Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Ukash Metropolitan Police virus [Solved]

Started by ChrisCart , May 14 2013 06:43 AM

This topic is locked

#16
gringo_pr

Posted 15 May 2013 - 01:07 AM

Trusted Helper

Malware Removal
7,268 posts

OK now I would like you to try and run combofix again for me

Gringo

#17
ChrisCart

Posted 15 May 2013 - 01:16 AM

Member

Topic Starter
Member
21 posts

Below is the file from RogueKiller. Will run Combofix again.

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Chris [Admin rights]
Mode : Remove -- Date : 05/15/2013 09:13:11
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM080II +++++
--- User ---
[MBR] e3437b4a272c0b0757afd7c1b1137c75
[BSP] 0865dbc3033a5b0d1557ae0b87d99f0b : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 160650 | Size: 69437 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 142368030 | Size: 2047 Mo
3 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 146560995 | Size: 4753 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_05152013_02d0913.txt >>
RKreport[1]_S_05152013_02d0908.txt ; RKreport[2]_D_05152013_02d0913.txt

#18
ChrisCart

Posted 15 May 2013 - 01:25 AM

Member

Topic Starter
Member
21 posts

Running Combofix, getting error message: Error opening file for writing: C:\32788R22FWJFW\pev.3XE, with the options to Abort, Retry or Ignore

#19
gringo_pr

Posted 15 May 2013 - 02:10 AM

Trusted Helper

Malware Removal
7,268 posts

ignore and see if it progresses

#20
ChrisCart

Posted 15 May 2013 - 02:59 AM

Member

Topic Starter
Member
21 posts

Log file from Combofix below. Without delving in too deeply computer would seem to be running as it was before infection (if not slightly quicker).

ComboFix 13-05-14.01 - Chris 15/05/2013 10:17:24.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1146 [GMT 1:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\3d9332d1-0b48-40cc-9189-068cf64600b6.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\3e0b29b2-9809-4050-abfc-ef8aff73ceab.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\493f295d-1a46-46f6-926c-63b474cedab4.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\4d4f44db-c9f0-4cc8-a32f-e98ea4fff68d.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\59abf7b9-a4a7-4d76-9ad6-13c7bb2f4d0b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\5f2ce3e8-3c56-40bb-86d6-a1a41867000b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\69eaa8a4-3131-4718-aad0-994ebde678d1.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\7b6e388f-35d0-44f8-aa2c-20538273473f.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\7dd123b0-30e9-4f67-b7e2-20e7374cbb87.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\88bde4bf-b24d-4cb6-92ef-eb02d3276f09.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\96c23f75-9f21-4ef8-a3c8-1a554b815309.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\97cd9b9c-9747-469a-acfa-cfbf8aed528a.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\9cdc7b97-c1d2-495c-8b7f-12fd3c7e14b8.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\b9ce760f-6209-48f2-a4a3-695324591c45.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\bbfa36b0-30b0-4e36-8d8c-69df1d87626b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\be661974-a339-4e9a-bea4-bda0af68ba7f.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\bea3f575-677a-4c92-89ca-7be8480c11a9.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\c0ff87a7-2f82-4d5e-8d0f-38cbd0c2f4d1.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\ca35a61e-780d-401f-891e-22b67162d061.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\ca39d363-7f7b-442f-9d1a-7cf8e06b7b08.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\caf72ad2-a222-415c-a303-8ca35e466713.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\d04640e7-f772-4909-8f8e-f8294ff0752f.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\d2597799-52b1-4a68-9280-897ad5c0c18e.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\daf30858-49d8-434b-b4b1-068b5dc9267c.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\dfc97e68-74cd-4807-807f-ac146d81ec5d.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\f04a4d58-1eb6-4e35-b4b4-db6bab11e49b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\f80d4ad1-1fad-43b5-b6f3-347848b5ddd5.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\fb803e34-29ed-4941-a7b3-4074ca51286c.dll
c:\windows\$NtUninstallKB13358$\3945849596
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\06004c97-c212-44da-81de-706b46554efe.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\0d85b53c-d766-4bf0-8940-17b534910268.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\16837627-a839-41c5-a88f-3a0335128383.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\1ea63693-456f-437c-857f-522df77e7357.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\2d5007b2-cc36-4b97-a231-d0c427a69035.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\32ac3173-77bd-4ec6-9638-94e174508c22.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\330761e0-2594-472d-8455-796592cf88dc.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\0B4227B4.TMP
c:\documents and settings\Chris\Application Data\Adobe\plugs
c:\documents and settings\Chris\Application Data\Adobe\shed
c:\documents and settings\Chris\Application Data\PriceGong
c:\documents and settings\Chris\WINDOWS
c:\program files\Internet Explorer\SET68F.tmp
c:\program files\Internet Explorer\SET690.tmp
c:\program files\searchresults1\toOLbar2x.dll
c:\windows\$NtUninstallKB13358$
c:\windows\$NtUninstallKB13358$\667620325\@
c:\windows\$NtUninstallKB13358$\667620325\Desktop.ini
c:\windows\$NtUninstallKB13358$\667620325\L\00000004.@
c:\windows\$NtUninstallKB13358$\667620325\L\201d3dde
c:\windows\$NtUninstallKB13358$\667620325\L\pdmzmplg
c:\windows\$NtUninstallKB13358$\667620325\U\00000004.@
c:\windows\$NtUninstallKB13358$\667620325\U\00000008.@
c:\windows\$NtUninstallKB13358$\667620325\U\000000cb.@
c:\windows\$NtUninstallKB13358$\667620325\U\80000000.@
c:\windows\$NtUninstallKB13358$\667620325\U\80000032.@
c:\windows\system32\config\systemprofile\8012031.exe
c:\windows\system32\SET130.tmp
c:\windows\system32\SET13C.tmp
c:\windows\system32\SET205.tmp
c:\windows\system32\SET206.tmp
c:\windows\system32\SET222.tmp
c:\windows\system32\SET224.tmp
c:\windows\system32\SET232.tmp
c:\windows\system32\SET23F.tmp
c:\windows\system32\SET240.tmp
c:\windows\system32\SET249.tmp
c:\windows\system32\SET24C.tmp
c:\windows\system32\SET254.tmp
c:\windows\system32\SET27E.tmp
c:\windows\system32\SET682.tmp
c:\windows\system32\SET683.tmp
c:\windows\system32\SET685.tmp
c:\windows\system32\SET686.tmp
c:\windows\system32\SET687.tmp
c:\windows\system32\SET68A.tmp
c:\windows\system32\SET68B.tmp
c:\windows\system32\SET68C.tmp
c:\windows\system32\SETD2.tmp
c:\windows\system32\SETD3.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MSHOST_MANAGER
.
.
((((((((((((((((((((((((( Files Created from 2013-04-15 to 2013-05-15 )))))))))))))))))))))))))))))))
.
.
2013-05-15 07:25 . 2013-05-15 07:25 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-15 02:54 . 2011-07-13 02:55 2237440 ----a-r- C:\OTLPE.exe
2013-05-15 02:50 . 2013-05-15 02:50 -------- d-----w- C:\_OTL
2013-05-12 09:27 . 2013-05-12 09:27 -------- d-----w- c:\windows\Microsoft Antimalware
2013-04-28 17:41 . 2013-04-28 17:41 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Redlynx
2013-04-28 17:37 . 2007-10-12 14:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2013-04-28 17:36 . 2007-04-04 17:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2013-04-28 17:36 . 2013-04-28 17:36 -------- d-----w- c:\program files\OpenAL
2013-04-28 17:36 . 2013-04-28 17:36 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2013-04-28 17:36 . 2013-04-28 17:36 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2013-04-28 17:36 . 2013-04-28 17:36 -------- d-----w- c:\program files\Trials 2 Second Edition
2013-04-25 18:41 . 2008-04-14 04:42 10752 ------w- c:\windows\system32\smtpapi.dll
2013-04-25 18:41 . 2008-04-14 04:42 9728 ------w- c:\windows\system32\rwnh.dll
2013-04-25 18:41 . 2008-04-14 04:41 81920 ------w- c:\windows\system32\ieencode.dll
2013-04-25 18:41 . 2007-04-02 23:12 1327320 ------w- c:\program files\MSN\msncorefiles\install\msnsusii.exe
2013-04-25 18:41 . 2007-04-02 23:04 884712 ------w- c:\program files\MSN\msncorefiles\install\msn9components\digcore.exe
2013-04-25 18:41 . 2007-04-02 23:09 11053008 ------w- c:\program files\MSN\msncorefiles\install\msn9components\msncli.exe
2013-04-25 18:41 . 2008-04-14 04:40 966656 ------w- c:\program files\MSN\msncorefiles\oobe\obemetal.dll
2013-04-25 18:41 . 2008-04-14 04:40 86016 ------w- c:\program files\MSN\msncorefiles\oobe\obepopc.dll
2013-04-25 18:41 . 2008-04-14 04:40 229376 ------w- c:\program files\MSN\msncorefiles\oobe\obelog.dll
2013-04-25 18:41 . 2007-04-02 23:14 77824 ------w- c:\program files\MSN\msncorefiles\oobe\obemtllc.dll
2013-04-25 18:40 . 2006-12-28 23:31 19569 ----a-w- c:\windows\000001_.tmp
2013-04-25 18:21 . 2013-04-25 18:56 -------- d-----w- C:\328562c906c870eeac9003
2013-04-25 15:44 . 2013-04-25 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB
2013-04-25 15:44 . 2013-04-25 15:44 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\PC_Drivers_Headquarters
2013-04-25 15:44 . 2013-04-25 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Inspector
2013-04-25 15:42 . 2013-04-25 15:42 -------- d-----w- c:\program files\Driver Inspector
2013-04-25 13:01 . 2013-04-25 13:01 -------- d-----w- c:\documents and settings\Chris\Application Data\Dell
2013-04-25 13:00 . 2013-04-25 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2013-04-25 12:59 . 2013-04-25 13:35 -------- d-----w- c:\program files\Dell Support Center
2013-04-25 12:56 . 2013-04-25 13:01 -------- d-----w- c:\documents and settings\Chris\Application Data\PCDr
2013-04-25 12:51 . 2013-04-25 12:54 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Deployment
2013-04-16 21:20 . 2013-04-16 21:20 -------- d-----w- c:\documents and settings\Chris\Application Data\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-17 08:10 . 2012-05-06 19:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-17 08:10 . 2012-05-06 19:35 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2007-11-10 21:28 . 2007-11-10 21:28 5822168 ----a-w- c:\program files\Firefox Setup 2.0.0.9.exe
2013-04-16 20:26 . 2013-04-16 20:25 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-02 4780928]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-10-19 17875120]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-05-21 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-05-21 1202448]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 842584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-03-14 296056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...&ver=10.0.1411" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-10 44544]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-19 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-11-10 6144]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 04:50 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 04:46 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 07:30 35552]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [11/03/2012 13:48 56208]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 13:32 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 13:32 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/10/2011 07:23 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 02:14 164832]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [15/12/2011 17:51 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [11/03/2012 13:48 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [11/03/2012 13:48 164112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [12/08/2011 00:38 116608]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [04/10/2004 05:47 98304]
R2 Apache2.2;Apache2.2;c:\program files\Xampp\xampp\apache\bin\httpd.exe [26/02/2010 16:23 29416]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [16/11/2012 00:34 5814904]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [22/10/2012 14:05 196664]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [04/10/2004 04:40 118784]
S1 bhif686;bhif686;c:\windows\system32\drivers\bhif686.sys --> c:\windows\system32\drivers\bhif686.sys [?]
S1 mde67b2;mde67b2;c:\windows\system32\drivers\mde67b2.sys --> c:\windows\system32\drivers\mde67b2.sys [?]
S2 DellBIOS;DellBIOS;\??\c:\windows\DellBIOS.Sys --> c:\windows\DellBIOS.Sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [19/10/2012 17:14 160944]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [17/08/2011 09:06 21520]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [29/12/2011 17:24 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [29/12/2011 17:25 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [29/12/2011 17:25 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [29/12/2011 17:25 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [29/12/2011 17:25 25704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-20 20:55]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-20 20:55]
.
2010-09-11 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2006-11-21 16:09]
.
2013-04-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2013-04-25 22:00]
.
2013-03-21 c:\windows\Tasks\prismDowngrade.job
- c:\program files\NCH Software\Prism\prism.exe [2011-01-09 17:36]
.
2013-01-11 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2011-01-09 17:36]
.
2013-05-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 17:45]
.
2013-05-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1381835960-4241067638-2893470200-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 17:45]
.
2013-05-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 17:45]
.
2013-03-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1381835960-4241067638-2893470200-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 17:45]
.
2013-05-11 c:\windows\Tasks\ReclaimerUpdateFiles_Chris.job
- c:\documents and settings\Chris\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-24 14:57]
.
2013-05-06 c:\windows\Tasks\ReclaimerUpdateXML_Chris.job
- c:\documents and settings\Chris\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-24 14:57]
.
2013-05-15 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Chris.job
- c:\documents and settings\Chris\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-24 14:57]
.
2013-01-08 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-10-09 09:26]
.
2013-05-11 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2013-04-25 22:00]
.
.
------- Supplementary Scan -------
.
uStart Page =
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=5sxu-Yd7mgSBD2KFFJOxaT8vSTs
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\xnu0xw4p.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: !HIDDEN! 2010-04-22 10:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-38529753.sys
SafeBoot-79202367.sys
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-15 10:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4728)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\netprovcredman.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Xampp\xampp\mysql\bin\mysqld.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2013-05-15 10:50:38 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-15 09:50
.
Pre-Run: 21,072,261,120 bytes free
Post-Run: 21,011,357,696 bytes free
.
- - End Of File - - DBD00D5C0B47CCC18996C5102F98EB65

#21
gringo_pr

Posted 15 May 2013 - 07:34 PM

Trusted Helper

Malware Removal
7,268 posts

Hello ChrisCart

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Driver::
bhif686
mde67b2

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following

report from Combofix
let me know of any problems you may have had
How is the computer doing now after running the script?

Gringo

#22
ChrisCart

Posted 15 May 2013 - 11:07 PM

Member

Topic Starter
Member
21 posts

Hi Gringo

I checked out many of the tasks I would normally run on the computer and they are running really fast. The laptop is quite old but it is like it is new again. A problem I have had for two years has been that it would not read USB drives unless I plugged them in and then rebooted. This has been resolved and transferring data is much quicker. What a bonus!

Currently running Combofix and will post logfile once complete. Combofix asked to update when it started up which I did.

Can't thank you enough for all your help so far.

Chris

#23
ChrisCart

Posted 15 May 2013 - 11:16 PM

Member

Topic Starter
Member
21 posts

After "Completed Stage 5" pev.3XE error message "The instruction at 0x00b9ac48 referenced memory at 0x00b9ac48. The memory could not be written." Options to OK to terminate or Cancel to debug program. Combofix is continuing to run so have not selected an option yet.

#24
ChrisCart

Posted 15 May 2013 - 11:42 PM

Member

Topic Starter
Member
21 posts

Combofix logfile below. The error pop up mentioned in my last post removed itself.

ComboFix 13-05-15.01 - Chris 16/05/2013 7:03.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1134 [GMT 1:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chris\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\06004c97-c212-44da-81de-706b46554efe.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\0d85b53c-d766-4bf0-8940-17b534910268.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\16837627-a839-41c5-a88f-3a0335128383.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\1ea63693-456f-437c-857f-522df77e7357.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\2d5007b2-cc36-4b97-a231-d0c427a69035.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\32ac3173-77bd-4ec6-9638-94e174508c22.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\330761e0-2594-472d-8455-796592cf88dc.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\3d9332d1-0b48-40cc-9189-068cf64600b6.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\3e0b29b2-9809-4050-abfc-ef8aff73ceab.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\493f295d-1a46-46f6-926c-63b474cedab4.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\4d4f44db-c9f0-4cc8-a32f-e98ea4fff68d.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\59abf7b9-a4a7-4d76-9ad6-13c7bb2f4d0b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\5f2ce3e8-3c56-40bb-86d6-a1a41867000b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\69eaa8a4-3131-4718-aad0-994ebde678d1.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\7b6e388f-35d0-44f8-aa2c-20538273473f.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\7dbfef1a-6148-4748-a1b3-71627763a45a.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\7dd123b0-30e9-4f67-b7e2-20e7374cbb87.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\813755dc-2229-47a2-b85b-19d0aaa641c9.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\872965c7-08b7-47fc-a74c-ff167590b71a.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\88bde4bf-b24d-4cb6-92ef-eb02d3276f09.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\96c23f75-9f21-4ef8-a3c8-1a554b815309.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\97cd9b9c-9747-469a-acfa-cfbf8aed528a.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\9cdc7b97-c1d2-495c-8b7f-12fd3c7e14b8.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\a9de0c84-9a7c-4638-9653-13aa8cf56e80.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\ae67b364-b69e-471e-b177-2459120b84d4.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\b2152f30-7380-4987-8fcf-e4c06952615d.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\b4cc2a4a-87f5-49cd-935c-18f1a80e65b7.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\b9ce760f-6209-48f2-a4a3-695324591c45.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\bbfa36b0-30b0-4e36-8d8c-69df1d87626b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\bc6fc708-5b6b-4a72-b336-09b3089baa7a.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\be661974-a339-4e9a-bea4-bda0af68ba7f.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\bea3f575-677a-4c92-89ca-7be8480c11a9.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\c0ff87a7-2f82-4d5e-8d0f-38cbd0c2f4d1.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\c4211805-b43b-471d-81af-4e0589f8607b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\ca35a61e-780d-401f-891e-22b67162d061.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\ca39d363-7f7b-442f-9d1a-7cf8e06b7b08.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\caf72ad2-a222-415c-a303-8ca35e466713.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\cdda52ec-6ccd-425a-8c72-b7bbdc8b3acd.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\d04640e7-f772-4909-8f8e-f8294ff0752f.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\d2597799-52b1-4a68-9280-897ad5c0c18e.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\d34c0cf7-889f-43dd-9283-b2b6f442aae3.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\daf30858-49d8-434b-b4b1-068b5dc9267c.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\dfc97e68-74cd-4807-807f-ac146d81ec5d.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\e45cd45a-4d7c-4802-881f-74582b847e5c.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\ef78c3e8-1d94-4219-8070-7617e119bba4.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\f04a4d58-1eb6-4e35-b4b4-db6bab11e49b.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\f06c5597-1a85-4d1f-ac16-a6fdd2a6bedc.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\f80d4ad1-1fad-43b5-b6f3-347848b5ddd5.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll
c:\documents and settings\All Users\Application Data\PCDr\6032\AddOnDownloaded\fb803e34-29ed-4941-a7b3-4074ca51286c.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_bhif686
-------\Service_mde67b2
.
.
((((((((((((((((((((((((( Files Created from 2013-04-16 to 2013-05-16 )))))))))))))))))))))))))))))))
.
.
2013-05-15 07:25 . 2013-05-15 07:25 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-15 02:54 . 2011-07-13 02:55 2237440 ----a-r- C:\OTLPE.exe
2013-05-15 02:50 . 2013-05-15 02:50 -------- d-----w- C:\_OTL
2013-05-12 09:27 . 2013-05-12 09:27 -------- d-----w- c:\windows\Microsoft Antimalware
2013-04-28 17:41 . 2013-04-28 17:41 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Redlynx
2013-04-28 17:37 . 2007-10-12 14:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2013-04-28 17:36 . 2007-04-04 17:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2013-04-28 17:36 . 2013-04-28 17:36 -------- d-----w- c:\program files\OpenAL
2013-04-28 17:36 . 2013-04-28 17:36 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2013-04-28 17:36 . 2013-04-28 17:36 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2013-04-28 17:36 . 2013-04-28 17:36 -------- d-----w- c:\program files\Trials 2 Second Edition
2013-04-25 18:41 . 2008-04-14 04:42 10752 ------w- c:\windows\system32\smtpapi.dll
2013-04-25 18:41 . 2008-04-14 04:42 9728 ------w- c:\windows\system32\rwnh.dll
2013-04-25 18:41 . 2008-04-14 04:41 81920 ------w- c:\windows\system32\ieencode.dll
2013-04-25 18:41 . 2007-04-02 23:12 1327320 ------w- c:\program files\MSN\msncorefiles\install\msnsusii.exe
2013-04-25 18:41 . 2007-04-02 23:04 884712 ------w- c:\program files\MSN\msncorefiles\install\msn9components\digcore.exe
2013-04-25 18:41 . 2007-04-02 23:09 11053008 ------w- c:\program files\MSN\msncorefiles\install\msn9components\msncli.exe
2013-04-25 18:41 . 2008-04-14 04:40 966656 ------w- c:\program files\MSN\msncorefiles\oobe\obemetal.dll
2013-04-25 18:41 . 2008-04-14 04:40 86016 ------w- c:\program files\MSN\msncorefiles\oobe\obepopc.dll
2013-04-25 18:41 . 2008-04-14 04:40 229376 ------w- c:\program files\MSN\msncorefiles\oobe\obelog.dll
2013-04-25 18:41 . 2007-04-02 23:14 77824 ------w- c:\program files\MSN\msncorefiles\oobe\obemtllc.dll
2013-04-25 18:40 . 2006-12-28 23:31 19569 ----a-w- c:\windows\000001_.tmp
2013-04-25 18:21 . 2013-04-25 18:56 -------- d-----w- C:\328562c906c870eeac9003
2013-04-25 15:44 . 2013-04-25 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB
2013-04-25 15:44 . 2013-04-25 15:44 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\PC_Drivers_Headquarters
2013-04-25 15:44 . 2013-04-25 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Inspector
2013-04-25 15:42 . 2013-04-25 15:42 -------- d-----w- c:\program files\Driver Inspector
2013-04-25 13:01 . 2013-04-25 13:01 -------- d-----w- c:\documents and settings\Chris\Application Data\Dell
2013-04-25 13:00 . 2013-04-25 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PCDr
2013-04-25 12:59 . 2013-04-25 13:35 -------- d-----w- c:\program files\Dell Support Center
2013-04-25 12:56 . 2013-04-25 13:01 -------- d-----w- c:\documents and settings\Chris\Application Data\PCDr
2013-04-25 12:51 . 2013-04-25 12:54 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Deployment
2013-04-16 21:20 . 2013-04-16 21:20 -------- d-----w- c:\documents and settings\Chris\Application Data\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-17 08:10 . 2012-05-06 19:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-17 08:10 . 2012-05-06 19:35 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2007-11-10 21:28 . 2007-11-10 21:28 5822168 ----a-w- c:\program files\Firefox Setup 2.0.0.9.exe
2013-04-16 20:26 . 2013-04-16 20:25 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-02 4780928]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-10-19 17875120]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-05-21 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-05-21 1202448]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 842584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"CTSVolFE.exe"="c:\program files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 57344]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-03-14 296056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...&ver=10.0.1411" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-10 44544]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-19 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-11-10 6144]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 04:50 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 04:46 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 07:30 35552]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [11/03/2012 13:48 56208]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 13:32 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 13:32 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/10/2011 07:23 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 02:14 164832]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [15/12/2011 17:51 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [11/03/2012 13:48 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [11/03/2012 13:48 164112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [12/08/2011 00:38 116608]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [04/10/2004 05:47 98304]
R2 Apache2.2;Apache2.2;c:\program files\Xampp\xampp\apache\bin\httpd.exe [26/02/2010 16:23 29416]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [16/11/2012 00:34 5814904]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [22/10/2012 14:05 196664]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [04/10/2004 04:40 118784]
S2 DellBIOS;DellBIOS;\??\c:\windows\DellBIOS.Sys --> c:\windows\DellBIOS.Sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [19/10/2012 17:14 160944]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [17/08/2011 09:06 21520]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [29/12/2011 17:24 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [29/12/2011 17:25 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [29/12/2011 17:25 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [29/12/2011 17:25 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [29/12/2011 17:25 25704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-20 20:55]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-20 20:55]
.
2010-09-11 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2006-11-21 16:09]
.
2013-04-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2013-04-25 22:00]
.
2013-03-21 c:\windows\Tasks\prismDowngrade.job
- c:\program files\NCH Software\Prism\prism.exe [2011-01-09 17:36]
.
2013-01-11 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2011-01-09 17:36]
.
2013-05-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 17:45]
.
2013-05-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1381835960-4241067638-2893470200-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 17:45]
.
2013-05-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 17:45]
.
2013-05-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1381835960-4241067638-2893470200-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 17:45]
.
2013-05-15 c:\windows\Tasks\ReclaimerUpdateFiles_Chris.job
- c:\documents and settings\Chris\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-24 14:57]
.
2013-05-15 c:\windows\Tasks\ReclaimerUpdateXML_Chris.job
- c:\documents and settings\Chris\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-24 14:57]
.
2013-05-16 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Chris.job
- c:\documents and settings\Chris\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-24 14:57]
.
2013-01-08 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-10-09 09:26]
.
2013-05-15 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2013-04-25 22:00]
.
.
------- Supplementary Scan -------
.
uStart Page =
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=5sxu-Yd7mgSBD2KFFJOxaT8vSTs
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\xnu0xw4p.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: !HIDDEN! 2010-04-22 10:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-16 07:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4660)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Xampp\xampp\mysql\bin\mysqld.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\dllhost.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\eHome\ehmsas.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2013-05-16 07:35:05 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-16 06:35
ComboFix2.txt 2013-05-15 09:50
.
Pre-Run: 19,759,505,408 bytes free
Post-Run: 19,742,654,464 bytes free
.
- - End Of File - - 0146EEE0FD9BF547CBAB6FA6EEBAB7B7

#25
gringo_pr

Posted 15 May 2013 - 11:42 PM

Trusted Helper

Malware Removal
7,268 posts

if it is still running just leave it alone

gringo

#26
ChrisCart

Posted 16 May 2013 - 02:27 AM

Member

Topic Starter
Member
21 posts

Hi Gringo. I realise that our last posts overlapped so you may not have seen the Combofix log file on my previous post above yours. Apologies if you have already seen it.

#27
gringo_pr

Posted 16 May 2013 - 02:29 AM

Trusted Helper

Malware Removal
7,268 posts

Hello ChrisCart

I would like to see a report that combofix makes.

extra combofix report

push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
please copy and past the following into the box

C:\Qoobox\Add-Remove Programs.txt

click ok

copy and paste the report into this topic for me to review

Gringo

#28
ChrisCart

Posted 16 May 2013 - 02:35 AM

Member

Topic Starter
Member
21 posts

32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Digital Editions 2.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 3.0
Adobe Reader 9.5.2
Adobe Shockwave Player 12.0
Apple Application Support
Apple Mobile Device Support
AVG 2013
BBC iPlayer Desktop
Bonjour
Broadcom Management Programs
Capture By George! 2.7
CCleaner
Cisco Systems VPN Client 5.0.07.0290
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Convert
CustomerResearchQFolder
Dell Support 3.2.1
Dell Support Center
Dell System Restore
Digital Line Detect
Driver Inspector
Free Countdown Timer 2.7.1
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless WiFi Software
iPod for Windows 2006-06-28
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 15
Java™ 6 Update 3
Malwarebytes Anti-Malware version 1.65.1.1000
MCU
Media Player Classic - Home Cinema 1.6.1.4235
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Image Composite Editor
Microsoft IntelliPoint 6.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Visio Viewer 2003 (English)
Microsoft Office XP Professional with FrontPage
Microsoft Reader
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Minolta DiMAGE Scan Elite2 ver 1.0
Mixer
Modem Helper
Mozilla Firefox 20.0.1 (x86 en-GB)
Mozilla Maintenance Service
mProSafe
MSVCSetup
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
NetWaiting
NoniGPSPlot
OpenAL
Otto
Picasa 3
Pocket Bricks
PocketDict
PowerDraw V30
PrimoPDF -- brought to you by Nitro PDF Software
Prism Video File Converter
Protected Music Converter 0.99.30b
QuickSet
QuickTime
Rapport
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Scribus 1.4.1
Search Results Toolbar
SearchAssist
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Skype™ 6.0
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sound Blaster Audigy ADVANCED MB Demo
SUPERAntiSpyware
Switch Sound File Converter
swMSM
Synaptics Pointing Device Driver
System Requirements Lab
TreeSize Free V2.7
Trials 2 Second Edition
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2467659)
Update for Windows XP (KB971029)
URL Assistant
Viewpoint Media Player
WebFldrs XP
WGS-84 Calculator ver 1.10
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Mobile® Device Handbook
Windows PowerShell™ 1.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Service Pack 3

#29
gringo_pr

Posted 16 May 2013 - 01:44 PM

Trusted Helper

Malware Removal
7,268 posts

Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.2
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 15
Java™ 6 Update 3

[/list]

Please download and install Revo Uninstaller Free
Double click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.

.

Update Adobe reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Clean Out Temp Files

This small application you may want to keep and use once a week to keep the computer clean.

Download CCleaner from here http://www.ccleaner.com/
Run the installer to install the application.
When it gives you the option to install Yahoo toolbar uncheck the box next to it.
Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
Click Run Cleaner.
Close CCleaner.

: Malwarebytes' Anti-Malware :

I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now

Double-click mbam icon
go to the update tab at the top
click on check for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If you accidentally close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

Go Here to download HijackThis program
Save HijackThis to your desktop.
Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
copy and paste hijackthis report into the topic

"information and logs"

In your next post I need the following

Log From MBAM
report from Hijackthis
let me know of any problems you may have had
How is the computer doing now?

Gringo

#30
ChrisCart

Posted 16 May 2013 - 04:41 PM

Member

Topic Starter
Member
21 posts

Computer is running very well indeed, significantly better than pre-virus. Have not identified any issues at all with regular applications that I use. However seems that Windows Installer Service is not present which has prevented installing Adobe Reader XI and HijackThis as per your instructions.

Uninstall some programs: removed

Update Adobe Reader: Adobe Reader XI will not install as the "Windows Installer Service could not be accessed".

Clean out temp files: completed

Malwarebytes' Anti-Malware: Nothing found, log below

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.16.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Chris :: ROBSTER [administrator]

16/05/2013 23:08:49
mbam-log-2013-05-16 (23-08-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280537
Time elapsed: 13 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Download HijackThis: will not run due to Windows Installer Service