ================
    .
    2013-08-06 05:43:04 98816 ----a-w- c:\windows\sed.exe
    2013-08-06 05:43:04 256000 ----a-w- c:\windows\PEV.exe
    2013-08-06 05:43:04 208896 ----a-w- c:\windows\MBR.exe
    2013-08-06 05:42:54 -------- d--h--w- C:\ComboFix
    2013-08-02 02:24:45 -------- d-----w- c:\documents and settings\all users\application data\Licenses
    2013-08-02 02:24:37 -------- d-----w- c:\program files\SpywareBlaster
    2013-07-28 22:25:03 -------- dc----w- c:\documents and settings\my dell.dell-713227d0bd\local settings\application data\MigWiz
    2013-07-28 21:55:25 -------- d-----w- c:\program files\Windows Easy Transfer 7
    2013-07-28 21:43:58 -------- d-----w- c:\program files\Renesas Electronics
    2013-07-28 21:43:20 -------- d-----w- c:\documents and settings\all users\application data\Downloaded Installations
    2013-07-18 04:39:51 -------- d-----w- c:\program files\Dude
    2013-07-17 03:12:26 102448 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    .
    ==================== Find3M ====================
    .
    2013-08-06 16:28:49 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
    2013-07-28 20:15:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-07-28 20:15:24 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-07-20 07:51:00 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2013-07-20 07:50:56 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2013-07-20 07:50:56 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2013-07-20 07:50:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2013-07-10 07:32:40 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2013-06-24 01:45:06 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-06-24 01:45:03 144896 ----a-w- c:\windows\system32\javacpl.cpl
    2013-06-24 01:45:02 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-06-24 01:45:02 789416 ----a-w- c:\windows\system32\deployJava1.dll
    2013-06-08 05:55:44 385024 ------w- c:\windows\system32\html.iec
    2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet.dll
    2013-06-07 21:56:06 43520 ------w- c:\windows\system32\licmgr10.dll
    2013-06-07 21:56:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
    2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
    2013-05-09 06:28:02 1543680 ------w- c:\windows\system32\wmvdecod.dll
    .
    ============= FINISH: 11:07:18.20 ===============
  6. 2013-08-07, 06:10 #6
    OCD
    OCD is offline
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi 64 Impala,

    Another interesting thing is I see in the DDS.txt and in the Windows Security Alerts that AVG Firewall is "AVG Internet Security 2013 *Enabled*". The AVG interface is urging me to "activate now" insinuating that the firewall is not active. Am I misreading that, because other than the AVG interface, I have no idea how to deactivate the firewall.
    You will need to go into the control panel of AVG and locate the Firewall settings to confirm that it is in fact enabled.

    Tonight, however, a curious thing happened wherein a large number of windows( it appeared greater than 20) suddenly opened to all sorts of processes, hardware and software I did not recognise. It took a while to close them as initially the system stalled under the weight of them.
    Does this continue to occur?

    =========================

    1. ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the code-box below into it:


    Code:
    DDS::
BHO: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - <orphaned>

ClearJavaCache::
    Save this as CFScript.txt, in the same location as ComboFix.exe




    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, please post the C:\ComboFix.txt for further review.

    =========================

    2. Malwarebytes' Anti-Malware

    Please download Malwarebytes' Anti-Malware to your desktop.

    Right click mbam-setup.exe and select "Run as Administrator" and follow the prompts to install the program.
    • At the end, be sure a check-mark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan as shown below.



    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

    =========================

    3. ESET Online Scanner

    *Note:
    • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
    • Please don't go surfing while your resident protection is disabled!
    • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

    ** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

    = = = = = = = = = = = = = = = = = = = =

    Go here to run ESET Online Scanner

    (Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
    • Click Start
    • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
    • Click Scan.
    • Wait for the scan to finish.
    • When the scan completes, click List of found threats
    • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
    • Include the contents of this report in your next reply

      Note - when ESET doesn't find any threats, no report will be created.
    • Push the back button.
    • Push Finish
    • Re-enable your Antivirus software.

    =========================

    In your next post please provide the following:

    • ComboFix.txt
    • MBAM log
    • ESET's log.txt
    • How's the computer running?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days
  7. 2013-08-07, 10:34 #7
    64 Impala
    64 Impala is offline
    Junior Member
    Join Date
    Aug 2012
    Posts
    27

    Default

    OCD

    The computer seems to be running fine right now.

    The multiple windows thing has not happened today.

    Here ar the files...

    Regards

    64 Impala

    ComboFix...

    ComboFix 13-08-05.03 - My Dell 06/08/2013 22:50:07.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.3062.2290 [GMT -6:00]
    Running from: c:\documents and settings\My Dell.DELL-713227D0BD\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\My Dell.DELL-713227D0BD\Desktop\CFScript.txt
    AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Internet Security 2013 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-07-07 to 2013-08-07 )))))))))))))))))))))))))))))))
    .
    .
    2013-08-07 03:46 . 2013-08-07 03:46 -------- d-----w- c:\windows\LastGood
    2013-08-02 02:24 . 2013-08-02 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Licenses
    2013-08-02 02:24 . 2013-08-02 02:25 -------- d-----w- c:\program files\SpywareBlaster
    2013-07-28 22:25 . 2013-07-28 23:08 -------- dc----w- c:\documents and settings\My Dell.DELL-713227D0BD\Local Settings\Application Data\MigWiz
    2013-07-28 21:55 . 2013-07-28 21:55 -------- d-----w- c:\program files\Windows Easy Transfer 7
    2013-07-28 21:43 . 2013-07-28 21:43 -------- d-----w- c:\program files\Renesas Electronics
    2013-07-28 21:43 . 2013-07-28 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
    2013-07-18 04:39 . 2013-07-18 04:40 -------- d-----w- c:\program files\Dude
    2013-07-17 03:12 . 2013-07-17 03:12 102448 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-08-07 03:46 . 2012-08-15 17:12 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
    2013-07-28 20:15 . 2012-03-29 14:47 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-07-28 20:15 . 2011-05-29 18:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-07-20 07:51 . 2012-09-21 10:46 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2013-07-20 07:50 . 2012-10-22 20:02 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2013-07-20 07:50 . 2012-10-15 10:48 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2013-07-20 07:50 . 2012-10-02 10:30 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2013-07-10 07:32 . 2012-09-14 10:05 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2013-07-01 07:45 . 2012-10-05 10:32 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2013-06-24 01:45 . 2013-06-24 01:45 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-06-24 01:45 . 2013-06-24 01:45 144896 ----a-w- c:\windows\system32\javacpl.cpl
    2013-06-24 01:45 . 2012-07-05 03:57 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-06-24 01:45 . 2010-11-20 05:02 789416 ----a-w- c:\windows\system32\deployJava1.dll
    2013-06-08 05:55 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
    2013-06-07 21:56 . 2006-03-04 03:33 920064 ----a-w- c:\windows\system32\wininet.dll
    2013-06-07 21:56 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2013-06-07 21:56 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2013-06-04 07:23 . 2004-08-04 10:00 562688 ----a-w- c:\windows\system32\qedit.dll
    2013-06-04 01:40 . 2004-08-04 10:00 1876736 ----a-w- c:\windows\system32\win32k.sys
    2013-05-09 06:28 . 2006-10-19 04:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
    @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
    [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
    2012-12-21 01:19 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
    @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
    [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
    2012-12-21 01:19 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
    @="{A759AFF6-5851-457D-A540-F4ECED148351}"
    [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
    2012-12-21 01:19 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
    @="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
    [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
    2012-12-21 01:19 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2012-12-21 11179720]
    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
    "SlimDrivers"="c:\program files\SlimDrivers\SlimDrivers.exe" [2013-03-29 29387072]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
    "nwiz"="nwiz.exe" [2007-11-17 1626112]
    "NVHotkey"="nvHotkey.dll" [2007-11-17 86016]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
    "Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 102400]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2012-08-15 2801664]
    "RepliGo Assistant"="c:\program files\Cerience\RepliGo\RepliGoMon.exe" [2005-10-28 172032]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2000-01-01 1821576]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2000-01-01 1313640]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
    "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
    "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
    "NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
    .
    c:\documents and settings\My Dell.DELL-713227D0BD\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-8-25 192512]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-7-25 572000]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\wxvault.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 wvauth
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Dude\\dude.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
    "c:\\Program Files\\Canon\\Color Network ScanGear\\SgTool.exe"=
    "c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"=
    "c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1121:TCP"= 1121:TCP:Akamai NetSession Interface
    "1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    "56338:UDP"= 56338:UDP:Color Network ScanGear
    "86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15/10/2012 04:48 60216]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 04:46 246072]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14/09/2012 04:05 39224]
    R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
    R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [22/08/2011 13:56 149376]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22/10/2012 14:02 208184]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21/09/2012 04:45 22328]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [02/10/2012 04:30 171320]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21/09/2012 04:46 182072]
    R1 RapportCerberus_53984;RapportCerberus_53984;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus32_53984.sys [21/07/2013 05:20 317424]
    R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [16/07/2013 21:12 103152]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [23/07/2013 19:09 283136]
    R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [02/08/2012 19:30 154624]
    R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [09/02/2013 14:21 625304]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [16/07/2013 21:12 1124632]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [25/07/2012 02:46 1326176]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [25/07/2012 02:46 681056]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01/09/2010 02:30 15544]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [04/07/2013 15:53 4939312]
    S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [05/01/2012 09:42 75624]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/09/2011 22:01 136176]
    S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [15/08/2012 11:16 45288]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [02/09/2011 22:01 136176]
    S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [28/07/2013 15:44 85768]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [28/07/2013 15:44 177800]
    S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [16/07/2013 21:12 102448]
    S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [16/07/2013 21:12 174320]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [15/08/2012 11:12 13464]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [06/05/2008 16:06 11520]
    S4 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys [20/05/2012 12:04 55448]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - BASFND
    *NewlyCreated* - RAPPORTIASO
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:15]
    .
    2013-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
    .
    2013-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-03 04:01]
    .
    2013-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-03 04:01]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ww.google.ca/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - c:\documents and settings\My Dell.DELL-713227D0BD\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    TCP: DhcpNameServer = 192.168.1.254 75.153.176.1
    FF - ProfilePath - c:\documents and settings\My Dell.DELL-713227D0BD\Application Data\Mozilla\Firefox\Profiles\wh5e9l1s.default-1344572621156\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.ca
    FF - prefs.js: network.proxy.type - 0
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-08-06 23:00
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4092416611-4004006793-4236126182-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1084)
    c:\windows\system32\wxvault.dll
    c:\windows\system32\detoured.dll
    c:\windows\System32\BCMLogon.dll
    .
    - - - - - - - > 'lsass.exe'(1140)
    c:\windows\system32\wxvault.dll
    c:\windows\system32\detoured.dll
    c:\windows\system32\wvauth.dll
    c:\windows\system32\biolsp.dll
    .
    - - - - - - - > 'explorer.exe'(4184)
    c:\windows\system32\WININET.dll
    c:\program files\Trusteer\Rapport\bin\rooksbas.dll
    c:\program files\SugarSync\SugarSyncShellExt.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2013-08-06 23:04:14
    ComboFix-quarantined-files.txt 2013-08-07 05:04
    ComboFix2.txt 2013-08-06 06:00
    .
    Pre-Run: 3,234,852,864 bytes free
    Post-Run: 3,209,023,488 bytes free
    .
    - - End Of File - - 7A46458876F5E27D9BB54070ADF8C445
    8F558EB6672622401DA993E1E865C861


    MBAM...

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.08.07.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    My Dell :: OLDGUY1 [administrator]

    06/08/2013 23:10:29
    mbam-log-2013-08-06 (23-10-29).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 245120
    Time elapsed: 9 minute(s), 5 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 1
    C:\Documents and Settings\My Dell.DELL-713227D0BD\Start Menu\Programs\TopArcadeHits (Adware.GameVance) -> Quarantined and deleted successfully.

    Files Detected: 2
    C:\Documents and Settings\My Dell.DELL-713227D0BD\Start Menu\Programs\TopArcadeHits\Play Toparcadehits Online.url (Adware.GameVance) -> Quarantined and deleted successfully.
    C:\Documents and Settings\My Dell.DELL-713227D0BD\Start Menu\Programs\TopArcadeHits\Uninstall Toparcadehits.lnk (Adware.GameVance) -> Quarantined and deleted successfully.

    (end)


    ESETScan...

    C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\cbsidlm-tr1_13-inSSIDer-ORG-10848357.exe Win32/DownloadAdmin.G application
    C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\Cell Phones\Samsung Galaxy Ace Q\MyPhoneExplorer_Setup_1.8.4.exe Win32/InstallMonetizer.AH application
  8. 2013-08-07, 16:16 #8
    OCD
    OCD is offline
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi 64 Impala,

    1. ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the code-box below into it:


    Code:
    File::
C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\cbsidlm-tr1_13-inSSIDer-ORG-10848357.exe
C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\Cell Phones\Samsung Galaxy Ace Q\MyPhoneExplorer_Setup_1.8.4.exe
    Save this as CFScript.txt, in the same location as ComboFix.exe




    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, please post the C:\ComboFix.txt for further review.

    =========================

    2. Disk Defragmenter for XP

    • Open My Computer.
    • Right-click the local disk volume that you want to defragment, and then click Properties.
    • On the Tools tab, click Defragment Now.
    • Click Defragment.

    =========================

    3. Security Check

    Re-run Security Check by screen317.

    In your next post please provide the following:

    • ComboFix.txt
    • checkup.txt
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days
  9. 2013-08-07, 22:50 #9
    64 Impala
    64 Impala is offline
    Junior Member
    Join Date
    Aug 2012
    Posts
    27

    Default

    OCD

    I have run the defrag an number of times since you asked.

    Info as requested...

    Regards

    64 Impala

    Combofix...

    ComboFix 13-08-05.03 - My Dell 07/08/2013 11:37:21.5.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.3062.2310 [GMT -6:00]
    Running from: c:\documents and settings\My Dell.DELL-713227D0BD\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\My Dell.DELL-713227D0BD\Desktop\CFScript.txt
    AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Internet Security 2013 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    FILE ::
    "c:\documents and settings\My Dell.DELL-713227D0BD\Desktop\cbsidlm-tr1_13-inSSIDer-ORG-10848357.exe"
    "c:\documents and settings\My Dell.DELL-713227D0BD\Desktop\Cell Phones\Samsung Galaxy Ace Q\MyPhoneExplorer_Setup_1.8.4.exe"
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-07-07 to 2013-08-07 )))))))))))))))))))))))))))))))
    .
    .
    2013-08-07 16:56 . 2013-08-07 16:56 -------- d-----w- c:\windows\LastGood
    2013-08-07 05:09 . 2013-08-07 05:09 -------- d-----w- C:\Malwarebytes
    2013-08-02 02:24 . 2013-08-02 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Licenses
    2013-08-02 02:24 . 2013-08-02 02:25 -------- d-----w- c:\program files\SpywareBlaster
    2013-07-28 22:25 . 2013-07-28 23:08 -------- dc----w- c:\documents and settings\My Dell.DELL-713227D0BD\Local Settings\Application Data\MigWiz
    2013-07-28 21:55 . 2013-07-28 21:55 -------- d-----w- c:\program files\Windows Easy Transfer 7
    2013-07-28 21:43 . 2013-07-28 21:43 -------- d-----w- c:\program files\Renesas Electronics
    2013-07-28 21:43 . 2013-07-28 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
    2013-07-18 04:39 . 2013-07-18 04:40 -------- d-----w- c:\program files\Dude
    2013-07-17 03:12 . 2013-07-17 03:12 102448 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-08-07 16:55 . 2012-08-15 17:12 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
    2013-07-28 20:15 . 2012-03-29 14:47 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-07-28 20:15 . 2011-05-29 18:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-07-20 07:51 . 2012-09-21 10:46 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2013-07-20 07:50 . 2012-10-22 20:02 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2013-07-20 07:50 . 2012-10-15 10:48 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2013-07-20 07:50 . 2012-10-02 10:30 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2013-07-10 07:32 . 2012-09-14 10:05 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2013-07-01 07:45 . 2012-10-05 10:32 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2013-06-24 01:45 . 2013-06-24 01:45 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-06-24 01:45 . 2013-06-24 01:45 144896 ----a-w- c:\windows\system32\javacpl.cpl
    2013-06-24 01:45 . 2012-07-05 03:57 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-06-24 01:45 . 2010-11-20 05:02 789416 ----a-w- c:\windows\system32\deployJava1.dll
    2013-06-08 05:55 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
    2013-06-07 21:56 . 2006-03-04 03:33 920064 ----a-w- c:\windows\system32\wininet.dll
    2013-06-07 21:56 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2013-06-07 21:56 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2013-06-04 07:23 . 2004-08-04 10:00 562688 ----a-w- c:\windows\system32\qedit.dll
    2013-06-04 01:40 . 2004-08-04 10:00 1876736 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
    @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
    [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
    2012-12-21 01:19 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
    @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
    [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
    2012-12-21 01:19 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
    @="{A759AFF6-5851-457D-A540-F4ECED148351}"
    [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
    2012-12-21 01:19 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
    @="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
    [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
    2012-12-21 01:19 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2012-12-21 11179720]
    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
    "SlimDrivers"="c:\program files\SlimDrivers\SlimDrivers.exe" [2013-03-29 29387072]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
    "nwiz"="nwiz.exe" [2007-11-17 1626112]
    "NVHotkey"="nvHotkey.dll" [2007-11-17 86016]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
    "Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 102400]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2012-08-15 2801664]
    "RepliGo Assistant"="c:\program files\Cerience\RepliGo\RepliGoMon.exe" [2005-10-28 172032]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2000-01-01 1821576]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2000-01-01 1313640]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
    "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
    "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
    "NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
    .
    c:\documents and settings\My Dell.DELL-713227D0BD\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-8-25 192512]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-7-25 572000]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\wxvault.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 wvauth
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Dude\\dude.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
    "c:\\Program Files\\Canon\\Color Network ScanGear\\SgTool.exe"=
    "c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"=
    "c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1121:TCP"= 1121:TCP:Akamai NetSession Interface
    "1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    "56338:UDP"= 56338:UDP:Color Network ScanGear
    "86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15/10/2012 04:48 60216]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 04:46 246072]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14/09/2012 04:05 39224]
    R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
    R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [22/08/2011 13:56 149376]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22/10/2012 14:02 208184]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21/09/2012 04:45 22328]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [02/10/2012 04:30 171320]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21/09/2012 04:46 182072]
    R1 RapportCerberus_53984;RapportCerberus_53984;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus32_53984.sys [21/07/2013 05:20 317424]
    R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [16/07/2013 21:12 103152]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [23/07/2013 19:09 283136]
    R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [02/08/2012 19:30 154624]
    R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [09/02/2013 14:21 625304]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [16/07/2013 21:12 1124632]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [25/07/2012 02:46 1326176]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [25/07/2012 02:46 681056]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01/09/2010 02:30 15544]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [04/07/2013 15:53 4939312]
    S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [05/01/2012 09:42 75624]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/09/2011 22:01 136176]
    S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [15/08/2012 11:16 45288]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [02/09/2011 22:01 136176]
    S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [28/07/2013 15:44 85768]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [28/07/2013 15:44 177800]
    S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [16/07/2013 21:12 102448]
    S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [16/07/2013 21:12 174320]
    S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [15/08/2012 11:12 13464]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [06/05/2008 16:06 11520]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - BASFND
    *Deregistered* - RapportIaso
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:15]
    .
    2013-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
    .
    2013-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-03 04:01]
    .
    2013-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-03 04:01]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ww.google.ca/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - c:\documents and settings\My Dell.DELL-713227D0BD\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    FF - ProfilePath - c:\documents and settings\My Dell.DELL-713227D0BD\Application Data\Mozilla\Firefox\Profiles\wh5e9l1s.default-1344572621156\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.ca
    FF - prefs.js: network.proxy.type - 0
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-08-07 11:46
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4092416611-4004006793-4236126182-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1084)
    c:\windows\system32\wxvault.dll
    c:\windows\system32\detoured.dll
    c:\windows\System32\BCMLogon.dll
    .
    - - - - - - - > 'lsass.exe'(1140)
    c:\windows\system32\wxvault.dll
    c:\windows\system32\detoured.dll
    c:\windows\system32\wvauth.dll
    c:\windows\system32\biolsp.dll
    .
    - - - - - - - > 'explorer.exe'(5600)
    c:\windows\system32\WININET.dll
    c:\program files\Trusteer\Rapport\bin\rooksbas.dll
    c:\program files\SugarSync\SugarSyncShellExt.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2013-08-07 11:50:11
    ComboFix-quarantined-files.txt 2013-08-07 17:50
    ComboFix2.txt 2013-08-07 05:04
    ComboFix3.txt 2013-08-06 06:00
    .
    Pre-Run: 3,134,537,728 bytes free
    Post-Run: 3,107,352,576 bytes free
    .
    - - End Of File - - 2F9D69AC2AAF26C458B9B9A56E574508
    8F558EB6672622401DA993E1E865C861


    And Checkup...

    Results of screen317's Security Check version 0.99.71
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    AVG AntiVirus Free Edition 2013
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    SpywareBlaster 5.0
    Spybot - Search & Destroy
    Secunia PSI (3.0.0.3001)
    Malwarebytes Anti-Malware version 1.75.0.1300
    CCleaner
    Java 7 Update 25
    Adobe Flash Player 11.7.700.224
    Mozilla Firefox (22.0)
    ````````Process Check: objlist.exe by Laurent````````
    AVG avgwdsvc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````
  10. 2013-08-08, 05:32 #10
    OCD
    OCD is offline
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi 64 Impala

    Your hard drive is still showing signs of be quite fragmented. Please try this other Defrag tool.

    Auslogics Disk Defrag Free, download here

    Install and run

    Re-run Security Check when you are done and post a fresh checkup.txt
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules