-
Posts
17 -
Joined
-
Last visited
Reputation
0 Neutral-
Big Freeze Part Deux
girlintrouble replied to girlintrouble's topic in Resolved Malware Removal Logs
Oops stopped reading at the combofix bit Didnt realize you answered my previous questions Deleting backups might be a bit difficult, those are directories backed up numerous times on the disk into multiple directories Id prefer to find a way to scan and fix it in one hit if its possible without having to provide a list of directories if possible (to avoid having to put you to the trouble of editing some long list -
Big Freeze Part Deux
girlintrouble replied to girlintrouble's topic in Resolved Malware Removal Logs
Hi Kevin I ran the moveit thing First time it just hung, had to reboot Tried again then it worked. I have NOT removed combofix yet -----> Remember i mentioned an external hard drive with backed up files on. Surely that will reinfect my system unless i deal with that Also have I just moved the infected files to another area rather than fix them?? Here is the log file from the moveit Thanks All processes killed========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Documents and Settings\aisha\Desktop\cmd.bat deleted successfully.C:\Documents and Settings\aisha\Desktop\cmd.txt deleted successfully.C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\FullBackup\badgurl.co.uk\index.html moved successfully.C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\FullBackup\investmenttrainingreview.co.uk\index.html moved successfully.C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\FullBackup\investmenttrainingreview.co.uk\index.php moved successfully.C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Junk\badgurlbadindex.html moved successfully.C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Junk\index.html moved successfully.C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Junk\itrbadindex.html moved successfully.C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Livemotion\ITR\index.php moved successfully.C:\Documents and Settings\aisha\Desktop\FORUM STUFF\ITR Full Backup 150808\investmenttrainingreview.co.uk\indexdanger.html moved successfully.C:\Documents and Settings\aisha\My Documents\2012\BestVideoDownloader.exe moved successfully.C:\Documents and Settings\aisha\My Documents\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe moved successfully.J:\Documents and Settings\Aisha Saeed\My Documents\Downloads\Aly Michalka - wild horses - [MP3Juices.com].exe moved successfully.J:\Documents and Settings\Aisha Saeed\My Documents\My Documents\Business\Investment Training Review\ITR Full Backup 170808\investmenttrainingreview.co.uk\indexdanger.html moved successfully.J:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP201\A0034577.exe moved successfully.J:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP201\A0034578.exe moved successfully.========== COMMANDS ========== [EMPTYTEMP] User: aisha->Temp folder emptied: 77831 bytes->Temporary Internet Files folder emptied: 162086 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 4136495 bytes->Flash cache emptied: 2382050 bytes User: All Users User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 4551820 bytes User: Guest->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 67 bytes->FireFox cache emptied: 5666730 bytes->Flash cache emptied: 348 bytes User: Lightscribe User: LocalService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 49353 bytes->FireFox cache emptied: 1578567 bytes->Flash cache emptied: 300 bytes User: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 32902 bytes User: Owner->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 2577 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 4544778 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 22.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 11082013_002523 Files moved on Reboot... Registry entries deleted on Reboot... -
Big Freeze Part Deux
girlintrouble replied to girlintrouble's topic in Resolved Malware Removal Logs
Oops bad stuff found...which I guess AVG did not find! Only issues with my machine are recently when I click shutdown on the menu it takes about 3 min for the shutdown choices dialog box come up. During this debug process it has worked immediately as normal on a few occasions but not on a few too. The 2nd issue is sometimes when I leave the box alone for a few hours it starts the screensaver as expected but after some time it stops responding ie screen goes blank and does not respond I have 2 suspicions either / both may be incorrect, the room is quite hot, tends to happen then, maybe over heat, or driver issue. I do get the impression the box is alive under the dead window hard to explain, if I could remember the keystroke way to shutdown I suspect it would do a clean shutdown., These are trivial issues Ideally I need to rebuild this box as well as the box that got trashed using Comodo System Utilities.. Wld not recommend that product. More to the point I have an external hard drive which has some of these files backed up on it. Id like to vaccinate it too ;-) Thanks for your input so far Kevin C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\FullBackup\badgurl.co.uk\index.html JS/TrojanDownloader.Iframe.NKF trojan C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\FullBackup\investmenttrainingreview.co.uk\index.html JS/TrojanDownloader.Iframe.NKF trojan C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\FullBackup\investmenttrainingreview.co.uk\index.php JS/TrojanDownloader.Iframe.NKF trojan C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Junk\badgurlbadindex.html JS/TrojanDownloader.Iframe.NKF trojan C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Junk\index.html JS/TrojanDownloader.Iframe.NKF trojan C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Junk\itrbadindex.html JS/TrojanDownloader.Iframe.NKF trojan C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Livemotion\ITR\index.php JS/TrojanDownloader.Iframe.NKF trojan C:\Documents and Settings\aisha\Desktop\FORUM STUFF\ITR Full Backup 150808\investmenttrainingreview.co.uk\indexdanger.html JS/TrojanDownloader.Iframe.NKF trojan C:\Documents and Settings\aisha\My Documents\2012\BestVideoDownloader.exe a variant of Win32/KBM.A application C:\Documents and Settings\aisha\My Documents\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe a variant of Win32/Verti.A application J:\Documents and Settings\Aisha Saeed\My Documents\Downloads\Aly Michalka - wild horses - [MP3Juices.com].exe Win32/InstalleRex.C application J:\Documents and Settings\Aisha Saeed\My Documents\My Documents\Business\Investment Training Review\ITR Full Backup 170808\investmenttrainingreview.co.uk\indexdanger.html JS/TrojanDownloader.Iframe.NKF trojan J:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP201\A0034577.exe probably a variant of Win32/YourFileDownloader.A application J:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP201\A0034578.exe a variant of Win32/Adware.MediaFinder.D application -
Big Freeze Part Deux
girlintrouble replied to girlintrouble's topic in Resolved Malware Removal Logs
This is the log for ComboFix Will do remaining activity and return Thanks Kevin ComboFix 13-11-04.01 - aisha 07/11/2013 12:01:44.3.2 - x86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1196 [GMT 0:00]Running from: c:\documents and settings\aisha\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\aisha\Desktop\CFScript.txtAV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}..((((((((((((((((((((((((( Files Created from 2013-10-07 to 2013-11-07 )))))))))))))))))))))))))))))))..2013-11-06 00:09 . 2013-11-06 00:09 -------- d-----w- c:\documents and settings\aisha\Application Data\Malwarebytes2013-11-06 00:09 . 2013-11-06 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2013-11-06 00:09 . 2013-11-06 00:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-11-06 00:09 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-11-05 21:39 . 2013-11-05 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage2013-11-05 20:32 . 2013-11-05 20:32 -------- d-----w- C:\FRST2013-10-30 20:59 . 2008-05-30 14:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll2013-10-30 20:55 . 2013-11-04 11:02 -------- d-----w- c:\windows\Logs2013-10-21 00:39 . 2013-10-21 00:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO2013-10-17 21:46 . 2013-10-17 21:46 -------- d-----w- c:\program files\Common Files\Skype2013-10-17 19:20 . 2013-10-17 19:20 48392 ----a-w- c:\windows\system32\certsentry.dll2013-10-17 15:04 . 2013-10-17 15:04 108816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-09 00:55 . 2012-12-19 21:36 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-10-09 00:55 . 2012-12-19 21:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-09-25 19:57 . 2013-08-01 15:06 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys2013-09-10 21:11 . 2012-09-21 03:45 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys2013-09-08 21:12 . 2012-09-14 03:05 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys2013-09-02 09:39 . 2012-10-02 03:30 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys2013-09-02 09:28 . 2012-10-15 03:48 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys2013-09-02 09:28 . 2012-10-22 13:02 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys2013-09-02 09:28 . 2012-09-21 03:46 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys2013-08-20 21:54 . 2012-10-05 03:32 102200 ----a-w- c:\windows\system32\drivers\avgmfx86.sys2009-10-30 13:00 . 2013-10-03 18:00 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BeInSyncConflict]@="{458829D6-C79F-4A99-897C-0DA32AB1A619}"[HKEY_CLASSES_ROOT\CLSID\{458829D6-C79F-4A99-897C-0DA32AB1A619}]2007-06-04 16:19 138240 ----a-w- c:\progra~1\BeInSync\BISShellEx.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BeInSyncConflictUnsync]@="{278A95EA-3EAE-4BCE-9986-0A86A98B1407}"[HKEY_CLASSES_ROOT\CLSID\{278A95EA-3EAE-4BCE-9986-0A86A98B1407}]2007-06-04 16:19 138240 ----a-w- c:\progra~1\BeInSync\BISShellEx.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BeInSyncUnsync]@="{6E80B8CC-6741-4362-A7E1-467763FC6297}"[HKEY_CLASSES_ROOT\CLSID\{6E80B8CC-6741-4362-A7E1-467763FC6297}]2007-06-04 16:19 138240 ----a-w- c:\progra~1\BeInSync\BISShellEx.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-07-30 2363392]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 68856].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-01 7561216]"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-10-07 4908592]"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360].c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-14 596584]Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2007-2-5 118784].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]"{561F5138-43B1-45D9-AEC9-478C51C1BD09}"= "c:\progra~1\BeInSync\BISShellEx.dll" [2007-06-04 138240].[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnkbackup=c:\windows\pss\Metacafe.lnkCommon Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BeInSync]2007-06-04 16:19 424448 ----a-w- c:\program files\BeInSync\BeInSync.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]2009-10-30 13:00 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2008-07-30 09:47 289064 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCM Notify-Me]2003-09-11 17:02 118784 ----a-w- c:\program files\TCM\NotifyMe.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\LimeWire\\LimeWire.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\BeInSync\\BeInSyncServer.exe"="c:\\My Downloads\\Skype\\Skype\\skype\\skype.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"="c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"="c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"="c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=.R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15/10/2012 03:48 145720]R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 03:46 223032]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14/09/2012 03:05 27448]R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [17/10/2013 15:04 108816]R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [01/08/2013 15:06 120632]R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22/10/2012 13:02 209208]R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21/09/2012 03:45 22840]R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [02/10/2012 03:30 176952]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21/09/2012 03:46 193848]R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [28/10/2013 12:55 340432]R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [17/10/2013 15:04 157264]R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [17/10/2013 15:04 230448]R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [25/09/2013 20:47 301152]R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [09/10/2013 17:33 2104968]R2 IceDragonUpdater;COMODO IceDragon Update Service;c:\program files\Comodo\IceDragon\icedragon_updater.exe [14/07/2013 10:57 1821384]R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [06/11/2013 00:09 418376]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [06/11/2013 00:09 701512]R2 OracleServiceXE;OracleServiceXE;c:\oracle10gexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oracle10gexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [17/10/2013 15:04 1444120]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/11/2013 00:09 22856]S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [03/10/2013 21:00 3538480]S2 gupdate1c8c8d8c2edac0a;Google Update Service (gupdate1c8c8d8c2edac0a);c:\program files\Google\Update\GoogleUpdate.exe [16/07/2008 17:54 133104]S2 OracleXETNSListener;OracleXETNSListener;c:\oracle10gexpress\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [02/02/2006 00:49 204800]S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys --> c:\windows\system32\Drivers\ATHFMWDL.sys [?]S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [04/02/2007 19:04 17149]S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [31/05/2006 17:16 30192]S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oracle10gexpress\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oracle10gexpress\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 12:28 160944].[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]2008-07-30 09:39 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe.Contents of the 'Scheduled Tasks' folder.2013-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-19 00:55].2013-11-07 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-15 17:30].2013-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-16 23:37].2013-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-16 23:37]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = *.localIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?72e21d2efef84384b10840286289d8aaIE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?72e21d2efef84384b10840286289d8aaIE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: DhcpNameServer = 192.168.0.1FF - ProfilePath - c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\FF - prefs.js: browser.search.selectedEngine - AVG Secure SearchFF - prefs.js: browser.startup.homepage - www.google.comFF - ExtSQL: 2013-09-25 00:55; feca4b87-3be4-43da-a1b1-137c24220968@jetpack; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpiFF - ExtSQL: 2013-09-25 00:58; jid0-SQnwtgW1b8BsMB5PLV5WScEDWOw@jetpack; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOw@jetpack.xpiFF - ExtSQL: 2013-09-25 01:06; YoutubeDownloader@huangho.net76.net; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\YoutubeDownloader@huangho.net76.net.xpiFF - ExtSQL: 2013-09-25 01:54; jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpiFF - ExtSQL: !HIDDEN! 2009-11-16 03:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-11-07 12:23Windows 5.1.2600 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(4192)c:\progra~1\BeInSync\MSVCR71.dllc:\progra~1\BeInSync\DPzlib1.dllc:\progra~1\BeInSync\log4cpp.dllc:\windows\system32\btmmhook.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Completion time: 2013-11-07 12:26:44ComboFix-quarantined-files.txt 2013-11-07 12:26ComboFix2.txt 2013-11-06 22:59.Pre-Run: 8,544,833,536 bytes freePost-Run: 8,561,889,280 bytes free.- - End Of File - - 4FCC9507AF75D47A5DB38498FBABD69F5CB90281D1A59B251F6603134774EEC3 -
Big Freeze Part Deux
girlintrouble replied to girlintrouble's topic in Resolved Malware Removal Logs
It ran through this time I have reactiveated Firewall, AVG and MWB, hope thats ok If I need to deactivate pls advise Here is the log file Did it find stuff, I think it might have done I didnt watch the whole thing Thanks ComboFix 13-11-04.01 - aisha 06/11/2013 22:22:29.2.2 - x86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1280 [GMT 0:00]Running from: c:\documents and settings\aisha\Desktop\ComboFix.exeAV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..---- Previous Run -------.c:\documents and settings\aisha\My Documents\~WRL0003.tmpc:\documents and settings\aisha\My Documents\~WRL0005.tmpc:\documents and settings\aisha\My Documents\~WRL3156.tmpc:\windows\system32\SET380.tmpc:\windows\system32\SET382.tmpc:\windows\system32\SET38E.tmp..((((((((((((((((((((((((( Files Created from 2013-10-06 to 2013-11-06 )))))))))))))))))))))))))))))))..2013-11-06 00:09 . 2013-11-06 00:09 -------- d-----w- c:\documents and settings\aisha\Application Data\Malwarebytes2013-11-06 00:09 . 2013-11-06 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2013-11-06 00:09 . 2013-11-06 00:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-11-06 00:09 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-11-05 21:39 . 2013-11-05 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage2013-11-05 20:32 . 2013-11-05 20:32 -------- d-----w- C:\FRST2013-10-30 20:59 . 2008-05-30 14:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll2013-10-30 20:55 . 2013-11-04 11:02 -------- d-----w- c:\windows\Logs2013-10-21 00:39 . 2013-10-21 00:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO2013-10-17 21:46 . 2013-10-17 21:46 -------- d-----w- c:\program files\Common Files\Skype2013-10-17 19:20 . 2013-10-17 19:20 48392 ----a-w- c:\windows\system32\certsentry.dll2013-10-17 15:04 . 2013-10-17 15:04 108816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-09 00:55 . 2012-12-19 21:36 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-10-09 00:55 . 2012-12-19 21:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-09-25 19:57 . 2013-08-01 15:06 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys2013-09-10 21:11 . 2012-09-21 03:45 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys2013-09-08 21:12 . 2012-09-14 03:05 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys2013-09-02 09:39 . 2012-10-02 03:30 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys2013-09-02 09:28 . 2012-10-15 03:48 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys2013-09-02 09:28 . 2012-10-22 13:02 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys2013-09-02 09:28 . 2012-09-21 03:46 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys2013-08-20 21:54 . 2012-10-05 03:32 102200 ----a-w- c:\windows\system32\drivers\avgmfx86.sys2009-10-30 13:00 . 2013-10-03 18:00 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BeInSyncConflict]@="{458829D6-C79F-4A99-897C-0DA32AB1A619}"[HKEY_CLASSES_ROOT\CLSID\{458829D6-C79F-4A99-897C-0DA32AB1A619}]2007-06-04 16:19 138240 ----a-w- c:\progra~1\BeInSync\BISShellEx.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BeInSyncConflictUnsync]@="{278A95EA-3EAE-4BCE-9986-0A86A98B1407}"[HKEY_CLASSES_ROOT\CLSID\{278A95EA-3EAE-4BCE-9986-0A86A98B1407}]2007-06-04 16:19 138240 ----a-w- c:\progra~1\BeInSync\BISShellEx.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BeInSyncUnsync]@="{6E80B8CC-6741-4362-A7E1-467763FC6297}"[HKEY_CLASSES_ROOT\CLSID\{6E80B8CC-6741-4362-A7E1-467763FC6297}]2007-06-04 16:19 138240 ----a-w- c:\progra~1\BeInSync\BISShellEx.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-07-30 2363392]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 68856].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-01 7561216]"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-10-07 4908592]"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360].c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-14 596584]Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2007-2-5 118784].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]"{561F5138-43B1-45D9-AEC9-478C51C1BD09}"= "c:\progra~1\BeInSync\BISShellEx.dll" [2007-06-04 138240].[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnkbackup=c:\windows\pss\Metacafe.lnkCommon Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BeInSync]2007-06-04 16:19 424448 ----a-w- c:\program files\BeInSync\BeInSync.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]2009-10-30 13:00 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2008-07-30 09:47 289064 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCM Notify-Me]2003-09-11 17:02 118784 ----a-w- c:\program files\TCM\NotifyMe.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\LimeWire\\LimeWire.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\BeInSync\\BeInSyncServer.exe"="c:\\My Downloads\\Skype\\Skype\\skype\\skype.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"="c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"="c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"="c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"="c:\\WINDOWS\\Temp\\CMC_DRAGON\\restart_helper.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=.R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15/10/2012 03:48 145720]R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 03:46 223032]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14/09/2012 03:05 27448]R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [17/10/2013 15:04 108816]R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [01/08/2013 15:06 120632]R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22/10/2012 13:02 209208]R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21/09/2012 03:45 22840]R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [02/10/2012 03:30 176952]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21/09/2012 03:46 193848]R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [28/10/2013 12:55 340432]R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [17/10/2013 15:04 157264]R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [17/10/2013 15:04 230448]R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [03/10/2013 21:00 3538480]R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [25/09/2013 20:47 301152]R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [09/10/2013 17:33 2104968]R2 IceDragonUpdater;COMODO IceDragon Update Service;c:\program files\Comodo\IceDragon\icedragon_updater.exe [14/07/2013 10:57 1821384]R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [06/11/2013 00:09 418376]R2 OracleServiceXE;OracleServiceXE;c:\oracle10gexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oracle10gexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]R2 OracleXETNSListener;OracleXETNSListener;c:\oracle10gexpress\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [02/02/2006 00:49 204800]R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [17/10/2013 15:04 1444120]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/11/2013 00:09 22856]S2 gupdate1c8c8d8c2edac0a;Google Update Service (gupdate1c8c8d8c2edac0a);c:\program files\Google\Update\GoogleUpdate.exe [16/07/2008 17:54 133104]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [06/11/2013 00:09 701512]S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys --> c:\windows\system32\Drivers\ATHFMWDL.sys [?]S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [04/02/2007 19:04 17149]S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [31/05/2006 17:16 30192]S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oracle10gexpress\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oracle10gexpress\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 12:28 160944].[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]2008-07-30 09:39 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe.Contents of the 'Scheduled Tasks' folder.2013-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-19 00:55].2013-11-06 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-15 17:30].2013-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-16 23:37].2013-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-16 23:37]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = *.localIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?72e21d2efef84384b10840286289d8aaIE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?72e21d2efef84384b10840286289d8aaIE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: DhcpNameServer = 192.168.0.1FF - ProfilePath - c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\FF - prefs.js: browser.search.selectedEngine - AVG Secure SearchFF - prefs.js: browser.startup.homepage - www.google.comFF - ExtSQL: 2013-09-25 00:55; feca4b87-3be4-43da-a1b1-137c24220968@jetpack; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpiFF - ExtSQL: 2013-09-25 00:58; jid0-SQnwtgW1b8BsMB5PLV5WScEDWOw@jetpack; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOw@jetpack.xpiFF - ExtSQL: 2013-09-25 01:06; YoutubeDownloader@huangho.net76.net; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\YoutubeDownloader@huangho.net76.net.xpiFF - ExtSQL: 2013-09-25 01:54; jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpiFF - ExtSQL: !HIDDEN! 2009-11-16 03:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service.- - - - ORPHANS REMOVED - - - -.HKLM-Run-MBkLogOnHook - c:\program files\McAfee\MBK\LogOnHook.exeAddRemove-Registrar Registry Manager 5.62 (Lite Edition) - c:\program files\Registrar Registry Manager\unwise.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-11-06 22:47Windows 5.1.2600 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(3672)c:\progra~1\BeInSync\MSVCR71.dllc:\progra~1\BeInSync\DPzlib1.dllc:\progra~1\BeInSync\log4cpp.dllc:\windows\system32\btmmhook.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\btncopy.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exec:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exec:\program files\Java\jre7\bin\jqs.exec:\program files\Common Files\LightScribe\LSSrvc.exec:\windows\system32\nvsvc32.exec:\oracle10gexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXEc:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exec:\windows\system32\SearchIndexer.exec:\windows\system32\wscntfy.exec:\windows\TEMP\CMC_DRAGON\restart_helper.exec:\windows\stsystra.exec:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exec:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exec:\program files\Windows Desktop Search\WindowsSearch.exec:\program files\Common Files\Ahead\Lib\NMIndexingService.exec:\windows\system32\SearchProtocolHost.exec:\windows\system32\SearchFilterHost.exe.**************************************************************************.Completion time: 2013-11-06 22:59:45 - machine was rebootedComboFix-quarantined-files.txt 2013-11-06 22:59.Pre-Run: 8,768,249,856 bytes freePost-Run: 8,585,031,680 bytes free.- - End Of File - - B2C254DBFEC0081E857425B1FA4A6F675CB90281D1A59B251F6603134774EEC3 -
Big Freeze Part Deux
girlintrouble replied to girlintrouble's topic in Resolved Malware Removal Logs
OK I decided to go ahead and follow the instructions as best I could I turned off AVG, Firewall and MWB I ran the ComboFix It installed Windows recovery Console Completed Stage 1 to 50 Then it deleted 6 TMP files and seemed to get stuck I waited about 20 min Rebooted and found no log file. Not sure what to do. Can I turn on my FW and AVG? -
Big Freeze Part Deux
girlintrouble replied to girlintrouble's topic in Resolved Malware Removal Logs
Sorry actually its windows firewall on my box (see above) -
Big Freeze Part Deux
girlintrouble replied to girlintrouble's topic in Resolved Malware Removal Logs
Do I need to de-active MWB or Comodo firewall also? I take it I can turn off my internet while I do this? -
Big Freeze Part Deux
girlintrouble replied to girlintrouble's topic in Resolved Malware Removal Logs
Hmm funnily enough after a further reboot I managed to run my first successful express scan for days It found 2 items: PUP.Optional.ExpressInstall.A See log file below I didnt try to use MWB quarantine etc> Thought it best to wait for further instructions. Also the delayed shutdown problem also seems to be fixed! Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org Database version: v2013.11.05.07 Windows XP Service Pack 2 x86 NTFSInternet Explorer 6.0.2900.2180aisha :: DELLXP [administrator] Protection: Enabled 06/11/2013 02:39:38MBAM-log-2013-11-06 (02-58-28).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 244856Time elapsed: 17 minute(s), 11 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 1HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE () -> No action taken. Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 1C:\Documents and Settings\aisha\My Documents\Downloads\Setup.exe (PUP.Optional.ExpressInstall.A) -> No action taken. (end) -
Big Freeze Part Deux
girlintrouble replied to girlintrouble's topic in Resolved Malware Removal Logs
Hi there I went through the destructions all went according to your suggestion EXCEPT - when I came to re-run the scan I had exactly the same results it froze before 3 min, had to crash the machine So same results as before, couldnt run a full scan......... -
Big Freeze Part Deux
girlintrouble replied to girlintrouble's topic in Resolved Malware Removal Logs
Oops sorry, my bad, dont know why I didnt see it. BTW I do use Ccleaner regularly, not used it since yesterday, I noticed your site says not to use when trying to fix so I havent. Hopefully that hasnt deleted anything useful....! Will do that and come back to you -
Big Freeze Part Deux
girlintrouble replied to girlintrouble's topic in Resolved Malware Removal Logs
Hi Kevin Sorry Im a bit confused by your instructions let me check I understood a You tell me to download mbamclean b Then deisntall mwb in CP c Reboot d Then download from the link and reinstall from that etc... Your instructions didnt tell em to run mbamclean, i thought it was for use later on but nothing later on pointed me to it Or perhaps you did want me to tun it.? Sorry if Im being a bit dim Id rather check than do it wrong and create confusion SP3 may not be installed on this box. I have an nearly identical PC (def with SP3) which got screwed running some Comodo sw. I got this older box out of the loft, it probably didnt get updated The box had been running fine for over a year without it though, this problem only occurred very recently Thanks -
Big Freeze Part Deux
girlintrouble replied to girlintrouble's topic in Resolved Malware Removal Logs
Hey there Its genuine ;-) Diagnostic Report (1.9.0027.0):-----------------------------------------Windows Validation Data-->Validation Status: GenuineValidation Code: 0Cached Validation Code: N/AWindows Product Key: *****-*****-GD6GR-K6DP3-4C8MTWindows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=Windows Product ID: 76477-OEM-2111907-00102Windows Product ID Type: 2Windows License Type: OEM SLPWindows OS version: 5.1.2600.2.00010300.2.0.homID: {59F5F760-AB9D-40D2-B136-435F575AC6F5}(1)Is Admin: YesTestCab: 0x0LegitcheckControl ActiveX: Registered, 1.5.540.0Signed By: MicrosoftProduct Name: N/AArchitecture: N/ABuild lab: N/ATTS Error: N/AValidation Diagnostic: 025D1FF3-230-1Resolution Status: N/A Vista WgaER Data-->ThreatID(s): N/AVersion: N/A Windows XP Notifications Data-->Cached Result: 0File Exists: YesVersion: 1.5.540.0WgaTray.exe Signed By: MicrosoftWgaLogon.dll Signed By: Microsoft OGA Notifications Data-->Cached Result: N/A, hr = 0x80070002Version: N/A, hr = 0x80070002OGAExec.exe Signed By: N/A, hr = 0x80070002OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data-->Office Status: 100 GenuineMicrosoft Visio Professional 2002 SR-1 [English] - 100 GenuineMicrosoft Office Enterprise 2007 - 100 GenuineOGA Version: N/A, 0x80070002Signed By: N/A, hr = 0x80070002Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005 Browser Data-->Proxy settings: N/AUser Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)Default Browser: C:\Program Files\Mozilla Firefox\firefox.exeDownload signed ActiveX controls: PromptDownload unsigned ActiveX controls: DisabledRun ActiveX controls and plug-ins: AllowedInitialize and script ActiveX controls not marked as safe: DisabledAllow scripting of Internet Explorer Webbrowser control: DisabledActive scripting: AllowedScript ActiveX controls marked as safe for scripting: Allowed File Scan Data--> Other data-->Office Details: <GenuineResults><MachineData><UGUID>{59F5F760-AB9D-40D2-B136-435F575AC6F5}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>76477-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-1724573143-1416609827-1520951156</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dell DXP051 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>A04</Version><SMBIOSVersion major="2" minor="3"/><Date>20060419000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>2A173F3701846077</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Dell Dimension DXPO51</name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.5.540.0"/><File Name="WgaLogon.dll" Version="1.5.540.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90510409-6D54-11D4-BEE3-00C04F990354}"><LegitResult>100</LegitResult><Name>Microsoft Visio Professional 2002 SR-1 [English]</Name><Ver>10</Ver><Val>B07727A4C4B404C</Val><Hash>g7TU5cpk8XGUieJuay8QbOa4AXk=</Hash><Pid>54079-640-0000383-16068</Pid><PidType>14</PidType></Product><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>1DF4684CEE8B586</Val><Hash>0COS5gAhhspDMqHrtHQP/35EAvU=</Hash><Pid>89388-707-8049205-65831</Pid><PidType>14</PidType></Product></Products><Applications><App Id="51" Version="10" Result="100"/><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> Licensing Data-->N/A Windows Activation Technologies-->N/A HWID Data-->N/A OEM Activation 1.0 Data-->BIOS string matches: yesMarker string from BIOS: 1ABD7:Dell Inc|1ABD7:Microsoft CorporationMarker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System OEM Activation 2.0 Data-->N/A -
Big Freeze Part Deux
girlintrouble replied to girlintrouble's topic in Resolved Malware Removal Logs
You asked me to copy and paste FRST and ATTACH the addition file Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013Ran by aisha (administrator) on DELLXP on 05-11-2013 20:33:20Running from C:\Documents and Settings\aisha\Desktop\MWBMicrosoft Windows XP Home Edition Service Pack 2 (X86) OS Language: English(US)Internet Explorer Version 6Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe() C:\Program Files\Dell\Media Experience\DMXLauncher.exe(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe(Sonic Solutions) C:\WINDOWS\System32\DLA\DLACTRLW.EXE(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE() C:\Program Files\Comodo\Dragon\dragon_updater.exe() C:\Program Files\DivX\DivX Update\DivXUpdate.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Gteko Ltd.) C:\Program Files\Dell Support\DSAgnt.exe(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe() C:\Program Files\Comodo\IceDragon\icedragon_updater.exe(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe(Oracle Corporation) c:\oracle10gexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXE() C:\Oracle10GExpress\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe(Microsoft Corporation) C:\WINDOWS\hh.exe(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupHKLM\...\Run: [sigmatelSysTrayApp] - C:\WINDOWS\stsystra.exe [339968 2005-03-22] (SigmaTel, Inc.)HKLM\...\Run: [iAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [139264 2005-06-17] (Intel Corporation)HKLM\...\Run: [DMXLauncher] - C:\Program Files\Dell\Media Experience\DMXLauncher.exe [94208 2005-10-05] ()HKLM\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-06-10] (InstallShield Software Corporation)HKLM\...\Run: [iSUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-06-10] (InstallShield Software Corporation)HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [413696 2008-05-27] (Apple Inc.)HKLM\...\Run: [DLA] - C:\WINDOWS\system32\DLA\DLACTRLW.EXE [122940 2005-09-08] (Sonic Solutions)HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation)HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-01-11] (Adobe Systems Inc.)HKLM\...\Run: [] - [x]HKLM\...\Run: [MBkLogOnHook] - C:\Program Files\McAfee\MBK\LogOnHook.exeHKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [116040 2008-07-22] (Apple Inc.)HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM\...\Run: [EPSON Stylus Photo R300 Series] - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE [99840 2003-06-04] (SEIKO EPSON CORPORATION)HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-30] ()HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)HKLM\...\Policies\Explorer: [NoCDBurning] 0HKCU\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [306688 2004-07-19] (Gteko Ltd.)HKCU\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [143360 2006-12-23] (Nero AG)HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-07-30] (Hewlett-Packard Company)HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2007-06-09] (Google Inc.)MountPoints2: {1d4a2752-ae09-11de-b4e9-0013721a5dff} - J:\AutoRun.exeHKU\Default User\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [ 2004-07-19] (Gteko Ltd.)HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2006-12-23] (Nero AG)HKU\Guest\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [ 2004-07-19] (Gteko Ltd.)HKU\Guest\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2004-10-13] (Microsoft Corporation)HKU\Guest\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2006-12-23] (Nero AG)AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL [ 2009-10-30] (Google)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnkShortcutTarget: Windows Desktop Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ieHKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=genHKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=genSearchScopes: HKLM - DefaultScope {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=Jp4cI419vYr3XvBidpQ7pOTFycc?q={searchTerms}SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll No FileBHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)BHO: BeInSync Toolbar Helper - {BB544049-306F-45B5-B719-CF9AB5A05B8E} - C:\Program Files\BeInSync Toolbar\v3.2.0.0\BeInSync_Toolbar.dll No FileBHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)Toolbar: HKLM - BeInSync Toolbar - {1AC85D88-F777-471B-B541-48450C23F34D} - C:\Program Files\BeInSync Toolbar\v3.2.0.0\BeInSync_Toolbar.dll No FileToolbar: HKLM - BeInSync - {4F2530BA-8C1D-4A6A-8BA0-74E93ADC9B12} - C:\Program Files\BeInSync\BISShellEx.dll (BeInSync)Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No FileToolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No FileToolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No FileToolbar: HKCU - BeInSync Toolbar - {1AC85D88-F777-471B-B541-48450C23F34D} - C:\Program Files\BeInSync Toolbar\v3.2.0.0\BeInSync_Toolbar.dll No FileToolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No FileToolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cabDPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159278959265DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabHandler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [294400 2007-02-05] (Microsoft Corporation)ShellExecuteHooks: DPDblHook Class - {561F5138-43B1-45D9-AEC9-478C51C1BD09} - C:\PROGRA~1\BeInSync\BISShellEx.dll [138240 2007-06-04] (BeInSync)Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox:========FF ProfilePath: C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.defaultFF user.js: detected! => C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\user.jsFF DefaultSearchEngine: AVG Secure SearchFF SelectedSearchEngine: AVG Secure SearchFF Homepage: www.google.comFF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @pack.google.com/Google Updater;version=13 - C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll (Google)FF Plugin: @real.com/nppl3260;version=6.0.12.46 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprjplug;version=1.0.3.46 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprpjplug;version=6.0.12.46 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()FF Plugin: @zylom.com/ZylomGamesPlayer - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\aisha\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)FF SearchPlugin: C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\searchplugins\amazonbooksuk.xmlFF SearchPlugin: C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\searchplugins\dictionary.xmlFF SearchPlugin: C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\searchplugins\freedictmedical.xmlFF SearchPlugin: C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\searchplugins\searchplugins-backupFF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xmlFF Extension: British English Dictionary - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\en-GB@dictionaries.addons.mozilla.orgFF Extension: United States English Spellchecker - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\en-US@dictionaries.addons.mozilla.orgFF Extension: Google Toolbar for Firefox - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}FF Extension: ColorZilla - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}FF Extension: azan-times - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\azan-times@hamid.net.xpiFF Extension: feca4b87-3be4-43da-a1b1-137c24220968 - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpiFF Extension: izer - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\izer@camelcamelcamel.com.xpiFF Extension: jid0-irAmugmQgdURBSCIFZAcjR8ZQMg - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpiFF Extension: jid0-SQnwtgW1b8BsMB5PLV5WScEDWOw - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOw@jetpack.xpiFF Extension: YoutubeDownloader - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\YoutubeDownloader@huangho.net76.net.xpiFF Extension: aios - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpiFF Extension: defaults - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpiFF Extension: preferences - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpiFF Extension: Adblock Plus - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpiFF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecordFF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecordFF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5FF HKCU\...\Firefox\Extensions: [{57E72829-C158-4341-BBED-58F0AD1740FD}] - C:\Program Files\Google\Google Photos Screensaver\FF_extFF Extension: Google Photos Screensaver - C:\Program Files\Google\Google Photos Screensaver\FF_ext ========================== Services (Whitelisted) ================= R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [116040 2008-07-22] (Apple Inc.)R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2104968 2013-10-09] ()S3 GoogleDesktopManager-093009-130223; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2009-10-30] (Google)S2 gupdate1c8c8d8c2edac0a; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2008-08-28] (Google Inc.)R2 IceDragonUpdater; C:\Program Files\Comodo\IceDragon\icedragon_updater.exe [1821384 2013-07-14] ()R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation)S4 OracleJobSchedulerXE; c:\oracle10gexpress\app\oracle\product\10.2.0\server\Bin\extjob.exe [102400 2006-02-02] ()S3 OracleMTSRecoveryService; C:\Oracle10GExpress\app\oracle\product\10.2.0\server\BIN\omtsreco.exe [57616 2006-02-02] (Oracle Corporation)R2 OracleServiceXE; c:\oracle10gexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXE [59064320 2006-02-02] (Oracle Corporation)S3 OracleXEClrAgent; C:\Oracle10GExpress\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe [45056 2006-02-02] ()R2 OracleXETNSListener; C:\Oracle10GExpress\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [204800 2006-02-02] ()S3 wampapache; c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [24635 2008-01-18] (Apache Software Foundation)S3 wampmysqld; c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe [5750784 2008-04-17] ()R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" ==================== Drivers (Whitelisted) ==================== S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120632 2013-09-25] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209208 2013-09-02] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [145720 2013-09-02] (AVG Technologies CZ, s.r.o.)R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-10] (AVG Technologies CZ, s.r.o.)R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-09-02] (AVG Technologies CZ, s.r.o.)R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102200 2013-08-20] (AVG Technologies CZ, s.r.o.)R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-08] (AVG Technologies CZ, s.r.o.)R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)S3 btaudio; C:\Windows\System32\drivers\btaudio.sys [534440 2008-04-15] (Broadcom Corporation.)R3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [37160 2008-02-04] (Broadcom Corporation.)R3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [990632 2008-04-15] (Broadcom Corporation.)S3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [156392 2007-09-20] (Broadcom Corporation.)S3 btwhid; C:\Windows\System32\DRIVERS\btwhid.sys [57384 2008-03-10] (Broadcom Corporation.)S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [47272 2008-03-27] (Broadcom Corporation.)R2 DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [25628 2005-09-08] (Sonic Solutions)R1 DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [5628 2005-08-25] (Sonic Solutions)R2 DLADResN; C:\Windows\System32\DLA\DLADResN.SYS [2496 2005-09-08] (Sonic Solutions)R2 DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [86524 2005-09-08] (Sonic Solutions)R2 DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [14684 2005-09-08] (Sonic Solutions)R2 DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [6364 2005-09-08] (Sonic Solutions)R1 DLARTL_N; C:\Windows\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions)R2 DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [94332 2005-09-08] (Sonic Solutions)R2 DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [87036 2005-09-08] (Sonic Solutions)S3 DNINDIS5; C:\WINDOWS\system32\DNINDIS5.SYS [17149 2003-07-24] (Printing Communications Assoc., Inc. (PCAUSA))S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation)R2 DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions)S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI)S3 k750mdfl; C:\Windows\System32\DRIVERS\k750mdfl.sys [6576 2005-02-11] (MCCI)S3 k750mdm; C:\Windows\System32\DRIVERS\k750mdm.sys [89872 2005-02-11] (MCCI)S3 k750mgmt; C:\Windows\System32\DRIVERS\k750mgmt.sys [81728 2005-02-11] (MCCI)S3 k750obex; C:\Windows\System32\DRIVERS\k750obex.sys [79488 2005-02-11] (MCCI)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)R2 MDC8021X; C:\Windows\System32\DRIVERS\mdc8021x.sys [15890 2007-02-04] (Meetinghouse Data Communications)R1 PQNTDrv; C:\Windows\System32\Drivers\PQNTDrv.sys [4228 2003-03-14] (PowerQuest Corporation)R1 RapportCerberus_59849; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-10-28] ()R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [157264 2013-10-17] (Trusteer Ltd.)R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [230448 2013-10-17] (Trusteer Ltd.)R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1047816 2005-11-16] (SigmaTel, Inc.)S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [12416 2007-07-11] (LG Electronics Inc.)S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19840 2007-07-11] (LG Electronics Inc.)S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [21632 2007-07-11] (LG Electronics Inc.)S3 AR5523; system32\DRIVERS\wg11tnd5.sys [x]S3 ATHFMWDL; System32\Drivers\ATHFMWDL.sys [x]S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]S3 wanatw; system32\DRIVERS\wanatw4.sys [x]U3 mbr; \??\C:\DOCUME~1\aisha\LOCALS~1\Temp\mbr.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-05 20:32 - 2013-11-05 20:32 - 00000000 ____D C:\FRST2013-11-05 17:40 - 2013-11-05 20:32 - 00000000 ____D C:\Documents and Settings\aisha\Desktop\MWB2013-11-05 17:37 - 2013-11-05 17:37 - 00024373 _____ C:\Documents and Settings\aisha\Desktop\dds.txt2013-11-05 17:37 - 2013-11-05 17:37 - 00020818 _____ C:\Documents and Settings\aisha\Desktop\attach.txt2013-10-30 21:00 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll2013-10-30 21:00 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll2013-10-30 21:00 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll2013-10-30 21:00 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll2013-10-30 21:00 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll2013-10-30 21:00 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll2013-10-30 21:00 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll2013-10-30 21:00 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll2013-10-30 21:00 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll2013-10-30 21:00 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll2013-10-30 21:00 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll2013-10-30 21:00 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll2013-10-30 21:00 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll2013-10-30 21:00 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll2013-10-30 21:00 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll2013-10-30 21:00 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll2013-10-30 21:00 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll2013-10-30 21:00 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll2013-10-30 21:00 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll2013-10-30 21:00 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll2013-10-30 21:00 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll2013-10-30 21:00 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll2013-10-30 21:00 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll2013-10-30 21:00 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll2013-10-30 21:00 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll2013-10-30 21:00 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll2013-10-30 21:00 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll2013-10-30 21:00 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll2013-10-30 21:00 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll2013-10-30 21:00 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll2013-10-30 21:00 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll2013-10-30 21:00 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll2013-10-30 21:00 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll2013-10-30 21:00 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll2013-10-30 21:00 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll2013-10-30 21:00 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll2013-10-30 21:00 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll2013-10-30 21:00 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll2013-10-30 21:00 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll2013-10-30 21:00 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll2013-10-30 21:00 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll2013-10-30 21:00 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll2013-10-30 21:00 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll2013-10-30 20:59 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll2013-10-30 20:59 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll2013-10-30 20:59 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll2013-10-30 20:59 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll2013-10-30 20:59 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll2013-10-30 20:59 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll2013-10-30 20:59 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll2013-10-30 20:59 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll2013-10-30 20:59 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll2013-10-30 20:59 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll2013-10-30 20:59 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll2013-10-30 20:59 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll2013-10-30 20:59 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll2013-10-30 20:59 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll2013-10-30 20:59 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll2013-10-30 20:59 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll2013-10-30 20:59 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll2013-10-30 20:59 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll2013-10-30 20:59 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll2013-10-30 20:59 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll2013-10-30 20:59 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll2013-10-30 20:59 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll2013-10-30 20:59 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll2013-10-30 20:59 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll2013-10-30 20:59 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll2013-10-30 20:59 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll2013-10-30 20:59 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll2013-10-30 20:59 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll2013-10-30 20:59 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll2013-10-30 20:59 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll2013-10-30 20:59 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll2013-10-30 20:59 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll2013-10-30 20:59 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll2013-10-30 20:59 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll2013-10-30 20:59 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll2013-10-30 20:59 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll2013-10-30 20:59 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll2013-10-30 20:59 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll2013-10-30 20:59 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll2013-10-30 20:59 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll2013-10-30 20:59 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll2013-10-30 20:59 - 2005-12-05 18:07 - 00061136 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput9_1_0.dll2013-10-30 20:59 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll2013-10-30 20:59 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll2013-10-30 20:59 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll2013-10-30 20:59 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll2013-10-21 00:39 - 2013-10-21 00:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO2013-10-20 13:19 - 2013-11-05 20:14 - 00955932 _____ C:\WINDOWS\WindowsUpdate.log2013-10-18 02:16 - 2013-10-18 02:16 - 04369632 _____ (Piriform Ltd) C:\Documents and Settings\aisha\Desktop\ccsetup406.exe2013-10-17 21:46 - 2013-10-17 21:46 - 00000000 ____D C:\Program Files\Common Files\Skype2013-10-17 21:46 - 2013-10-17 21:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype2013-10-17 19:20 - 2013-10-17 19:20 - 00048392 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll2013-10-17 15:04 - 2013-10-17 15:04 - 00108816 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys2013-10-10 12:07 - 2013-10-10 12:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG ==================== One Month Modified Files and Folders ======= 2013-11-05 20:32 - 2013-11-05 20:32 - 00000000 ____D C:\FRST2013-11-05 20:32 - 2013-11-05 17:40 - 00000000 ____D C:\Documents and Settings\aisha\Desktop\MWB2013-11-05 20:29 - 2009-09-30 21:40 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2013-11-05 20:14 - 2013-10-20 13:19 - 00955932 _____ C:\WINDOWS\WindowsUpdate.log2013-11-05 19:55 - 2012-12-19 21:36 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2013-11-05 18:08 - 2012-12-19 20:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData2013-11-05 17:37 - 2013-11-05 17:37 - 00024373 _____ C:\Documents and Settings\aisha\Desktop\dds.txt2013-11-05 17:37 - 2013-11-05 17:37 - 00020818 _____ C:\Documents and Settings\aisha\Desktop\attach.txt2013-11-05 17:31 - 2013-07-28 21:40 - 00000868 _____ C:\WINDOWS\Tasks\Google Software Updater.job2013-11-05 15:23 - 2006-06-09 11:34 - 00000000 ____D C:\Documents and Settings\aisha\Local Settings\Application Data\Google2013-11-05 14:31 - 2013-04-14 16:10 - 00000000 ____D C:\Documents and Settings\aisha\My Documents\My Kindle Content2013-11-05 11:34 - 2004-08-10 11:51 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl2013-11-05 11:31 - 2004-08-10 11:59 - 00000236 _____ C:\WINDOWS\wiadebug.log2013-11-05 11:31 - 2004-08-10 11:59 - 00000049 _____ C:\WINDOWS\wiaservc.log2013-11-05 11:30 - 2009-09-30 21:40 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2013-11-05 11:30 - 2006-05-31 16:58 - 00050257 _____ C:\WINDOWS\system32\nvapps.xml2013-11-05 11:30 - 2004-08-10 12:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2013-11-05 02:10 - 2004-08-10 12:08 - 00032496 _____ C:\WINDOWS\SchedLgU.Txt2013-11-05 02:07 - 2006-06-09 11:34 - 00000178 ___SH C:\Documents and Settings\aisha\ntuser.ini2013-11-05 02:07 - 2006-06-09 11:34 - 00000000 ____D C:\Documents and Settings\aisha2013-11-04 21:35 - 2007-12-10 21:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google Updater2013-11-04 21:20 - 2012-12-19 20:30 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk2013-11-04 21:20 - 2012-12-19 20:30 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-11-04 21:20 - 2012-12-19 20:30 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware2013-11-04 10:42 - 2012-12-19 19:17 - 00000000 ____D C:\Documents and Settings\aisha\My Documents\20122013-11-03 02:20 - 2006-07-28 19:26 - 00000000 ____D C:\Documents and Settings\aisha\Application Data\Skype2013-11-02 16:25 - 2013-01-23 01:53 - 00013967 _____ C:\Documents and Settings\aisha\Desktop\HALIFAX.odt2013-10-30 21:00 - 2004-08-10 12:02 - 00000000 ____D C:\WINDOWS\system32\DirectX2013-10-30 20:58 - 2004-08-10 12:09 - 00000000 ____D C:\WINDOWS\Microsoft.NET2013-10-28 12:52 - 2013-09-26 22:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection2013-10-27 11:14 - 2004-08-10 11:57 - 00557242 _____ C:\WINDOWS\system32\PerfStringBackup.INI2013-10-24 17:30 - 2006-08-02 20:57 - 00046592 ____C C:\Documents and Settings\aisha\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-10-21 00:39 - 2013-10-21 00:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO2013-10-18 23:39 - 2013-04-02 12:25 - 00000000 ____D C:\Documents and Settings\aisha\Desktop\ESA2013-10-18 02:25 - 2012-12-19 19:21 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service2013-10-18 02:17 - 2012-12-19 20:40 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk2013-10-18 02:17 - 2012-12-19 20:40 - 00000000 ____D C:\Program Files\CCleaner2013-10-18 02:16 - 2013-10-18 02:16 - 04369632 _____ (Piriform Ltd) C:\Documents and Settings\aisha\Desktop\ccsetup406.exe2013-10-18 02:14 - 2013-10-03 18:00 - 00000000 ____D C:\Program Files\Mozilla Firefox2013-10-17 21:46 - 2013-10-17 21:46 - 00000000 ____D C:\Program Files\Common Files\Skype2013-10-17 21:46 - 2013-10-17 21:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype2013-10-17 21:46 - 2007-03-15 22:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype2013-10-17 21:46 - 2006-07-28 19:26 - 00000000 ___RD C:\Program Files\Skype2013-10-17 19:25 - 2012-12-20 01:33 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO2013-10-17 19:20 - 2013-10-17 19:20 - 00048392 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll2013-10-17 19:20 - 2012-12-19 21:25 - 00000000 ____D C:\Documents and Settings\aisha\Local Settings\Application Data\COMODO2013-10-17 19:19 - 2012-12-19 21:24 - 00000000 ____D C:\Program Files\Comodo2013-10-17 15:04 - 2013-10-17 15:04 - 00108816 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys2013-10-10 12:07 - 2013-10-10 12:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG2013-10-10 12:07 - 2013-09-27 17:12 - 00000702 _____ C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk2013-10-10 12:06 - 2012-12-19 20:24 - 00000000 ___HD C:\$AVG2013-10-09 00:55 - 2012-12-19 21:36 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe2013-10-09 00:55 - 2012-12-19 21:36 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe[2004-08-10 11:51] - [2007-06-13 10:23] - 1033216 ____A (Microsoft Corporation) 97bd6515465659ff8f3b7be375b2ea87 C:\Windows\System32\winlogon.exe[2004-08-10 11:51] - [2004-08-04 04:00] - 0502272 ____A (Microsoft Corporation) 01c3346c241652f43aed8e2149881bfe C:\Windows\System32\svchost.exe[2004-08-10 11:51] - [2004-08-04 04:00] - 0014336 ____A (Microsoft Corporation) 8f078ae4ed187aaabc0a305146de6716 C:\Windows\System32\services.exe[2004-08-10 11:51] - [2009-02-06 10:22] - 0110592 ____A (Microsoft Corporation) 4712531ab7a01b7ee059853ca17d39bd C:\Windows\System32\User32.dll[2004-08-10 11:51] - [2007-03-08 15:36] - 0577536 ____A (Microsoft Corporation) b409909f6e2e8a7067076ed748abf1e7 C:\Windows\System32\userinit.exe[2004-08-10 11:51] - [2004-08-04 04:00] - 0024576 ____A (Microsoft Corporation) 39b1ffb03c2296323832acbae50d2aff C:\Windows\System32\Drivers\volsnap.sys[2004-08-10 11:51] - [2004-08-04 04:00] - 0052352 ____A (Microsoft Corporation) ee4660083deba849ff6c485d944b379b ==================== End Of Log ============================attach.txt -
Big Freeze Part Deux
girlintrouble replied to girlintrouble's topic in Resolved Malware Removal Logs
Hi Kevin I just wanted to say the freeze occurs when I MWB scan, I think what I wrote didnt make that clear Pls let me know if I should do something other than your suggestion. Thanks