View Full Version : Suspected Various Malware Infections
64 Impala
2013-07-03, 19:49
Hi
This computer is showing an almost full Hard Disk, and I know that can cause problems. I am in the process of changing up to another computer and wish to ensure non of this stuff follows on to a Win 7 machine.
My computer has recently started exhibiting signs of virus. Running Spybot, AVG free anti virus and malwarebytes free have not revealed any problems at this time, but spybot has removed problems recently.
In Firefox I'm getting Popups with "Oyodomo" and "Globalconsumersurvey" included in the URL, with IE I'm getting redirects that have "doubleclick" mentioned in the browsing history. In both I am getting words double underlined that when hovered over produce a popup.
DDS.TXT:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by My Dell at 10:03:02 on 2013-07-03
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.3062.1682 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2013 *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Cerience\RepliGo\RepliGoMon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SlimDrivers\SlimDrivers.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ww.google.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: PDFXChange 2012: {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - c:\program files\tracker software\pdf-xchange 5\PXCIEaddin5.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: RepliGoIEHelperCtl Class: {91DE4477-9CDC-4806-9BCB-28A963988E94} - c:\program files\cerience\repligo\RepliGoIEHelper.dll
BHO: TopArcadeHits Games: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - c:\documents and settings\my dell.dell-713227d0bd\local settings\application data\toparcadehits\Toparcadehits.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &RepliGo: {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - c:\program files\cerience\repligo\RepliGoIEBar.dll
TB: &RepliGo: {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - c:\program files\cerience\repligo\RepliGoIEBar.dll
TB: PDFXChange 2012: {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - c:\program files\tracker software\pdf-xchange 5\PXCIEaddin5.dll
uRun: [SugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SlimDrivers] "c:\program files\slimdrivers\SlimDrivers.exe" -boot
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Document Manager] c:\program files\wave systems corp\services manager\docmgr\bin\docmgr.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [RepliGo Assistant] "c:\program files\cerience\repligo\RepliGoMon.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\mydell~1.del\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\embass~1.lnk - c:\program files\wave systems corp\services manager\secure update\AutoUpdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\my dell.dell-713227d0bd\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287422520338
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxps://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254 75.153.176.1
TCP: Interfaces\{1E24E7FC-B0E0-444F-86EA-C763C4CC3788} : DHCPNameServer = 192.168.1.254 75.153.176.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\windows\system32\wxvault.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\my dell.dell-713227d0bd\application data\mozilla\firefox\profiles\wh5e9l1s.default-1344572621156\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-05-31 13:50; toolbarbutton@obviousidea.us; c:\documents and settings\my dell.dell-713227d0bd\application data\mozilla\firefox\profiles\wh5e9l1s.default-1344572621156\extensions\toolbarbutton@obviousidea.us
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 39224]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [2011-8-22 149376]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 182072]
R1 RapportCerberus_51755;RapportCerberus_51755;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_51755.sys [2013-3-24 317112]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-6-18 103120]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2012-8-2 154624]
R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2013-2-9 625304]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-6-18 1124632]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-7-25 1326176]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-7-25 681056]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2012-8-15 45288]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-6-18 102448]
S3 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-6-18 174320]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-8-15 13464]
.
=============== Created Last 30 ================
.
2013-06-24 01:45:38 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-24 01:45:30 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-24 00:49:30 -------- d-----w- c:\documents and settings\my dell.dell-713227d0bd\local settings\application data\MetaGeek,_LLC
2013-06-24 00:32:30 -------- d-----w- c:\program files\MetaGeek
2013-06-24 00:17:04 -------- d-----w- c:\documents and settings\my dell.dell-713227d0bd\local settings\application data\TopArcadeHits
2013-06-18 22:14:28 102448 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-06-09 01:59:48 -------- d-----w- c:\program files\iPod
2013-06-09 01:59:41 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-09 01:51:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-06-09 01:51:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-06-09 01:51:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-06-09 01:51:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-06-09 01:51:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-06-08 03:57:19 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2013-06-08 03:57:15 -------- d-----w- c:\program files\Spyware Terminator
2013-06-08 03:29:02 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
==================== Find3M ====================
.
2013-07-02 12:40:23 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-06-24 01:45:02 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-24 01:45:02 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-16 21:20:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-16 21:20:24 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-07 22:30:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30:05 43520 ------w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29 385024 ------w- c:\windows\system32\html.iec
2013-05-03 01:30:20 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-01 09:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 09:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 20:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 10:03:56.60 ===============
aswMBR Log;
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-03 10:10:17
-----------------------------
10:10:17.843 OS Version: Windows 5.1.2600 Service Pack 3
10:10:17.843 Number of processors: 2 586 0xF02
10:10:17.843 ComputerName: OLDGUY1 UserName: My Dell
10:10:18.843 Initialize success
10:18:43.140 AVAST engine defs: 13070300
10:18:49.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:18:49.421 Disk 0 Vendor: ST980825AS 8.04 Size: 76319MB BusType: 3
10:18:49.640 Disk 0 MBR read successfully
10:18:49.640 Disk 0 MBR scan
10:18:49.703 Disk 0 Windows XP default MBR code
10:18:49.703 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
10:18:49.734 Disk 0 scanning sectors +156296385
10:18:49.781 Disk 0 scanning C:\WINDOWS\system32\drivers
10:19:07.062 Service scanning
10:19:34.000 Modules scanning
10:19:48.062 Disk 0 trace - called modules:
10:19:48.078 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
10:19:48.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8add1ab8]
10:19:48.078 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\0000008d[0x8ae02f18]
10:19:48.078 5 ACPI.sys[b9e64620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ae6e940]
10:19:48.718 AVAST engine scan C:\WINDOWS
10:19:53.343 AVAST engine scan C:\WINDOWS\system32
10:23:26.437 AVAST engine scan C:\WINDOWS\system32\drivers
10:23:49.765 AVAST engine scan C:\Documents and Settings\My Dell.DELL-713227D0BD
10:27:27.687 File: C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\Computer Stuph\Fix it\dds.com **INFECTED** Win32:Malware-gen
10:28:54.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\MBR.dat"
10:28:54.500 The log file has been saved successfully to "C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\aswMBR.txt"
Hello 64 Impala,
My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Please stay with this topic until I let you know that your system appears to be "All Clear"
Important: All tools MUST be run from the Desktop.
=========================
1. Security Check
Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================
2. ComboFix
Refer to the ComboFix User's Guide (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Download ComboFix from the following location:
Link (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.
---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
=========================
In your next post please provide the following:
checkup.txt
ComboFix.txt
What symptoms are you experiencing?
64 Impala
2013-08-06, 09:19
Hello OCD
Thank you for taking on this task.
Please find attached the two results files you requested.
It has been some time since I posted my request and in that time I have deleted some curious add-ons from Firefox, so the system reflected in my original post may not be accurate now.
As for symptoms, I am no longer getting the double underlined words that when hovered over, pop up ads.
Tonight, however, a curious thing happened wherein a large number of windows( it appeared greater than 20) suddenly opened to all sorts of processes, hardware and software I did not recognise. It took a while to close them as initially the system stalled under the weight of them.
Regards
64 Impala
==========================
Results of screen317's Security Check version 0.99.71
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG AntiVirus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Spybot - Search & Destroy
Secunia PSI (3.0.0.3001)
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 25
Adobe Flash Player 11.7.700.224
Mozilla Firefox (22.0)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 24% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
=======================
ComboFix 13-08-05.03 - My Dell 05/08/2013 23:46:21.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.3062.2166 [GMT -6:00]
Running from: c:\documents and settings\My Dell.DELL-713227D0BD\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2013 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\_r_a_p_.tmp
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\RAIDTest
c:\documents and settings\My Dell.DELL-713227D0BD\Local Settings\Application Data\TopArcadeHits
c:\documents and settings\My Dell.DELL-713227D0BD\Local Settings\Application Data\TopArcadeHits\tah.config
c:\documents and settings\My Dell.DELL-713227D0BD\Local Settings\Application Data\TopArcadeHits\Toparcadehits.dll
c:\documents and settings\My Dell.DELL-713227D0BD\Local Settings\Application Data\TopArcadeHits\uninstaller.exe
c:\documents and settings\My Dell.DELL-713227D0BD\WINDOWS
C:\install.exe
c:\windows\Fonts\MSMINCHO.TTF
c:\windows\Fonts\myriad.ttf
c:\windows\Fonts\myriadb.ttf
c:\windows\Fonts\myriadc.ttf
c:\windows\Fonts\MyriadWebPro-Bold.ttf
c:\windows\Fonts\MyriadWebPro-Condensed.ttf
c:\windows\Fonts\MyriadWebPro-CondensedIt.ttf
c:\windows\Fonts\MyriadWebPro-Italic.ttf
c:\windows\Fonts\MyriadWebPro.ttf
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\4fc942c6fe9907dd.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6b5b47d6f9d0ebe2.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
.
.
((((((((((((((((((((((((( Files Created from 2013-07-06 to 2013-08-06 )))))))))))))))))))))))))))))))
.
.
2013-08-05 16:11 . 2013-08-05 16:11 -------- d-----w- c:\windows\LastGood
2013-08-02 02:24 . 2013-08-02 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Licenses
2013-08-02 02:24 . 2013-08-02 02:25 -------- d-----w- c:\program files\SpywareBlaster
2013-07-28 22:25 . 2013-07-28 23:08 -------- dc----w- c:\documents and settings\My Dell.DELL-713227D0BD\Local Settings\Application Data\MigWiz
2013-07-28 21:55 . 2013-07-28 21:55 -------- d-----w- c:\program files\Windows Easy Transfer 7
2013-07-28 21:43 . 2013-07-28 21:43 -------- d-----w- c:\program files\Renesas Electronics
2013-07-28 21:43 . 2013-07-28 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2013-07-18 04:39 . 2013-07-18 04:40 -------- d-----w- c:\program files\Dude
2013-07-17 03:12 . 2013-07-17 03:12 102448 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-06 05:20 . 2012-08-15 17:12 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-07-28 20:15 . 2012-03-29 14:47 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-28 20:15 . 2011-05-29 18:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-20 07:51 . 2012-09-21 10:46 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-20 07:50 . 2012-10-22 20:02 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 07:50 . 2012-10-15 10:48 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-20 07:50 . 2012-10-02 10:30 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-10 07:32 . 2012-09-14 10:05 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-07-01 07:45 . 2012-10-05 10:32 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-06-24 01:45 . 2013-06-24 01:45 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-24 01:45 . 2013-06-24 01:45 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-24 01:45 . 2012-07-05 03:57 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-24 01:45 . 2010-11-20 05:02 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-08 05:55 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2006-03-04 03:33 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2004-08-04 10:00 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-04 10:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-09 06:28 . 2006-10-19 04:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-12-21 01:19 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-12-21 01:19 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-12-21 01:19 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-12-21 01:19 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2012-12-21 11179720]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
"SlimDrivers"="c:\program files\SlimDrivers\SlimDrivers.exe" [2013-03-29 29387072]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"nwiz"="nwiz.exe" [2007-11-17 1626112]
"NVHotkey"="nvHotkey.dll" [2007-11-17 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2012-08-15 2801664]
"RepliGo Assistant"="c:\program files\Cerience\RepliGo\RepliGoMon.exe" [2005-10-28 172032]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2000-01-01 1821576]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2000-01-01 1313640]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
.
c:\documents and settings\My Dell.DELL-713227D0BD\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-8-25 192512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-7-25 572000]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Dude\\dude.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
"c:\\Program Files\\Canon\\Color Network ScanGear\\SgTool.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1121:TCP"= 1121:TCP:Akamai NetSession Interface
"1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"56338:UDP"= 56338:UDP:Color Network ScanGear
"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15/10/2012 04:48 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 04:46 246072]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14/09/2012 04:05 39224]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [22/08/2011 13:56 149376]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22/10/2012 14:02 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21/09/2012 04:45 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [02/10/2012 04:30 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21/09/2012 04:46 182072]
R1 RapportCerberus_53984;RapportCerberus_53984;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus32_53984.sys [21/07/2013 05:20 317424]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [16/07/2013 21:12 103152]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [23/07/2013 19:09 283136]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [09/02/2013 14:21 625304]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [16/07/2013 21:12 1124632]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [25/07/2012 02:46 1326176]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [25/07/2012 02:46 681056]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [15/08/2012 11:16 45288]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [28/07/2013 15:44 85768]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [28/07/2013 15:44 177800]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01/09/2010 02:30 15544]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [04/07/2013 15:53 4939312]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [05/01/2012 09:42 75624]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [02/08/2012 19:30 154624]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/09/2011 22:01 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [02/09/2011 22:01 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [16/07/2013 21:12 102448]
S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [16/07/2013 21:12 174320]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [15/08/2012 11:12 13464]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [06/05/2008 16:06 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BASFND
*Deregistered* - BASFND
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:15]
.
2013-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2013-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-03 04:01]
.
2013-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-03 04:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ww.google.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\My Dell.DELL-713227D0BD\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.254 75.153.176.1
FF - ProfilePath - c:\documents and settings\My Dell.DELL-713227D0BD\Application Data\Mozilla\Firefox\Profiles\wh5e9l1s.default-1344572621156\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{C1C3E833-420E-4D78-9BA7-86AEBB272384} - c:\documents and settings\My Dell.DELL-713227D0BD\Local Settings\Application Data\TopArcadeHits\uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-05 23:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4092416611-4004006793-4236126182-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1160)
c:\windows\system32\wxvault.dll
c:\windows\system32\detoured.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'lsass.exe'(1216)
c:\windows\system32\wxvault.dll
c:\windows\system32\detoured.dll
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Completion time: 2013-08-06 00:00:21
ComboFix-quarantined-files.txt 2013-08-06 06:00
.
Pre-Run: 3,582,365,696 bytes free
Post-Run: 3,883,110,400 bytes free
.
- - End Of File - - 879B3293C2233AD296F0F3605878952D
8F558EB6672622401DA993E1E865C861
Hi 64 Impala,
Please copy & paste all requested logs directly into your reply, do not attach them unless specifically asked to do so. Doing so requires us to download the file to view it which takes extra time. I appreciate your cooperation. :bigthumb:
=========================
1. Re-run DDS
Disable any script blocking protection (How to Disable your Security Programs (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html))
Right click and select "Run as Administrator"
Right click DDS icon to run the tool (may take up to 3 minutes to run)
When done, DDS.txt will open.
After a few moments, attach.txt will open in a second window.
Save both reports to your desktop.
=========================
In your next post please provide the following:
DDS.txt
How is the computer running at the moment?
64 Impala
2013-08-06, 20:38
OCD
Sorry about not reading the instructions fully.
Except for that weird thing yesterday I referred to in my last post, the computer seems to be running fine.
Another interesting thing is I see in the DDS.txt and in the Windows Security Alerts that AVG Firewall is "AVG Internet Security 2013 *Enabled*". The AVG interface is urging me to "activate now" insinuating that the firewall is not active. Am I misreading that, because other than the AVG interface, I have no idea how to deactivate the firewall.
Regards
64 Impala
Here is DDS.TXT...
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by My Dell at 11:00:16 on 2013-08-06
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.3062.2270 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2013 *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Cerience\RepliGo\RepliGoMon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\SlimDrivers\SlimDrivers.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ww.google.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: PDFXChange 2012: {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - c:\program files\tracker software\pdf-xchange 5\PXCIEaddin5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: RepliGoIEHelperCtl Class: {91DE4477-9CDC-4806-9BCB-28A963988E94} - c:\program files\cerience\repligo\RepliGoIEHelper.dll
BHO: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &RepliGo: {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - c:\program files\cerience\repligo\RepliGoIEBar.dll
TB: &RepliGo: {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - c:\program files\cerience\repligo\RepliGoIEBar.dll
TB: PDFXChange 2012: {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - c:\program files\tracker software\pdf-xchange 5\PXCIEaddin5.dll
uRun: [SugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [SlimDrivers] "c:\program files\slimdrivers\SlimDrivers.exe" -boot
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Document Manager] c:\program files\wave systems corp\services manager\docmgr\bin\docmgr.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [RepliGo Assistant] "c:\program files\cerience\repligo\RepliGoMon.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\stsystra.exe
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
StartupFolder: c:\docume~1\mydell~1.del\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\embass~1.lnk - c:\program files\wave systems corp\services manager\secure update\AutoUpdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\my dell.dell-713227d0bd\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287422520338
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxps://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254 75.153.176.1
TCP: Interfaces\{1E24E7FC-B0E0-444F-86EA-C763C4CC3788} : DHCPNameServer = 192.168.1.254 75.153.176.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\windows\system32\wxvault.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\my dell.dell-713227d0bd\application data\mozilla\firefox\profiles\wh5e9l1s.default-1344572621156\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 246072]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 39224]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [2011-8-22 149376]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 182072]
R1 RapportCerberus_53984;RapportCerberus_53984;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\53984\RapportCerberus32_53984.sys [2013-7-21 317424]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-7-16 103152]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-7-23 283136]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2012-8-2 154624]
R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2013-2-9 625304]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-7-16 1124632]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-7-25 1326176]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-7-25 681056]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2012-8-15 45288]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2013-7-28 85768]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2013-7-28 177800]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-7-16 102448]
S3 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-7-16 174320]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-8-15 13464]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2013-08-06 05:43:04 98816 ----a-w- c:\windows\sed.exe
2013-08-06 05:43:04 256000 ----a-w- c:\windows\PEV.exe
2013-08-06 05:43:04 208896 ----a-w- c:\windows\MBR.exe
2013-08-06 05:42:54 -------- d--h--w- C:\ComboFix
2013-08-02 02:24:45 -------- d-----w- c:\documents and settings\all users\application data\Licenses
2013-08-02 02:24:37 -------- d-----w- c:\program files\SpywareBlaster
2013-07-28 22:25:03 -------- dc----w- c:\documents and settings\my dell.dell-713227d0bd\local settings\application data\MigWiz
2013-07-28 21:55:25 -------- d-----w- c:\program files\Windows Easy Transfer 7
2013-07-28 21:43:58 -------- d-----w- c:\program files\Renesas Electronics
2013-07-28 21:43:20 -------- d-----w- c:\documents and settings\all users\application data\Downloaded Installations
2013-07-18 04:39:51 -------- d-----w- c:\program files\Dude
2013-07-17 03:12:26 102448 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2013-08-06 16:28:49 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-07-28 20:15:24 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-28 20:15:24 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-20 07:51:00 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-20 07:50:56 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-20 07:50:56 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 07:50:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-10 07:32:40 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-06-24 01:45:06 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-24 01:45:03 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-24 01:45:02 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-24 01:45:02 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-08 05:55:44 385024 ------w- c:\windows\system32\html.iec
2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56:06 43520 ------w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-09 06:28:02 1543680 ------w- c:\windows\system32\wmvdecod.dll
.
============= FINISH: 11:07:18.20 ===============
Hi 64 Impala,
Another interesting thing is I see in the DDS.txt and in the Windows Security Alerts that AVG Firewall is "AVG Internet Security 2013 *Enabled*". The AVG interface is urging me to "activate now" insinuating that the firewall is not active. Am I misreading that, because other than the AVG interface, I have no idea how to deactivate the firewall.You will need to go into the control panel of AVG and locate the Firewall settings to confirm that it is in fact enabled.
Tonight, however, a curious thing happened wherein a large number of windows( it appeared greater than 20) suddenly opened to all sorts of processes, hardware and software I did not recognise. It took a while to close them as initially the system stalled under the weight of them.Does this continue to occur?
=========================
1. ComboFix Script
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the code-box below into it:
DDS::
BHO: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - <orphaned>
ClearJavaCache::
Save this as CFScript.txt, in the same location as ComboFix.exe
http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, please post the C:\ComboFix.txt for further review.
=========================
2. Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.
Right click mbam-setup.exe and select "Run as Administrator" and follow the prompts to install the program.
At the end, be sure a check-mark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan as shown below.
http://i1224.photobucket.com/albums/ee380/jeffce74/MBAM.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
=========================
3. ESET Online Scanner
*Note:
It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".
= = = = = = = = = = = = = = = = = = = =
Go here to run ESET Online Scanner (http://www.eset.eu/online-scanner)
(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply
Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Antivirus software.
=========================
In your next post please provide the following:
ComboFix.txt
MBAM log
ESET's log.txt
How's the computer running?
64 Impala
2013-08-07, 11:34
OCD
The computer seems to be running fine right now.
The multiple windows thing has not happened today.
Here ar the files...
Regards
64 Impala
ComboFix...
ComboFix 13-08-05.03 - My Dell 06/08/2013 22:50:07.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.3062.2290 [GMT -6:00]
Running from: c:\documents and settings\My Dell.DELL-713227D0BD\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\My Dell.DELL-713227D0BD\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2013 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2013-07-07 to 2013-08-07 )))))))))))))))))))))))))))))))
.
.
2013-08-07 03:46 . 2013-08-07 03:46 -------- d-----w- c:\windows\LastGood
2013-08-02 02:24 . 2013-08-02 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Licenses
2013-08-02 02:24 . 2013-08-02 02:25 -------- d-----w- c:\program files\SpywareBlaster
2013-07-28 22:25 . 2013-07-28 23:08 -------- dc----w- c:\documents and settings\My Dell.DELL-713227D0BD\Local Settings\Application Data\MigWiz
2013-07-28 21:55 . 2013-07-28 21:55 -------- d-----w- c:\program files\Windows Easy Transfer 7
2013-07-28 21:43 . 2013-07-28 21:43 -------- d-----w- c:\program files\Renesas Electronics
2013-07-28 21:43 . 2013-07-28 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2013-07-18 04:39 . 2013-07-18 04:40 -------- d-----w- c:\program files\Dude
2013-07-17 03:12 . 2013-07-17 03:12 102448 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-07 03:46 . 2012-08-15 17:12 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-07-28 20:15 . 2012-03-29 14:47 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-28 20:15 . 2011-05-29 18:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-20 07:51 . 2012-09-21 10:46 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-20 07:50 . 2012-10-22 20:02 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 07:50 . 2012-10-15 10:48 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-20 07:50 . 2012-10-02 10:30 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-10 07:32 . 2012-09-14 10:05 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-07-01 07:45 . 2012-10-05 10:32 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-06-24 01:45 . 2013-06-24 01:45 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-24 01:45 . 2013-06-24 01:45 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-24 01:45 . 2012-07-05 03:57 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-24 01:45 . 2010-11-20 05:02 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-08 05:55 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2006-03-04 03:33 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2004-08-04 10:00 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-04 10:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-09 06:28 . 2006-10-19 04:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-12-21 01:19 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-12-21 01:19 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-12-21 01:19 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-12-21 01:19 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2012-12-21 11179720]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
"SlimDrivers"="c:\program files\SlimDrivers\SlimDrivers.exe" [2013-03-29 29387072]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"nwiz"="nwiz.exe" [2007-11-17 1626112]
"NVHotkey"="nvHotkey.dll" [2007-11-17 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2012-08-15 2801664]
"RepliGo Assistant"="c:\program files\Cerience\RepliGo\RepliGoMon.exe" [2005-10-28 172032]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2000-01-01 1821576]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2000-01-01 1313640]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
.
c:\documents and settings\My Dell.DELL-713227D0BD\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-8-25 192512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-7-25 572000]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Dude\\dude.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
"c:\\Program Files\\Canon\\Color Network ScanGear\\SgTool.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1121:TCP"= 1121:TCP:Akamai NetSession Interface
"1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"56338:UDP"= 56338:UDP:Color Network ScanGear
"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15/10/2012 04:48 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 04:46 246072]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14/09/2012 04:05 39224]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [22/08/2011 13:56 149376]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22/10/2012 14:02 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21/09/2012 04:45 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [02/10/2012 04:30 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21/09/2012 04:46 182072]
R1 RapportCerberus_53984;RapportCerberus_53984;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus32_53984.sys [21/07/2013 05:20 317424]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [16/07/2013 21:12 103152]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [23/07/2013 19:09 283136]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [02/08/2012 19:30 154624]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [09/02/2013 14:21 625304]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [16/07/2013 21:12 1124632]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [25/07/2012 02:46 1326176]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [25/07/2012 02:46 681056]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01/09/2010 02:30 15544]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [04/07/2013 15:53 4939312]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [05/01/2012 09:42 75624]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/09/2011 22:01 136176]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [15/08/2012 11:16 45288]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [02/09/2011 22:01 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [28/07/2013 15:44 85768]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [28/07/2013 15:44 177800]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [16/07/2013 21:12 102448]
S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [16/07/2013 21:12 174320]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [15/08/2012 11:12 13464]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [06/05/2008 16:06 11520]
S4 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys [20/05/2012 12:04 55448]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BASFND
*NewlyCreated* - RAPPORTIASO
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:15]
.
2013-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2013-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-03 04:01]
.
2013-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-03 04:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ww.google.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\My Dell.DELL-713227D0BD\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.254 75.153.176.1
FF - ProfilePath - c:\documents and settings\My Dell.DELL-713227D0BD\Application Data\Mozilla\Firefox\Profiles\wh5e9l1s.default-1344572621156\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-06 23:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4092416611-4004006793-4236126182-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1084)
c:\windows\system32\wxvault.dll
c:\windows\system32\detoured.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'lsass.exe'(1140)
c:\windows\system32\wxvault.dll
c:\windows\system32\detoured.dll
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
- - - - - - - > 'explorer.exe'(4184)
c:\windows\system32\WININET.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\program files\SugarSync\SugarSyncShellExt.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-08-06 23:04:14
ComboFix-quarantined-files.txt 2013-08-07 05:04
ComboFix2.txt 2013-08-06 06:00
.
Pre-Run: 3,234,852,864 bytes free
Post-Run: 3,209,023,488 bytes free
.
- - End Of File - - 7A46458876F5E27D9BB54070ADF8C445
8F558EB6672622401DA993E1E865C861
MBAM...
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.08.07.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
My Dell :: OLDGUY1 [administrator]
06/08/2013 23:10:29
mbam-log-2013-08-06 (23-10-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 245120
Time elapsed: 9 minute(s), 5 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
C:\Documents and Settings\My Dell.DELL-713227D0BD\Start Menu\Programs\TopArcadeHits (Adware.GameVance) -> Quarantined and deleted successfully.
Files Detected: 2
C:\Documents and Settings\My Dell.DELL-713227D0BD\Start Menu\Programs\TopArcadeHits\Play Toparcadehits Online.url (Adware.GameVance) -> Quarantined and deleted successfully.
C:\Documents and Settings\My Dell.DELL-713227D0BD\Start Menu\Programs\TopArcadeHits\Uninstall Toparcadehits.lnk (Adware.GameVance) -> Quarantined and deleted successfully.
(end)
ESETScan...
C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\cbsidlm-tr1_13-inSSIDer-ORG-10848357.exe Win32/DownloadAdmin.G application
C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\Cell Phones\Samsung Galaxy Ace Q\MyPhoneExplorer_Setup_1.8.4.exe Win32/InstallMonetizer.AH application
Hi 64 Impala,
1. ComboFix Script
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the code-box below into it:
File::
C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\cbsidlm-tr1_13-inSSIDer-ORG-10848357.exe
C:\Documents and Settings\My Dell.DELL-713227D0BD\Desktop\Cell Phones\Samsung Galaxy Ace Q\MyPhoneExplorer_Setup_1.8.4.exe
Save this as CFScript.txt, in the same location as ComboFix.exe
http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, please post the C:\ComboFix.txt for further review.
=========================
2. Disk Defragmenter for XP
Open My Computer.
Right-click the local disk volume that you want to defragment, and then click Properties.
On the Tools tab, click Defragment Now.
Click Defragment.
=========================
3. Security Check
Re-run Security Check by screen317.
In your next post please provide the following:
ComboFix.txt
checkup.txt
64 Impala
2013-08-07, 23:50
OCD
I have run the defrag an number of times since you asked.
Info as requested...
Regards
64 Impala
Combofix...
ComboFix 13-08-05.03 - My Dell 07/08/2013 11:37:21.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.3062.2310 [GMT -6:00]
Running from: c:\documents and settings\My Dell.DELL-713227D0BD\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\My Dell.DELL-713227D0BD\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2013 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\documents and settings\My Dell.DELL-713227D0BD\Desktop\cbsidlm-tr1_13-inSSIDer-ORG-10848357.exe"
"c:\documents and settings\My Dell.DELL-713227D0BD\Desktop\Cell Phones\Samsung Galaxy Ace Q\MyPhoneExplorer_Setup_1.8.4.exe"
.
.
((((((((((((((((((((((((( Files Created from 2013-07-07 to 2013-08-07 )))))))))))))))))))))))))))))))
.
.
2013-08-07 16:56 . 2013-08-07 16:56 -------- d-----w- c:\windows\LastGood
2013-08-07 05:09 . 2013-08-07 05:09 -------- d-----w- C:\Malwarebytes
2013-08-02 02:24 . 2013-08-02 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Licenses
2013-08-02 02:24 . 2013-08-02 02:25 -------- d-----w- c:\program files\SpywareBlaster
2013-07-28 22:25 . 2013-07-28 23:08 -------- dc----w- c:\documents and settings\My Dell.DELL-713227D0BD\Local Settings\Application Data\MigWiz
2013-07-28 21:55 . 2013-07-28 21:55 -------- d-----w- c:\program files\Windows Easy Transfer 7
2013-07-28 21:43 . 2013-07-28 21:43 -------- d-----w- c:\program files\Renesas Electronics
2013-07-28 21:43 . 2013-07-28 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2013-07-18 04:39 . 2013-07-18 04:40 -------- d-----w- c:\program files\Dude
2013-07-17 03:12 . 2013-07-17 03:12 102448 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-07 16:55 . 2012-08-15 17:12 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-07-28 20:15 . 2012-03-29 14:47 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-28 20:15 . 2011-05-29 18:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-20 07:51 . 2012-09-21 10:46 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-20 07:50 . 2012-10-22 20:02 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 07:50 . 2012-10-15 10:48 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-20 07:50 . 2012-10-02 10:30 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-10 07:32 . 2012-09-14 10:05 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-07-01 07:45 . 2012-10-05 10:32 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-06-24 01:45 . 2013-06-24 01:45 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-24 01:45 . 2013-06-24 01:45 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-24 01:45 . 2012-07-05 03:57 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-24 01:45 . 2010-11-20 05:02 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-08 05:55 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2006-03-04 03:33 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2004-08-04 10:00 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-04 10:00 1876736 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-12-21 01:19 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-12-21 01:19 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-12-21 01:19 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-12-21 01:19 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2012-12-21 11179720]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
"SlimDrivers"="c:\program files\SlimDrivers\SlimDrivers.exe" [2013-03-29 29387072]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"nwiz"="nwiz.exe" [2007-11-17 1626112]
"NVHotkey"="nvHotkey.dll" [2007-11-17 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2012-08-15 2801664]
"RepliGo Assistant"="c:\program files\Cerience\RepliGo\RepliGoMon.exe" [2005-10-28 172032]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2000-01-01 1821576]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2000-01-01 1313640]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
.
c:\documents and settings\My Dell.DELL-713227D0BD\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-8-25 192512]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-7-25 572000]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Dude\\dude.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
"c:\\Program Files\\Canon\\Color Network ScanGear\\SgTool.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1121:TCP"= 1121:TCP:Akamai NetSession Interface
"1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"56338:UDP"= 56338:UDP:Color Network ScanGear
"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15/10/2012 04:48 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 04:46 246072]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14/09/2012 04:05 39224]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [22/08/2011 13:56 149376]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22/10/2012 14:02 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21/09/2012 04:45 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [02/10/2012 04:30 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21/09/2012 04:46 182072]
R1 RapportCerberus_53984;RapportCerberus_53984;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus32_53984.sys [21/07/2013 05:20 317424]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [16/07/2013 21:12 103152]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [23/07/2013 19:09 283136]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [02/08/2012 19:30 154624]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [09/02/2013 14:21 625304]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [16/07/2013 21:12 1124632]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [25/07/2012 02:46 1326176]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [25/07/2012 02:46 681056]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01/09/2010 02:30 15544]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [04/07/2013 15:53 4939312]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [05/01/2012 09:42 75624]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/09/2011 22:01 136176]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [15/08/2012 11:16 45288]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [02/09/2011 22:01 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [28/07/2013 15:44 85768]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [28/07/2013 15:44 177800]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [16/07/2013 21:12 102448]
S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [16/07/2013 21:12 174320]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [15/08/2012 11:12 13464]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [06/05/2008 16:06 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BASFND
*Deregistered* - RapportIaso
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 20:15]
.
2013-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2013-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-03 04:01]
.
2013-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-03 04:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ww.google.ca/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\My Dell.DELL-713227D0BD\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\documents and settings\My Dell.DELL-713227D0BD\Application Data\Mozilla\Firefox\Profiles\wh5e9l1s.default-1344572621156\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-07 11:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4092416611-4004006793-4236126182-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1084)
c:\windows\system32\wxvault.dll
c:\windows\system32\detoured.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'lsass.exe'(1140)
c:\windows\system32\wxvault.dll
c:\windows\system32\detoured.dll
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
- - - - - - - > 'explorer.exe'(5600)
c:\windows\system32\WININET.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\program files\SugarSync\SugarSyncShellExt.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-08-07 11:50:11
ComboFix-quarantined-files.txt 2013-08-07 17:50
ComboFix2.txt 2013-08-07 05:04
ComboFix3.txt 2013-08-06 06:00
.
Pre-Run: 3,134,537,728 bytes free
Post-Run: 3,107,352,576 bytes free
.
- - End Of File - - 2F9D69AC2AAF26C458B9B9A56E574508
8F558EB6672622401DA993E1E865C861
And Checkup...
Results of screen317's Security Check version 0.99.71
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG AntiVirus Free Edition 2013
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Spybot - Search & Destroy
Secunia PSI (3.0.0.3001)
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 25
Adobe Flash Player 11.7.700.224
Mozilla Firefox (22.0)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
Hi 64 Impala
Your hard drive is still showing signs of be quite fragmented. Please try this other Defrag tool.
Auslogics Disk Defrag Free, download here (http://www.auslogics.com/en/downloads/disk-defrag/disk-defrag-setup.exe)
Install and run
Re-run Security Check when you are done and post a fresh checkup.txt
64 Impala
2013-08-08, 09:56
OCD; Hi...
I have run both the XP and Auslogic defraggers multiple times. I appears the Auslogic program picks away 2-8 files at a time, while the Windows program colour bar is gradually turning blue, albeit very slowly.
I have run out of time tonight so here is the checkup file for you.
Btw, in one website I was on today I had the double underlined words that when hovered over produced a popup...
Regards
64 Impala
Checkup...
Results of screen317's Security Check version 0.99.71
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG AntiVirus Free Edition 2013
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Spybot - Search & Destroy
Secunia PSI (3.0.0.3001)
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 25
Adobe Flash Player 11.7.700.224
Mozilla Firefox (22.0)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
Hi 64 Impala,
There doesn't appear to be any malware issues, just the large amount of fragmented files.
Btw, in one website I was on today I had the double underlined words that when hovered over produced a popup...Which browser does this happen while using?
=========================
If you haven't already done so, reboot your computer.
=========================
1. ATF Cleaner by Atribune
Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.
Download - ATF Cleaner (http://forums.whatthetech.com/downloads.html&req=download&code=confirm_download&id=17)
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.
=========================
Re-run the Auslogic defragger and post a fresh Security Check log
64 Impala
2013-08-08, 19:22
Hello OCD
64 Impala
2013-08-08, 19:32
Hello OCD
The browser with the most recent popups was IE. I have both Firefox and IE on board, with IE now the default after these troubles started as it seemed less affected than Firefox.
When I ran ATF Cleaner, it cleaned stuff from Main, which I assume was IE. When I ran it for Firefox the message was similar to: "no files deleted"
After running ATF Cleaner the Auslogic program was able to fix a large number of files but the drive is still fragmented.
The checkup info is below...
Regards
64 Impala
Results of screen317's Security Check version 0.99.71
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG AntiVirus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Spybot - Search & Destroy
Secunia PSI (3.0.0.3001)
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 25
Adobe Flash Player 11.7.700.224
Mozilla Firefox (22.0)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
Hi 64 Impala,
OK, let's try a different approach.
=========================
1. Disk Management
Go to Start then to Run
Type in compmgmt.msc and click Enter
On left side click on Disk Management
On right side you will see you hard drive.
Now I need you to take a screenshot and attach it to your next reply.
Do the following to take a screenshot while the above is open and showing on your desktop.
=========================
2. Take a Screenshot
Click on your Print Screen on your keyboard. It is normally the key above your number pad between the F12 key and the Scroll Lock key
Now go to Start and then to All Programs
Scroll to Accessories and then click on Paint
In the Empty White Area click and hold the CTRL key and then click the V
Go to the File option at the top and click on Save as
Save as file type JPEG and save it to your Desktop
=========================
In your next post please provide the following:
Disk Management screenshot
64 Impala
2013-08-09, 03:28
OCD
Here's the screenshot...10869
Regards
64 Impala
Hi 64 Impala,
Thanks. Your hard drive has about 16% free space. Generally speaking you want to keep your hard drive at a minimum of 20% free space so the system isn't over taxed.
You might try removing or moving (to an external drive) programs you no longer use to free up some space.
=========================
1. chkdsk scan
Click Start and My Computer.
Right-click the hard drive you want to check, and click Properties.
Select the Tools tab in the Error Checking section click Check Now. Check both boxes. Click Start.
You'll get a message that the computer must be rebooted to run a complete check.
Click Yes and reboot. Chkdsk will take a while, so run it when you don't need to use the computer for something else.
2. To view results log:
Go to Start - Run and type in eventvwr.msc, and hit enter.
When Event Viewer opens, click on "Application", then scroll down to "Winlogon" and double-click on it to open it up.
This is the log created after running chkdsk. Click on the icon that looks like two pieces of paper to copy it and then paste it here please.
=========================
In your next post please provide the following:
chkdsk log
64 Impala
2013-08-09, 07:23
OCD
Herewith the chkdsk log...
Regards
64 Impala
Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 31/07/2013
Time: 08:36:06
User: N/A
Computer: OLDGUY1
Description:
Checking file system on C:
The type of the file system is NTFS.
One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
The multi-sector header signature for VCN 0x5 of index $I30
in file 0x89 is incorrect.
2e 00 64 00 6c 00 6c 00 0f e6 01 00 00 00 15 00 ..d.l.l.........
68 00 58 00 00 00 00 00 28 00 00 00 00 00 01 00 h.X.....(.......
Correcting error in index $I30 for file 137.
The index bitmap $I30 in file 0x89 is incorrect.
Correcting error in index $I30 for file 137.
The down pointer of current index entry with length 0xe8 is invalid.
a0 db 02 00 00 00 02 00 e8 00 ca 00 01 00 00 00 ................
89 00 00 00 00 00 01 00 a4 b2 27 8f cc 20 cc 01 ..........'.. ..
5c 14 09 a1 eb 2b cc 01 6a 91 61 32 1a 7e cc 01 \....+..j.a2.~..
6a 0b f6 28 e2 8b ce 01 00 00 00 00 00 00 00 00 j..(............
00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 ................
44 01 78 00 38 00 36 00 5f 00 4d 00 69 00 63 00 D.x.8.6._.M.i.c.
72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 56 00 r.o.s.o.f.t...V.
43 00 38 00 30 00 2e 00 43 00 52 00 54 00 5f 00 C.8.0...C.R.T._.
31 00 66 00 63 00 38 00 62 00 33 00 62 00 39 00 1.f.c.8.b.3.b.9.
61 00 31 00 65 00 31 00 38 00 65 00 33 00 62 00 a.1.e.1.8.e.3.b.
5f 00 38 00 2e 00 30 00 2e 00 35 00 30 00 37 00 _.8...0...5.0.7.
32 00 37 00 2e 00 35 00 35 00 39 00 32 00 5f 00 2.7...5.5.9.2._.
78 00 2d 00 77 00 77 00 5f 00 31 00 37 00 39 00 x.-.w.w._.1.7.9.
37 00 39 00 38 00 63 00 38 00 00 00 00 00 01 00 7.9.8.c.8.......
ff ff ff ff ff ff ff ff a2 44 00 00 00 00 01 00 .........D......
e8 00 ca 00 01 00 00 00 89 00 00 00 00 00 01 00 ................
Sorting index $I30 in file 137.
The multi-sector header signature for VCN 0x19 of index $I30
in file 0xff5 is incorrect.
67 00 32 00 64 00 61 00 74 00 61 00 2e 00 61 00 g.2.d.a.t.a...a.
78 00 00 00 00 00 03 00 25 8d 00 00 00 00 02 00 x.......%.......
The multi-sector header signature for VCN 0x16 of index $I30
in file 0xff5 is incorrect.
4c 00 00 00 00 00 02 00 93 b2 00 00 00 00 01 00 L...............
70 00 5a 00 00 00 00 00 28 00 00 00 00 00 01 00 p.Z.....(.......
The multi-sector header signature for VCN 0x17 of index $I30
in file 0xff5 is incorrect.
2e 00 65 00 78 00 65 00 59 68 01 00 00 00 19 00 ..e.x.e.Yh......
70 00 5a 00 00 00 00 00 28 00 00 00 00 00 01 00 p.Z.....(.......
Correcting error in index $I30 for file 4085.
The index bitmap $I30 in file 0xff5 is incorrect.
Correcting error in index $I30 for file 4085.
The down pointer of current index entry with length 0x70 is invalid.
23 0f 01 00 00 00 04 00 70 00 58 00 01 00 00 00 #.......p.X.....
f5 0f 00 00 00 00 01 00 00 51 4e c7 3d 89 cb 01 .........QN.=...
00 51 4e c7 3d 89 cb 01 3c 68 95 2f d2 ff cc 01 .QN.=...<h./....
1c 6d 52 57 f8 77 ce 01 00 b0 0d 00 00 00 00 00 .mRW.w..........
00 48 12 00 00 00 00 00 21 08 00 00 00 00 00 00 .H......!.......
0b 03 33 00 35 00 61 00 36 00 65 00 64 00 35 00 ..3.5.a.6.e.d.5.
2e 00 6d 00 73 00 70 00 ff ff ff ff ff ff ff ff ..m.s.p.........
7b 8b 02 00 00 00 06 00 70 00 58 00 01 00 00 00 {.......p.X.....
Sorting index $I30 in file 4085.
Cleaning up minor inconsistencies on the drive.
CHKDSK is recovering lost files.
Recovering orphaned file 33d847.msp (2300) into directory file 4085.
Recovering orphaned file 3535383.msp (2509) into directory file 4085.
Recovering orphaned file 3871d96.msp (2794) into directory file 4085.
Recovering orphaned file 6f783a.msp (2951) into directory file 4085.
Recovering orphaned file 348b27.msi (4836) into directory file 4085.
Recovering orphaned file 7136fc.msi (8327) into directory file 4085.
Recovering orphaned file x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474 (17236) into directory file 137.
Recovering orphaned file 35a6ee0.msp (29304) into directory file 4085.
Recovering orphaned file x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a (36581) into directory file 137.
Recovering orphaned file x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd (37896) into directory file 137.
Recovering orphaned file 3535367.msp (39793) into directory file 4085.
Recovering orphaned file 353537c.msp (40009) into directory file 4085.
Recovering orphaned file 353538b.msp (40348) into directory file 4085.
Recovering orphaned file x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca (42287) into directory file 137.
Recovering orphaned file 35c8ace.msp (43741) into directory file 4085.
Recovering orphaned file 3901191.msp (44044) into directory file 4085.
Recovering orphaned file 36a22e3.msi (45614) into directory file 4085.
Recovering orphaned file 386c715.msp (46924) into directory file 4085.
Recovering orphaned file x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989 (49321) into directory file 137.
Recovering orphaned file 6df84b.msp (51522) into directory file 4085.
Recovering orphaned file 35ca968.msp (53482) into directory file 4085.
Recovering orphaned file 364f8.msp (56216) into directory file 4085.
Recovering orphaned file 36c8fb8.msp (57668) into directory file 4085.
Recovering orphaned file x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd (61354) into directory file 137.
Recovering orphaned file 35a6eb0.msp (67895) into directory file 4085.
Recovering orphaned file 6c3437.msi (69205) into directory file 4085.
Recovering orphaned file 35a6ec5.msp (69295) into directory file 4085.
Recovering orphaned file 35a6ecd.msp (69379) into directory file 4085.
Recovering orphaned file 6f9c453.msi (71611) into directory file 4085.
Recovering orphaned file 717b2b9.msp (72542) into directory file 4085.
Recovering orphaned file 38f1ffc.msp (73820) into directory file 4085.
Recovering orphaned file 81c456.msp (74776) into directory file 4085.
Recovering orphaned file 3535c1e.msp (76078) into directory file 4085.
Recovering orphaned file 6cffb1b.msp (76548) into directory file 4085.
Recovering orphaned file 765aa5.msp (77466) into directory file 4085.
Recovering orphaned file 7df9b1.msp (78822) into directory file 4085.
Recovering orphaned file 7ab80.msp (79472) into directory file 4085.
Recovering orphaned file 34d6989.msp (82939) into directory file 4085.
Recovering orphaned file x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_6e85597b (84575) into directory file 137.
Recovering orphaned file 7c76a.msi (84614) into directory file 4085.
Recovering orphaned file 3661a56.msp (84832) into directory file 4085.
Recovering orphaned file 33c38d7.msp (85909) into directory file 4085.
Recovering orphaned file 34a1bd5.msp (87352) into directory file 4085.
Recovering orphaned file 709ff8.msp (90633) into directory file 4085.
Recovering orphaned file 388f187.msp (90641) into directory file 4085.
Recovering orphaned file 35a6ef5.msp (90973) into directory file 4085.
Recovering orphaned file 35a6f0a.msp (91697) into directory file 4085.
Recovering orphaned file 6b7d39.msp (91700) into directory file 4085.
Recovering orphaned file 35d84d4.msp (93396) into directory file 4085.
Recovering orphaned file 3540407.msp (94293) into directory file 4085.
Recovering orphaned file 347275d.msp (94687) into directory file 4085.
Recovering orphaned file 6b33e8.msp (99155) into directory file 4085.
Recovering orphaned file 3484e2a.msp (101693) into directory file 4085.
Recovering orphaned file 7353ed.msp (106994) into directory file 4085.
Recovering orphaned file 37f3f98.msp (107486) into directory file 4085.
Recovering orphaned file 6e4d4e.msp (108701) into directory file 4085.
Recovering orphaned file 36671ec.msp (109825) into directory file 4085.
Recovering orphaned file 7bb7e.msp (113611) into directory file 4085.
Recovering orphaned file 37b7c94.msp (115041) into directory file 4085.
Recovering orphaned file 362821c.msp (115432) into directory file 4085.
Recovering orphaned file 384ab78.msp (121414) into directory file 4085.
Recovering orphaned file 35a6f1f.msp (163534) into directory file 4085.
Recovering orphaned file 3901199.msp (166417) into directory file 4085.
Recovering orphaned file 39011ae.msp (166609) into directory file 4085.
Recovering orphaned file 39011c3.msp (166716) into directory file 4085.
Recovering orphaned file 352c282.msp (167704) into directory file 4085.
Recovering orphaned file 34268c3.msp (173261) into directory file 4085.
Recovering orphaned file 345aa42.msp (180963) into directory file 4085.
Recovering orphaned file x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa (182090) into directory file 137.
Recovering orphaned file 35c8ac7.msp (184148) into directory file 4085.
Recovering orphaned file 359b29e.msp (186510) into directory file 4085.
Recovering orphaned file x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_7837863c (187292) into directory file 137.
Recovering orphaned file 390118b.msi (194250) into directory file 4085.
Recovering orphaned file 3871d85.msp (205409) into directory file 4085.
Recovering orphaned file 3871d90.msp (208582) into directory file 4085.
Cleaning up 1763 unused index entries from index $SII of file 0x9.
Cleaning up 1763 unused index entries from index $SDH of file 0x9.
Cleaning up 1763 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
78148156 KB total disk space.
75877564 KB in 154481 files.
67368 KB in 14827 indexes.
0 KB in bad sectors.
542244 KB in use by the system.
65536 KB occupied by the log file.
1660980 KB available on disk.
4096 bytes in each allocation unit.
19537039 total allocation units on disk.
415245 allocation units available on disk.
Internal Info:
50 db 04 00 67 95 02 00 46 1f 04 00 00 00 00 00 P...g...F.......
8f 39 00 00 02 00 00 00 9c 0b 00 00 00 00 00 00 .9..............
00 c2 eb 0b 00 00 00 00 58 4e 22 aa 00 00 00 00 ........XN".....
e4 5f 3e 2d 00 00 00 00 00 00 00 00 00 00 00 00 ._>-............
00 00 00 00 00 00 00 00 1c fd 0c f2 00 00 00 00 ................
99 9e 36 00 00 00 00 00 78 35 07 00 71 5b 02 00 ..6.....x5..q[..
00 00 00 00 00 f0 32 17 12 00 00 00 eb 39 00 00 ......2......9..
Windows has finished checking your disk.
Please wait while your computer restarts.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Hi 64 Impala,
Go ahead and defrag the computer again. Post a fresh Security Check log.
64 Impala
2013-08-09, 17:35
Morning OCD
I curious as to the status of my computer. Do you think I am now clear of any malware?
While I understand the importance of a defragmented hard drive, as I said in my initial post, I am in the process of upgrading to a Win 7 computer and wish to transfer my files over to it. Once I have done that I was going to wipe this hard drive and completely re-do it for another user in the family.
I was concerned that if there was any malware or virus embedded it would follow over to the new computer.
What are your thoughts?
The last Auslogic defrag sorted some 357 files...
Below the security check log...
Regards
64 Impala.
Results of screen317's Security Check version 0.99.71
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG AntiVirus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Spybot - Search & Destroy
Secunia PSI (3.0.0.3001)
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 25
Adobe Flash Player 11.7.700.224
Mozilla Firefox (22.0)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
Hi 64 Impala,
While I understand the importance of a defragmented hard drive, as I said in my initial post, I am in the process of upgrading to a Win 7 computer and wish to transfer my files over to it. Once I have done that I was going to wipe this hard drive and completely re-do it for another user in the family.Thank you for reminding me that you are going to be wiping the drive clean and doing a re-install after we are done. :red: With that in mind, the remainder of the fragmented files aren't as much of a concern.
=========================
Your log appears to be clean. :bigthumb:
We have a few items to take care of before we get to the All Clean Speech.
=========================
1. Uninstall Combofix
The following will implement important cleanup procedures as well as reset System Restore points:
Click on the Start button http://i1269.photobucket.com/albums/jj590/OCD-WTT/start.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/start.jpg.html) and then in the Search field enter combofix /uninstall, as shown in the image below with the blue arrow.
Please note that there is a space between combofix and /uninstall.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/CFwindows-7-start-menu_zps188282d2.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/CFwindows-7-start-menu_zps188282d2.jpg.html)
Once you have typed this in, press Enter on your keyboard. A Open File security warning will appear asking if you are sure you want to run ComboFix. Please click on the Run button to start the program.
ComboFix will now uninstall itself from your computer and remove any backups and quarantined files. When it has finished you will be greeted by a dialog box stating that ComboFix has been uninstalled.
=========================
2. You can now delete any tools and/or logs remaining on your desktop.
=========================
3. Disable Java in Web Browsers
There is a vulnerability with regards to Java and web browsers. Therefore, we recommend to disable java in web browsers.
More information can be found here: http://www.techsupportforum.com/forums/f50/disable-java-in-browsers-683721.html
Click on the Start button and then click on the Control Panel option.
In the Control Panel Search enter Java Control Panel.
Click on the Java icon to open the Java Control Panel.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/javadisable1_zps19e32961.jpg
Disable Java through the Java Control Panel
In the Java Control Panel, click on the Security tab.
Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser.
Click Apply. When the Windows User Account Control (UAC) dialog appears, allow permissions to make the changes.
Click OK in the Java Plug-in confirmation window.
Restart the browser for changes to take effect.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/javadisable2_zps5a2f5c6d.jpg
=========================
With the above items taken care of let's move on to the All Clean part of the process.
The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Impliment what you need.
This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
Here are some tips to reduce the potential for spyware infection in the future:
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:
NoScript (https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=ss)
AdBlockPlus (https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/)
Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
Free Anti-Virus
Avast Free Antivirus (http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html)
Avira Free Antivirus 2013 (http://download.cnet.com/Avira-Free-Antivirus-2013/3000-2239_4-10322935.html)
PC Tools AntiVirus Free (http://download.cnet.com/PC-Tools-AntiVirus-Free/3000-2239_4-10625067.html)
Ad-Aware Free Antivirus + (http://download.cnet.com/Ad-Aware-Free-Antivirus/3000-8022_4-10045910.html)
Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/forums/tutorial60.html).
Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)
Comodo Firewall (http://download.cnet.com/Comodo-Firewall/3000-10435_4-75181464.html)
Make sure you keep your Windows OS current. Windows XP users can visit Windows update (http://v4.windowsupdate.microsoft.com/en/default.asp) regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.
Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
WOT (http://www.mywot.com/) (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
64 Impala
2013-08-09, 20:59
OCD
I am having trouble finding the uninstall for combofix. The screenshot you have shown is for Win 7 I believe. The search function for XP did not reveal the uninstall and it is not in Control Panel.
Thanks
64 Impala
Hi 64 Impala,
OCD
I am having trouble finding the uninstall for combofix. The screenshot you have shown is for Win 7 I believe. The search function for XP did not reveal the uninstall and it is not in Control Panel.
I apologize for the confusion. Try this method instead.
1. Uninstall Combofix
The following will implement important cleanup procedures as well as reset System Restore points:
Click Start > Run and copy/paste the following bold text into the Run box and click OK:
ComboFix /Uninstall
(Note the space between the ..X and the /U, it needs to be there.)
http://i1269.photobucket.com/albums/jj590/OCD-WTT/Combofix_uninstall_image.jpg
=========================
64 Impala
2013-08-09, 23:06
OCD
Thank you for all your help. Certainly a few lessons learned here! ...now we'll see if the experience is ingrained!
I have applied your "All Clean Speech" material to the new computer. Is your list of free anti-virus exhaustive, or is it merely some suggestions? I see AVG is not there despite it being recommended some years ago in other venues that I can't recall right now?
Once again, much appreciated...
Thank you
64 Impala
64 Impala
2013-08-09, 23:09
OCD
Donation made...
Regards
64 Impala
Hi 64 Impala,
Is your list of free anti-virus exhaustive, or is it merely some suggestions?Just merely a few suggested FREE AV's. If you have used a different AV and found it worked well for you then by all means stick with it.
Thank for your donation, the site appreciates your support and confidence in what we do. :2thumb:
You are very welcome, glad I was able to help. Have a nice day.