Big Freeze Part Deux

[girlintrouble]

Hi lovely peeps

I say this as the msg said you guys are volunteers so Ill start by saying thanks for being there. I hope someone can help

 

I posted: the following in your general help section>>

Hi there guys

Im running win XP,  running latest MWB with latest definitions. Recently I find it hangs and then I have to force shutdown my machine to regain control. Cringe   - really dont like doing that

 

I dont have any other problems on my machine, it runs an AVG scan from start to end no problem.

 

Today (now yesterday) I saw it found 2 infections, but I had to shutdown mid scan as it really seemed stuck...when I rebooted and looked in quarantine it was empty

 

Tried re-scanning but again it got stuck again.

 

Any suggestions would be gratefully accepted.

thanks : 

 

Firefox replied by suggesting I was infected and I should run DDS

 

Im attaching the output below.

Its and old machine but its been running ok generally
im not getting any other symptoms of infection other than after I tell it to shutdown it takes a while before the shutdown box opens

 

Hope you guys can help

Thanks

 

 

attach.txt

dds.txt

[kevinf80]

Hello and

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

 

Kevin

[girlintrouble]

Hi Kevin
I just wanted to say the freeze occurs when I MWB scan, I think what I wrote didnt make that clear

Pls let me know if I should do something other than your suggestion.

Thanks 

[girlintrouble]

You asked me to copy and paste FRST and ATTACH the addition file

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013

Ran by aisha (administrator) on DELLXP on 05-11-2013 20:33:20

Running from C:\Documents and Settings\aisha\Desktop\MWB

Microsoft Windows XP Home Edition Service Pack 2 (X86) OS Language: English(US)

Internet Explorer Version 6

Boot Mode: Normal

 

==================== Processes (Whitelisted) ===================

 

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe

(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe

(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe

() C:\Program Files\Dell\Media Experience\DMXLauncher.exe

(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe

(Sonic Solutions) C:\WINDOWS\System32\DLA\DLACTRLW.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe

(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe

(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE

() C:\Program Files\Comodo\Dragon\dragon_updater.exe

() C:\Program Files\DivX\DivX Update\DivXUpdate.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Gteko Ltd.) C:\Program Files\Dell Support\DSAgnt.exe

(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

() C:\Program Files\Comodo\IceDragon\icedragon_updater.exe

(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(Oracle Corporation) c:\oracle10gexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXE

() C:\Oracle10GExpress\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe

(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe

(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe

(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe

(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe

(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe

(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe

(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe

(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe

(Microsoft Corporation) C:\WINDOWS\hh.exe

(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe

(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe

(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe

(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [sigmatelSysTrayApp] - C:\WINDOWS\stsystra.exe [339968 2005-03-22] (SigmaTel, Inc.)

HKLM\...\Run: [iAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [139264 2005-06-17] (Intel Corporation)

HKLM\...\Run: [DMXLauncher] - C:\Program Files\Dell\Media Experience\DMXLauncher.exe [94208 2005-10-05] ()

HKLM\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-06-10] (InstallShield Software Corporation)

HKLM\...\Run: [iSUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-06-10] (InstallShield Software Corporation)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [413696 2008-05-27] (Apple Inc.)

HKLM\...\Run: [DLA] - C:\WINDOWS\system32\DLA\DLACTRLW.EXE [122940 2005-09-08] (Sonic Solutions)

HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation)

HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-01-11] (Adobe Systems Inc.)

HKLM\...\Run: [] - [x]

HKLM\...\Run: [MBkLogOnHook] - C:\Program Files\McAfee\MBK\LogOnHook.exe

HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)

HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [116040 2008-07-22] (Apple Inc.)

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [EPSON Stylus Photo R300 Series] - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE [99840 2003-06-04] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()

HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-30] ()

HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKLM\...\Policies\Explorer: [NoCDBurning] 0

HKCU\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [306688 2004-07-19] (Gteko Ltd.)

HKCU\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [143360 2006-12-23] (Nero AG)

HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-07-30] (Hewlett-Packard Company)

HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2007-06-09] (Google Inc.)

MountPoints2: {1d4a2752-ae09-11de-b4e9-0013721a5dff} - J:\AutoRun.exe

HKU\Default User\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [ 2004-07-19] (Gteko Ltd.)

HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2006-12-23] (Nero AG)

HKU\Guest\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [ 2004-07-19] (Gteko Ltd.)

HKU\Guest\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2004-10-13] (Microsoft Corporation)

HKU\Guest\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2006-12-23] (Nero AG)

AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL [ 2009-10-30] (Google)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk

ShortcutTarget: Windows Desktop Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen

SearchScopes: HKLM - DefaultScope {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = 

SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=Jp4cI419vYr3XvBidpQ7pOTFycc?q={searchTerms}

SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll No File

BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File

BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)

BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

BHO: BeInSync Toolbar Helper - {BB544049-306F-45B5-B719-CF9AB5A05B8E} - C:\Program Files\BeInSync Toolbar\v3.2.0.0\BeInSync_Toolbar.dll No File

BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

Toolbar: HKLM - BeInSync Toolbar - {1AC85D88-F777-471B-B541-48450C23F34D} - C:\Program Files\BeInSync Toolbar\v3.2.0.0\BeInSync_Toolbar.dll No File

Toolbar: HKLM - BeInSync - {4F2530BA-8C1D-4A6A-8BA0-74E93ADC9B12} - C:\Program Files\BeInSync\BISShellEx.dll (BeInSync)

Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File

Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File

Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File

Toolbar: HKCU - BeInSync Toolbar - {1AC85D88-F777-471B-B541-48450C23F34D} - C:\Program Files\BeInSync Toolbar\v3.2.0.0\BeInSync_Toolbar.dll No File

Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File

Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159278959265

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [294400 2007-02-05] (Microsoft Corporation)

ShellExecuteHooks: DPDblHook Class - {561F5138-43B1-45D9-AEC9-478C51C1BD09} - C:\PROGRA~1\BeInSync\BISShellEx.dll [138240 2007-06-04] (BeInSync)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

 

FireFox:

========

FF ProfilePath: C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default

FF user.js: detected! => C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\user.js

FF DefaultSearchEngine: AVG Secure Search

FF SelectedSearchEngine: AVG Secure Search

FF Homepage: www.google.com

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @pack.google.com/Google Updater;version=13 - C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll (Google)

FF Plugin: @real.com/nppl3260;version=6.0.12.46 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=1.0.3.46 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpjplug;version=6.0.12.46 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF Plugin: @zylom.com/ZylomGamesPlayer - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\aisha\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF SearchPlugin: C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\searchplugins\amazonbooksuk.xml

FF SearchPlugin: C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\searchplugins\dictionary.xml

FF SearchPlugin: C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\searchplugins\freedictmedical.xml

FF SearchPlugin: C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\searchplugins\searchplugins-backup

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml

FF Extension: British English Dictionary - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\en-GB@dictionaries.addons.mozilla.org

FF Extension: United States English Spellchecker - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\en-US@dictionaries.addons.mozilla.org

FF Extension: Google Toolbar for Firefox - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF Extension: ColorZilla - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}

FF Extension: azan-times - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\azan-times@hamid.net.xpi

FF Extension: feca4b87-3be4-43da-a1b1-137c24220968 - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi

FF Extension: izer - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\izer@camelcamelcamel.com.xpi

FF Extension: jid0-irAmugmQgdURBSCIFZAcjR8ZQMg - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpi

FF Extension: jid0-SQnwtgW1b8BsMB5PLV5WScEDWOw - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOw@jetpack.xpi

FF Extension: YoutubeDownloader - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\YoutubeDownloader@huangho.net76.net.xpi

FF Extension: aios - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi

FF Extension: defaults - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi

FF Extension: preferences - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi

FF Extension: Adblock Plus - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}

FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord

FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF HKCU\...\Firefox\Extensions: [{57E72829-C158-4341-BBED-58F0AD1740FD}] - C:\Program Files\Google\Google Photos Screensaver\FF_ext

FF Extension: Google Photos Screensaver - C:\Program Files\Google\Google Photos Screensaver\FF_ext

 

========================== Services (Whitelisted) =================

 

R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [116040 2008-07-22] (Apple Inc.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)

R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2104968 2013-10-09] ()

S3 GoogleDesktopManager-093009-130223; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2009-10-30] (Google)

S2 gupdate1c8c8d8c2edac0a; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2008-08-28] (Google Inc.)

R2 IceDragonUpdater; C:\Program Files\Comodo\IceDragon\icedragon_updater.exe [1821384 2013-07-14] ()

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation)

S4 OracleJobSchedulerXE; c:\oracle10gexpress\app\oracle\product\10.2.0\server\Bin\extjob.exe [102400 2006-02-02] ()

S3 OracleMTSRecoveryService; C:\Oracle10GExpress\app\oracle\product\10.2.0\server\BIN\omtsreco.exe [57616 2006-02-02] (Oracle Corporation)

R2 OracleServiceXE; c:\oracle10gexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXE [59064320 2006-02-02] (Oracle Corporation)

S3 OracleXEClrAgent; C:\Oracle10GExpress\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe [45056 2006-02-02] ()

R2 OracleXETNSListener; C:\Oracle10GExpress\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [204800 2006-02-02] ()

S3 wampapache; c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [24635 2008-01-18] (Apache Software Foundation)

S3 wampmysqld; c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe [5750784 2008-04-17] ()

R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

 

==================== Drivers (Whitelisted) ====================

 

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120632 2013-09-25] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209208 2013-09-02] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [145720 2013-09-02] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-10] (AVG Technologies CZ, s.r.o.)

R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-09-02] (AVG Technologies CZ, s.r.o.)

R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102200 2013-08-20] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-08] (AVG Technologies CZ, s.r.o.)

R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)

S3 btaudio; C:\Windows\System32\drivers\btaudio.sys [534440 2008-04-15] (Broadcom Corporation.)

R3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [37160 2008-02-04] (Broadcom Corporation.)

R3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [990632 2008-04-15] (Broadcom Corporation.)

S3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [156392 2007-09-20] (Broadcom Corporation.)

S3 btwhid; C:\Windows\System32\DRIVERS\btwhid.sys [57384 2008-03-10] (Broadcom Corporation.)

S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [47272 2008-03-27] (Broadcom Corporation.)

R2 DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [25628 2005-09-08] (Sonic Solutions)

R1 DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [5628 2005-08-25] (Sonic Solutions)

R2 DLADResN; C:\Windows\System32\DLA\DLADResN.SYS [2496 2005-09-08] (Sonic Solutions)

R2 DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [86524 2005-09-08] (Sonic Solutions)

R2 DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [14684 2005-09-08] (Sonic Solutions)

R2 DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [6364 2005-09-08] (Sonic Solutions)

R1 DLARTL_N; C:\Windows\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions)

R2 DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [94332 2005-09-08] (Sonic Solutions)

R2 DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [87036 2005-09-08] (Sonic Solutions)

S3 DNINDIS5; C:\WINDOWS\system32\DNINDIS5.SYS [17149 2003-07-24] (Printing Communications Assoc., Inc. (PCAUSA))

S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation)

R2 DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions)

S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI)

S3 k750mdfl; C:\Windows\System32\DRIVERS\k750mdfl.sys [6576 2005-02-11] (MCCI)

S3 k750mdm; C:\Windows\System32\DRIVERS\k750mdm.sys [89872 2005-02-11] (MCCI)

S3 k750mgmt; C:\Windows\System32\DRIVERS\k750mgmt.sys [81728 2005-02-11] (MCCI)

S3 k750obex; C:\Windows\System32\DRIVERS\k750obex.sys [79488 2005-02-11] (MCCI)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

R2 MDC8021X; C:\Windows\System32\DRIVERS\mdc8021x.sys [15890 2007-02-04] (Meetinghouse Data Communications)

R1 PQNTDrv; C:\Windows\System32\Drivers\PQNTDrv.sys [4228 2003-03-14] (PowerQuest Corporation)

R1 RapportCerberus_59849; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-10-28] ()

R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [157264 2013-10-17] (Trusteer Ltd.)

R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [230448 2013-10-17] (Trusteer Ltd.)

R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1047816 2005-11-16] (SigmaTel, Inc.)

S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [12416 2007-07-11] (LG Electronics Inc.)

S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19840 2007-07-11] (LG Electronics Inc.)

S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [21632 2007-07-11] (LG Electronics Inc.)

S3 AR5523; system32\DRIVERS\wg11tnd5.sys [x]

S3 ATHFMWDL; System32\Drivers\ATHFMWDL.sys [x]

S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]

S3 wanatw; system32\DRIVERS\wanatw4.sys [x]

U3 mbr; \??\C:\DOCUME~1\aisha\LOCALS~1\Temp\mbr.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-11-05 20:32 - 2013-11-05 20:32 - 00000000 ____D C:\FRST

2013-11-05 17:40 - 2013-11-05 20:32 - 00000000 ____D C:\Documents and Settings\aisha\Desktop\MWB

2013-11-05 17:37 - 2013-11-05 17:37 - 00024373 _____ C:\Documents and Settings\aisha\Desktop\dds.txt

2013-11-05 17:37 - 2013-11-05 17:37 - 00020818 _____ C:\Documents and Settings\aisha\Desktop\attach.txt

2013-10-30 21:00 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll

2013-10-30 21:00 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll

2013-10-30 21:00 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll

2013-10-30 21:00 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll

2013-10-30 21:00 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll

2013-10-30 21:00 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll

2013-10-30 21:00 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll

2013-10-30 21:00 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll

2013-10-30 21:00 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll

2013-10-30 21:00 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll

2013-10-30 21:00 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll

2013-10-30 21:00 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll

2013-10-30 21:00 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll

2013-10-30 21:00 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll

2013-10-30 21:00 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll

2013-10-30 21:00 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll

2013-10-30 21:00 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll

2013-10-30 21:00 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll

2013-10-30 21:00 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll

2013-10-30 21:00 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll

2013-10-30 21:00 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll

2013-10-30 21:00 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll

2013-10-30 21:00 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll

2013-10-30 21:00 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll

2013-10-30 21:00 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll

2013-10-30 21:00 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll

2013-10-30 21:00 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll

2013-10-30 21:00 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll

2013-10-30 21:00 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll

2013-10-30 21:00 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll

2013-10-30 21:00 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll

2013-10-30 21:00 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll

2013-10-30 21:00 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll

2013-10-30 21:00 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll

2013-10-30 21:00 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll

2013-10-30 21:00 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll

2013-10-30 21:00 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll

2013-10-30 21:00 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll

2013-10-30 21:00 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll

2013-10-30 21:00 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll

2013-10-30 21:00 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll

2013-10-30 21:00 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll

2013-10-30 21:00 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll

2013-10-30 20:59 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll

2013-10-30 20:59 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll

2013-10-30 20:59 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll

2013-10-30 20:59 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll

2013-10-30 20:59 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll

2013-10-30 20:59 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll

2013-10-30 20:59 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll

2013-10-30 20:59 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll

2013-10-30 20:59 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll

2013-10-30 20:59 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll

2013-10-30 20:59 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll

2013-10-30 20:59 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll

2013-10-30 20:59 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll

2013-10-30 20:59 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll

2013-10-30 20:59 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll

2013-10-30 20:59 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll

2013-10-30 20:59 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll

2013-10-30 20:59 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll

2013-10-30 20:59 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll

2013-10-30 20:59 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll

2013-10-30 20:59 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll

2013-10-30 20:59 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll

2013-10-30 20:59 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll

2013-10-30 20:59 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll

2013-10-30 20:59 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll

2013-10-30 20:59 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll

2013-10-30 20:59 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll

2013-10-30 20:59 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll

2013-10-30 20:59 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll

2013-10-30 20:59 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll

2013-10-30 20:59 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll

2013-10-30 20:59 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll

2013-10-30 20:59 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll

2013-10-30 20:59 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll

2013-10-30 20:59 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll

2013-10-30 20:59 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll

2013-10-30 20:59 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll

2013-10-30 20:59 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll

2013-10-30 20:59 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll

2013-10-30 20:59 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll

2013-10-30 20:59 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll

2013-10-30 20:59 - 2005-12-05 18:07 - 00061136 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput9_1_0.dll

2013-10-30 20:59 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll

2013-10-30 20:59 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll

2013-10-30 20:59 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll

2013-10-30 20:59 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll

2013-10-21 00:39 - 2013-10-21 00:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO

2013-10-20 13:19 - 2013-11-05 20:14 - 00955932 _____ C:\WINDOWS\WindowsUpdate.log

2013-10-18 02:16 - 2013-10-18 02:16 - 04369632 _____ (Piriform Ltd) C:\Documents and Settings\aisha\Desktop\ccsetup406.exe

2013-10-17 21:46 - 2013-10-17 21:46 - 00000000 ____D C:\Program Files\Common Files\Skype

2013-10-17 21:46 - 2013-10-17 21:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype

2013-10-17 19:20 - 2013-10-17 19:20 - 00048392 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll

2013-10-17 15:04 - 2013-10-17 15:04 - 00108816 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys

2013-10-10 12:07 - 2013-10-10 12:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG

 

==================== One Month Modified Files and Folders =======

 

2013-11-05 20:32 - 2013-11-05 20:32 - 00000000 ____D C:\FRST

2013-11-05 20:32 - 2013-11-05 17:40 - 00000000 ____D C:\Documents and Settings\aisha\Desktop\MWB

2013-11-05 20:29 - 2009-09-30 21:40 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2013-11-05 20:14 - 2013-10-20 13:19 - 00955932 _____ C:\WINDOWS\WindowsUpdate.log

2013-11-05 19:55 - 2012-12-19 21:36 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2013-11-05 18:08 - 2012-12-19 20:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData

2013-11-05 17:37 - 2013-11-05 17:37 - 00024373 _____ C:\Documents and Settings\aisha\Desktop\dds.txt

2013-11-05 17:37 - 2013-11-05 17:37 - 00020818 _____ C:\Documents and Settings\aisha\Desktop\attach.txt

2013-11-05 17:31 - 2013-07-28 21:40 - 00000868 _____ C:\WINDOWS\Tasks\Google Software Updater.job

2013-11-05 15:23 - 2006-06-09 11:34 - 00000000 ____D C:\Documents and Settings\aisha\Local Settings\Application Data\Google

2013-11-05 14:31 - 2013-04-14 16:10 - 00000000 ____D C:\Documents and Settings\aisha\My Documents\My Kindle Content

2013-11-05 11:34 - 2004-08-10 11:51 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl

2013-11-05 11:31 - 2004-08-10 11:59 - 00000236 _____ C:\WINDOWS\wiadebug.log

2013-11-05 11:31 - 2004-08-10 11:59 - 00000049 _____ C:\WINDOWS\wiaservc.log

2013-11-05 11:30 - 2009-09-30 21:40 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2013-11-05 11:30 - 2006-05-31 16:58 - 00050257 _____ C:\WINDOWS\system32\nvapps.xml

2013-11-05 11:30 - 2004-08-10 12:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2013-11-05 02:10 - 2004-08-10 12:08 - 00032496 _____ C:\WINDOWS\SchedLgU.Txt

2013-11-05 02:07 - 2006-06-09 11:34 - 00000178 ___SH C:\Documents and Settings\aisha\ntuser.ini

2013-11-05 02:07 - 2006-06-09 11:34 - 00000000 ____D C:\Documents and Settings\aisha

2013-11-04 21:35 - 2007-12-10 21:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google Updater

2013-11-04 21:20 - 2012-12-19 20:30 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

2013-11-04 21:20 - 2012-12-19 20:30 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-11-04 21:20 - 2012-12-19 20:30 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

2013-11-04 10:42 - 2012-12-19 19:17 - 00000000 ____D C:\Documents and Settings\aisha\My Documents\2012

2013-11-03 02:20 - 2006-07-28 19:26 - 00000000 ____D C:\Documents and Settings\aisha\Application Data\Skype

2013-11-02 16:25 - 2013-01-23 01:53 - 00013967 _____ C:\Documents and Settings\aisha\Desktop\HALIFAX.odt

2013-10-30 21:00 - 2004-08-10 12:02 - 00000000 ____D C:\WINDOWS\system32\DirectX

2013-10-30 20:58 - 2004-08-10 12:09 - 00000000 ____D C:\WINDOWS\Microsoft.NET

2013-10-28 12:52 - 2013-09-26 22:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection

2013-10-27 11:14 - 2004-08-10 11:57 - 00557242 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2013-10-24 17:30 - 2006-08-02 20:57 - 00046592 ____C C:\Documents and Settings\aisha\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-10-21 00:39 - 2013-10-21 00:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO

2013-10-18 23:39 - 2013-04-02 12:25 - 00000000 ____D C:\Documents and Settings\aisha\Desktop\ESA

2013-10-18 02:25 - 2012-12-19 19:21 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-10-18 02:17 - 2012-12-19 20:40 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

2013-10-18 02:17 - 2012-12-19 20:40 - 00000000 ____D C:\Program Files\CCleaner

2013-10-18 02:16 - 2013-10-18 02:16 - 04369632 _____ (Piriform Ltd) C:\Documents and Settings\aisha\Desktop\ccsetup406.exe

2013-10-18 02:14 - 2013-10-03 18:00 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-10-17 21:46 - 2013-10-17 21:46 - 00000000 ____D C:\Program Files\Common Files\Skype

2013-10-17 21:46 - 2013-10-17 21:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype

2013-10-17 21:46 - 2007-03-15 22:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype

2013-10-17 21:46 - 2006-07-28 19:26 - 00000000 ___RD C:\Program Files\Skype

2013-10-17 19:25 - 2012-12-20 01:33 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO

2013-10-17 19:20 - 2013-10-17 19:20 - 00048392 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll

2013-10-17 19:20 - 2012-12-19 21:25 - 00000000 ____D C:\Documents and Settings\aisha\Local Settings\Application Data\COMODO

2013-10-17 19:19 - 2012-12-19 21:24 - 00000000 ____D C:\Program Files\Comodo

2013-10-17 15:04 - 2013-10-17 15:04 - 00108816 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys

2013-10-10 12:07 - 2013-10-10 12:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG

2013-10-10 12:07 - 2013-09-27 17:12 - 00000702 _____ C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk

2013-10-10 12:06 - 2012-12-19 20:24 - 00000000 ___HD C:\$AVG

2013-10-09 00:55 - 2012-12-19 21:36 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2013-10-09 00:55 - 2012-12-19 21:36 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe

[2004-08-10 11:51] - [2007-06-13 10:23] - 1033216 ____A (Microsoft Corporation) 97bd6515465659ff8f3b7be375b2ea87 

 

C:\Windows\System32\winlogon.exe

[2004-08-10 11:51] - [2004-08-04 04:00] - 0502272 ____A (Microsoft Corporation) 01c3346c241652f43aed8e2149881bfe 

 

C:\Windows\System32\svchost.exe

[2004-08-10 11:51] - [2004-08-04 04:00] - 0014336 ____A (Microsoft Corporation) 8f078ae4ed187aaabc0a305146de6716 

 

C:\Windows\System32\services.exe

[2004-08-10 11:51] - [2009-02-06 10:22] - 0110592 ____A (Microsoft Corporation) 4712531ab7a01b7ee059853ca17d39bd 

 

C:\Windows\System32\User32.dll

[2004-08-10 11:51] - [2007-03-08 15:36] - 0577536 ____A (Microsoft Corporation) b409909f6e2e8a7067076ed748abf1e7 

 

C:\Windows\System32\userinit.exe

[2004-08-10 11:51] - [2004-08-04 04:00] - 0024576 ____A (Microsoft Corporation) 39b1ffb03c2296323832acbae50d2aff 

 

C:\Windows\System32\Drivers\volsnap.sys

[2004-08-10 11:51] - [2004-08-04 04:00] - 0052352 ____A (Microsoft Corporation) ee4660083deba849ff6c485d944b379b 

 

 

==================== End Of Log ============================

attach.txt

[kevinf80]

Run the MGA Diagnostic Tool and post back the report it creates:

 

•  

   

• Download MGADiag from here: http://go.microsoft.com/fwlink/?linkid=52012 and save it to your desktop.

   

   

• Double-click on MGADiag.exe to launch the program

   

   

• Click "Continue"

   

   

• Ensure that the "Windows" tab is selected (it should be by default).

   

   

• Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.

   

   

• Paste the MGA Diagnostic Report back here in your next reply.

   

   

[girlintrouble]

Hey there

Its genuine ;-)

 

Diagnostic Report (1.9.0027.0):

-----------------------------------------

Windows Validation Data-->

Validation Status: Genuine

Validation Code: 0

Cached Validation Code: N/A

Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT

Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=

Windows Product ID: 76477-OEM-2111907-00102

Windows Product ID Type: 2

Windows License Type: OEM SLP

Windows OS version: 5.1.2600.2.00010300.2.0.hom

ID: {59F5F760-AB9D-40D2-B136-435F575AC6F5}(1)

Is Admin: Yes

TestCab: 0x0

LegitcheckControl ActiveX: Registered, 1.5.540.0

Signed By: Microsoft

Product Name: N/A

Architecture: N/A

Build lab: N/A

TTS Error: N/A

Validation Diagnostic: 025D1FF3-230-1

Resolution Status: N/A

 

Vista WgaER Data-->

ThreatID(s): N/A

Version: N/A

 

Windows XP Notifications Data-->

Cached Result: 0

File Exists: Yes

Version: 1.5.540.0

WgaTray.exe Signed By: Microsoft

WgaLogon.dll Signed By: Microsoft

 

OGA Notifications Data-->

Cached Result: N/A, hr = 0x80070002

Version: N/A, hr = 0x80070002

OGAExec.exe Signed By: N/A, hr = 0x80070002

OGAAddin.dll Signed By: N/A, hr = 0x80070002

 

OGA Data-->

Office Status: 100 Genuine

Microsoft Visio Professional 2002 SR-1 [English] - 100 Genuine

Microsoft Office Enterprise 2007 - 100 Genuine

OGA Version: N/A, 0x80070002

Signed By: N/A, hr = 0x80070002

Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

 

Browser Data-->

Proxy settings: N/A

User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)

Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe

Download signed ActiveX controls: Prompt

Download unsigned ActiveX controls: Disabled

Run ActiveX controls and plug-ins: Allowed

Initialize and script ActiveX controls not marked as safe: Disabled

Allow scripting of Internet Explorer Webbrowser control: Disabled

Active scripting: Allowed

Script ActiveX controls marked as safe for scripting: Allowed

 

File Scan Data-->

 

Other data-->

Office Details: <GenuineResults><MachineData><UGUID>{59F5F760-AB9D-40D2-B136-435F575AC6F5}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>76477-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-1724573143-1416609827-1520951156</SID><SYSTEM><Manufacturer>Dell Inc.                </Manufacturer><Model>Dell DXP051                  </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.                </Manufacturer><Version>A04</Version><SMBIOSVersion major="2" minor="3"/><Date>20060419000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>2A173F3701846077</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Dell Dimension DXPO51</name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.5.540.0"/><File Name="WgaLogon.dll" Version="1.5.540.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90510409-6D54-11D4-BEE3-00C04F990354}"><LegitResult>100</LegitResult><Name>Microsoft Visio Professional 2002 SR-1 [English]</Name><Ver>10</Ver><Val>B07727A4C4B404C</Val><Hash>g7TU5cpk8XGUieJuay8QbOa4AXk=</Hash><Pid>54079-640-0000383-16068</Pid><PidType>14</PidType></Product><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>1DF4684CEE8B586</Val><Hash>0COS5gAhhspDMqHrtHQP/35EAvU=</Hash><Pid>89388-707-8049205-65831</Pid><PidType>14</PidType></Product></Products><Applications><App Id="51" Version="10" Result="100"/><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  

 

Licensing Data-->

N/A

 

Windows Activation Technologies-->

N/A

 

HWID Data-->

N/A

 

OEM Activation 1.0 Data-->

BIOS string matches: yes

Marker string from BIOS: 1ABD7:Dell Inc|1ABD7:Microsoft Corporation

Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

 

OEM Activation 2.0 Data-->

N/A

[kevinf80]

I`m not looking to see if its genuine, I already knew that from previous logs. I look to see if any reason why Service Pack 3 (SP3) is not on your system. Maybe you could tell me that?

 

Download and save mbam-clean.exe and save to your desktop from the following:

 

http://www.malwarebytes.org/mbam-clean.exe

 

Now do the following:

 

 

•   
  

   

     

• 
  
• Click on Start and select Control Panel
  

   

     

• 
  
• Open Add/Remove Programs
  

   

     

• 
  
• Uninstall Malwarebytes' Anti-Malware
  

   

     

• 
  
• Restart your computer, very important to do that!!
  

   

     

• 
  
• Run mbam-clean.exe
  

   

     

• 
  
• It will ask to restart your computer, please allow it to do so, very important!!
  

   

   

  Next, D/L and install Malwarebytes again and update as follows :-

   

  Please download Malwarebytes Anti-Malware and save it to your desktop.

   

  Double Click mbam-setup.exe to install the application.

   

   

• 
  
• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  

   

   

• 
  
• If an update is found, it will download and install the latest version.
  

   

   

• 
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  

   

   

• 
  
• The scan may take some time to finish,so please be patient.
  

   

   

• 
  
• When the scan is complete, click OK, then Show Results to view the results.
  

   

   

• 
  
• Make sure that everything is checked, and click Remove Selected.
  

   

   

• 
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  

   

   

• 
  
• Please save the log to a location you will remember.
  

   

   

• 
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

   

   

• 
  
• Copy and paste the entire report in your next reply.
  

   

   

• 
  

 

 

Extra Note:

 

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart

[girlintrouble]

Hi Kevin 

Sorry Im a bit confused by your instructions let me check I understood 

 

a You tell me to download mbamclean

b Then deisntall mwb in CP

c Reboot

d Then download from the link and reinstall from that etc...

 

Your instructions didnt tell em to run mbamclean, i thought it was for use later on but nothing later on pointed me to it

Or perhaps you did want me to tun it.?

Sorry if Im being a bit dim Id rather check than do it wrong and create confusion

 

SP3 may not be installed on this box. I have an nearly identical PC (def with SP3) which got screwed running some Comodo sw. I got this older box out of the loft, it probably didnt get updated

The box had been running fine for over a year without it though, this problem only occurred very recently

Thanks

[kevinf80]

You mention at the onset that Malwarebytes locks up when you scan, then it needs a hard shutdown. We already run FRST, no obvious malware in the logs.

 

I would like to totally remove, clean all traces then reinstall Malwarebytes, see if it will now run ok.... The instructions I posted definitely tell you to run mbam-clean.exe

[girlintrouble]

Oops sorry, my bad, dont know why I didnt see it.

 

BTW I do use Ccleaner regularly, not used it since yesterday, I noticed your site says not to use when trying to fix so I havent. 

Hopefully that hasnt deleted anything useful....!

Will do that and come back to you

[kevinf80]

Nothing wrong with CCleaner, has many very good functions....

[girlintrouble]

Hi there

I went through the destructions all went according to your suggestion

EXCEPT - when I came to re-run the scan I had exactly the same results it froze before 3 min, had to crash the machine

So same results as before, couldnt run a full scan.........

[girlintrouble]

Hmm funnily enough after a further reboot I managed to run my first successful express scan for days

It found 2 items: PUP.Optional.ExpressInstall.A

See log file below

 

I didnt try to use MWB quarantine etc> Thought it best to wait for further instructions.

Also the delayed shutdown problem also seems to be fixed!

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.11.05.07

 

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 6.0.2900.2180

aisha :: DELLXP [administrator]

 

Protection: Enabled

 

06/11/2013 02:39:38

MBAM-log-2013-11-06 (02-58-28).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 244856

Time elapsed: 17 minute(s), 11 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 1

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE () -> No action taken.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 1

C:\Documents and Settings\aisha\My Documents\Downloads\Setup.exe (PUP.Optional.ExpressInstall.A) -> No action taken.

 

(end)

[kevinf80]

Yes please re-run Malwarebytes and remove those entries,

 

Next,

 

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

• Ensure that Combofix is saved directly to the Desktop <--- Very important
   
  
• Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
   
  
• Close any open browsers and any other programs you might have running
   
  
• Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
   
  
• Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
   
  
• If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
   
  
• When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review
  

 

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

 

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller.co.uk/index.php?page=20 why  disabling autoruns is recommended.

 

*EXTRA NOTES*

• 
  

    If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

 

Post the log in next reply please...

 

Kevin

[girlintrouble]

Do I need to de-active MWB or  Comodo firewall also? I take it I can turn off my internet while I do this?

[girlintrouble]

Sorry actually its windows firewall on my box (see above)

[girlintrouble]

OK I decided to go ahead and follow the instructions as best I could

I turned off AVG, Firewall and MWB

I ran the  ComboFix

It installed Windows recovery Console

Completed Stage 1 to 50 

Then it deleted 6 TMP files and seemed to get stuck

I waited about 20 min

Rebooted and found no log file.

 

Not sure what to do.

Can I turn on my FW and AVG?

[kevinf80]

Did you re-boot while Combofix was still running? If so please run it one more time, have patience CF scan time can be excessive if dealing with a stubborn infections

[girlintrouble]

It ran through this time

I have reactiveated Firewall, AVG and MWB, hope thats ok

If I need to deactivate pls advise

Here is the log file

Did it find stuff, I think it might have done I didnt watch the whole thing

 

Thanks

 

ComboFix 13-11-04.01 - aisha 06/11/2013  22:22:29.2.2 - x86

Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.2046.1280 [GMT 0:00]

Running from: c:\documents and settings\aisha\Desktop\ComboFix.exe

AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\documents and settings\aisha\My Documents\~WRL0003.tmp

c:\documents and settings\aisha\My Documents\~WRL0005.tmp

c:\documents and settings\aisha\My Documents\~WRL3156.tmp

c:\windows\system32\SET380.tmp

c:\windows\system32\SET382.tmp

c:\windows\system32\SET38E.tmp

.

.

(((((((((((((((((((((((((   Files Created from 2013-10-06 to 2013-11-06  )))))))))))))))))))))))))))))))

.

.

2013-11-06 00:09 . 2013-11-06 00:09 -------- d-----w- c:\documents and settings\aisha\Application Data\Malwarebytes

2013-11-06 00:09 . 2013-11-06 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2013-11-06 00:09 . 2013-11-06 00:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-11-06 00:09 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-11-05 21:39 . 2013-11-05 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2013-11-05 20:32 . 2013-11-05 20:32 -------- d-----w- C:\FRST

2013-10-30 20:59 . 2008-05-30 14:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll

2013-10-30 20:55 . 2013-11-04 11:02 -------- d-----w- c:\windows\Logs

2013-10-21 00:39 . 2013-10-21 00:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO

2013-10-17 21:46 . 2013-10-17 21:46 -------- d-----w- c:\program files\Common Files\Skype

2013-10-17 19:20 . 2013-10-17 19:20 48392 ----a-w- c:\windows\system32\certsentry.dll

2013-10-17 15:04 . 2013-10-17 15:04 108816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-10-09 00:55 . 2012-12-19 21:36 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-10-09 00:55 . 2012-12-19 21:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-09-25 19:57 . 2013-08-01 15:06 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys

2013-09-10 21:11 . 2012-09-21 03:45 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2013-09-08 21:12 . 2012-09-14 03:05 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2013-09-02 09:39 . 2012-10-02 03:30 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2013-09-02 09:28 . 2012-10-15 03:48 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2013-09-02 09:28 . 2012-10-22 13:02 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2013-09-02 09:28 . 2012-09-21 03:46 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys

2013-08-20 21:54 . 2012-10-05 03:32 102200 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-10-30 13:00 . 2013-10-03 18:00 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BeInSyncConflict]

@="{458829D6-C79F-4A99-897C-0DA32AB1A619}"

[HKEY_CLASSES_ROOT\CLSID\{458829D6-C79F-4A99-897C-0DA32AB1A619}]

2007-06-04 16:19 138240 ----a-w- c:\progra~1\BeInSync\BISShellEx.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BeInSyncConflictUnsync]

@="{278A95EA-3EAE-4BCE-9986-0A86A98B1407}"

[HKEY_CLASSES_ROOT\CLSID\{278A95EA-3EAE-4BCE-9986-0A86A98B1407}]

2007-06-04 16:19 138240 ----a-w- c:\progra~1\BeInSync\BISShellEx.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BeInSyncUnsync]

@="{6E80B8CC-6741-4362-A7E1-467763FC6297}"

[HKEY_CLASSES_ROOT\CLSID\{6E80B8CC-6741-4362-A7E1-467763FC6297}]

2007-06-04 16:19 138240 ----a-w- c:\progra~1\BeInSync\BISShellEx.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-07-30 2363392]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-01 7561216]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]

"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-10-07 4908592]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]

"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-14 596584]

Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe  /startup [2007-2-5 118784]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

"{561F5138-43B1-45D9-AEC9-478C51C1BD09}"= "c:\progra~1\BeInSync\BISShellEx.dll" [2007-06-04 138240]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk

backup=c:\windows\pss\Metacafe.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BeInSync]

2007-06-04 16:19 424448 ----a-w- c:\program files\BeInSync\BeInSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2009-10-30 13:00 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2008-07-30 09:47 289064 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCM Notify-Me]

2003-09-11 17:02 118784 ----a-w- c:\program files\TCM\NotifyMe.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]

2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\BeInSync\\BeInSyncServer.exe"=

"c:\\My Downloads\\Skype\\Skype\\skype\\skype.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=

"c:\\WINDOWS\\Temp\\CMC_DRAGON\\restart_helper.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15/10/2012 03:48 145720]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 03:46 223032]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14/09/2012 03:05 27448]

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [17/10/2013 15:04 108816]

R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [01/08/2013 15:06 120632]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22/10/2012 13:02 209208]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21/09/2012 03:45 22840]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [02/10/2012 03:30 176952]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21/09/2012 03:46 193848]

R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [28/10/2013 12:55 340432]

R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [17/10/2013 15:04 157264]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [17/10/2013 15:04 230448]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [03/10/2013 21:00 3538480]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [25/09/2013 20:47 301152]

R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [09/10/2013 17:33 2104968]

R2 IceDragonUpdater;COMODO IceDragon Update Service;c:\program files\Comodo\IceDragon\icedragon_updater.exe [14/07/2013 10:57 1821384]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [06/11/2013 00:09 418376]

R2 OracleServiceXE;OracleServiceXE;c:\oracle10gexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oracle10gexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]

R2 OracleXETNSListener;OracleXETNSListener;c:\oracle10gexpress\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [02/02/2006 00:49 204800]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [17/10/2013 15:04 1444120]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/11/2013 00:09 22856]

S2 gupdate1c8c8d8c2edac0a;Google Update Service (gupdate1c8c8d8c2edac0a);c:\program files\Google\Update\GoogleUpdate.exe [16/07/2008 17:54 133104]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [06/11/2013 00:09 701512]

S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys --> c:\windows\system32\Drivers\ATHFMWDL.sys [?]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [04/02/2007 19:04 17149]

S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [31/05/2006 17:16 30192]

S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oracle10gexpress\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oracle10gexpress\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]

S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 12:28 160944]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-07-30 09:39 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-19 00:55]

.

2013-11-06 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-15 17:30]

.

2013-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-16 23:37]

.

2013-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-16 23:37]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?72e21d2efef84384b10840286289d8aa

IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?72e21d2efef84384b10840286289d8aa

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - www.google.com

FF - ExtSQL: 2013-09-25 00:55; feca4b87-3be4-43da-a1b1-137c24220968@jetpack; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi

FF - ExtSQL: 2013-09-25 00:58; jid0-SQnwtgW1b8BsMB5PLV5WScEDWOw@jetpack; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOw@jetpack.xpi

FF - ExtSQL: 2013-09-25 01:06; YoutubeDownloader@huangho.net76.net; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\YoutubeDownloader@huangho.net76.net.xpi

FF - ExtSQL: 2013-09-25 01:54; jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpi

FF - ExtSQL: !HIDDEN! 2009-11-16 03:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-MBkLogOnHook - c:\program files\McAfee\MBK\LogOnHook.exe

AddRemove-Registrar Registry Manager 5.62  (Lite Edition) - c:\program files\Registrar Registry Manager\unwise.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-11-06 22:47

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...  

.

scanning hidden autostart entries ... 

.

scanning hidden files ...  

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3672)

c:\progra~1\BeInSync\MSVCR71.dll

c:\progra~1\BeInSync\DPzlib1.dll

c:\progra~1\BeInSync\log4cpp.dll

c:\windows\system32\btmmhook.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe

c:\program files\Java\jre7\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\nvsvc32.exe

c:\oracle10gexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXE

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\wscntfy.exe

c:\windows\TEMP\CMC_DRAGON\restart_helper.exe

c:\windows\stsystra.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

c:\program files\Windows Desktop Search\WindowsSearch.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

c:\windows\system32\SearchProtocolHost.exe

c:\windows\system32\SearchFilterHost.exe

.

**************************************************************************

.

Completion time: 2013-11-06  22:59:45 - machine was rebooted

ComboFix-quarantined-files.txt  2013-11-06 22:59

.

Pre-Run: 8,768,249,856 bytes free

Post-Run: 8,585,031,680 bytes free

.

- - End Of File - - B2C254DBFEC0081E857425B1FA4A6F67

5CB90281D1A59B251F6603134774EEC3

[kevinf80]

We continue:

 

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

ClearJavaCache::

 

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

• Turn off the real time scanner of any existing antivirus program while performing the online scan
  
• click on the Run ESET Online Scanner button
  
• Tick the box next to YES, I accept the Terms of Use.
  Click Start
  
• When asked, allow the add/on to be installed
  Click Start
  
• Make sure that the option Remove found threats is unticked
  
• Click on Advanced Settings, ensure the options
  
• Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  Click Scan
  
• wait for the virus definitions to be downloaded
  
• Wait for the scan to finish
  

 

When the scan is complete

 

• If no threats were found
  
• put a checkmark in "Uninstall application on close"
  
• close program
  
• report to me that nothing was found
  

 

If threats were found

 

• click on "list of threats found"
  
• click on "export to text file" and save it as ESET SCAN and save to the desktop
  
• Click on back
  
• put a checkmark in "Uninstall application on close"
  
• click on finish
  

 

close program

 

copy and paste the report here

 

Let me see those logs, give an update on any current issues or concerns...

 

If these logs are clean we can go for SP3 update..

 

Kevin...

[girlintrouble]

This is the log for ComboFix

Will do remaining activity and return

Thanks Kevin

 

ComboFix 13-11-04.01 - aisha 07/11/2013  12:01:44.3.2 - x86

Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.2046.1196 [GMT 0:00]

Running from: c:\documents and settings\aisha\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\aisha\Desktop\CFScript.txt

AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

(((((((((((((((((((((((((   Files Created from 2013-10-07 to 2013-11-07  )))))))))))))))))))))))))))))))

.

.

2013-11-06 00:09 . 2013-11-06 00:09 -------- d-----w- c:\documents and settings\aisha\Application Data\Malwarebytes

2013-11-06 00:09 . 2013-11-06 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2013-11-06 00:09 . 2013-11-06 00:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-11-06 00:09 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-11-05 21:39 . 2013-11-05 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2013-11-05 20:32 . 2013-11-05 20:32 -------- d-----w- C:\FRST

2013-10-30 20:59 . 2008-05-30 14:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll

2013-10-30 20:55 . 2013-11-04 11:02 -------- d-----w- c:\windows\Logs

2013-10-21 00:39 . 2013-10-21 00:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO

2013-10-17 21:46 . 2013-10-17 21:46 -------- d-----w- c:\program files\Common Files\Skype

2013-10-17 19:20 . 2013-10-17 19:20 48392 ----a-w- c:\windows\system32\certsentry.dll

2013-10-17 15:04 . 2013-10-17 15:04 108816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-10-09 00:55 . 2012-12-19 21:36 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-10-09 00:55 . 2012-12-19 21:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-09-25 19:57 . 2013-08-01 15:06 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys

2013-09-10 21:11 . 2012-09-21 03:45 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2013-09-08 21:12 . 2012-09-14 03:05 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2013-09-02 09:39 . 2012-10-02 03:30 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2013-09-02 09:28 . 2012-10-15 03:48 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2013-09-02 09:28 . 2012-10-22 13:02 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2013-09-02 09:28 . 2012-09-21 03:46 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys

2013-08-20 21:54 . 2012-10-05 03:32 102200 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-10-30 13:00 . 2013-10-03 18:00 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BeInSyncConflict]

@="{458829D6-C79F-4A99-897C-0DA32AB1A619}"

[HKEY_CLASSES_ROOT\CLSID\{458829D6-C79F-4A99-897C-0DA32AB1A619}]

2007-06-04 16:19 138240 ----a-w- c:\progra~1\BeInSync\BISShellEx.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BeInSyncConflictUnsync]

@="{278A95EA-3EAE-4BCE-9986-0A86A98B1407}"

[HKEY_CLASSES_ROOT\CLSID\{278A95EA-3EAE-4BCE-9986-0A86A98B1407}]

2007-06-04 16:19 138240 ----a-w- c:\progra~1\BeInSync\BISShellEx.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BeInSyncUnsync]

@="{6E80B8CC-6741-4362-A7E1-467763FC6297}"

[HKEY_CLASSES_ROOT\CLSID\{6E80B8CC-6741-4362-A7E1-467763FC6297}]

2007-06-04 16:19 138240 ----a-w- c:\progra~1\BeInSync\BISShellEx.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-07-30 2363392]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-01 7561216]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]

"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-10-07 4908592]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]

"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-14 596584]

Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe  /startup [2007-2-5 118784]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

"{561F5138-43B1-45D9-AEC9-478C51C1BD09}"= "c:\progra~1\BeInSync\BISShellEx.dll" [2007-06-04 138240]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk

backup=c:\windows\pss\Metacafe.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BeInSync]

2007-06-04 16:19 424448 ----a-w- c:\program files\BeInSync\BeInSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2009-10-30 13:00 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2008-07-30 09:47 289064 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCM Notify-Me]

2003-09-11 17:02 118784 ----a-w- c:\program files\TCM\NotifyMe.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]

2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\BeInSync\\BeInSyncServer.exe"=

"c:\\My Downloads\\Skype\\Skype\\skype\\skype.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15/10/2012 03:48 145720]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 03:46 223032]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14/09/2012 03:05 27448]

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [17/10/2013 15:04 108816]

R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [01/08/2013 15:06 120632]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22/10/2012 13:02 209208]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21/09/2012 03:45 22840]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [02/10/2012 03:30 176952]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21/09/2012 03:46 193848]

R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [28/10/2013 12:55 340432]

R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [17/10/2013 15:04 157264]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [17/10/2013 15:04 230448]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [25/09/2013 20:47 301152]

R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [09/10/2013 17:33 2104968]

R2 IceDragonUpdater;COMODO IceDragon Update Service;c:\program files\Comodo\IceDragon\icedragon_updater.exe [14/07/2013 10:57 1821384]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [06/11/2013 00:09 418376]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [06/11/2013 00:09 701512]

R2 OracleServiceXE;OracleServiceXE;c:\oracle10gexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oracle10gexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [17/10/2013 15:04 1444120]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/11/2013 00:09 22856]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [03/10/2013 21:00 3538480]

S2 gupdate1c8c8d8c2edac0a;Google Update Service (gupdate1c8c8d8c2edac0a);c:\program files\Google\Update\GoogleUpdate.exe [16/07/2008 17:54 133104]

S2 OracleXETNSListener;OracleXETNSListener;c:\oracle10gexpress\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [02/02/2006 00:49 204800]

S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys --> c:\windows\system32\Drivers\ATHFMWDL.sys [?]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [04/02/2007 19:04 17149]

S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [31/05/2006 17:16 30192]

S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oracle10gexpress\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oracle10gexpress\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]

S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 12:28 160944]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-07-30 09:39 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-19 00:55]

.

2013-11-07 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-15 17:30]

.

2013-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-16 23:37]

.

2013-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-16 23:37]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?72e21d2efef84384b10840286289d8aa

IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?72e21d2efef84384b10840286289d8aa

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - www.google.com

FF - ExtSQL: 2013-09-25 00:55; feca4b87-3be4-43da-a1b1-137c24220968@jetpack; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi

FF - ExtSQL: 2013-09-25 00:58; jid0-SQnwtgW1b8BsMB5PLV5WScEDWOw@jetpack; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOw@jetpack.xpi

FF - ExtSQL: 2013-09-25 01:06; YoutubeDownloader@huangho.net76.net; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\YoutubeDownloader@huangho.net76.net.xpi

FF - ExtSQL: 2013-09-25 01:54; jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpi

FF - ExtSQL: !HIDDEN! 2009-11-16 03:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-11-07 12:23

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...  

.

scanning hidden autostart entries ... 

.

scanning hidden files ...  

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(4192)

c:\progra~1\BeInSync\MSVCR71.dll

c:\progra~1\BeInSync\DPzlib1.dll

c:\progra~1\BeInSync\log4cpp.dll

c:\windows\system32\btmmhook.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2013-11-07  12:26:44

ComboFix-quarantined-files.txt  2013-11-07 12:26

ComboFix2.txt  2013-11-06 22:59

.

Pre-Run: 8,544,833,536 bytes free

Post-Run: 8,561,889,280 bytes free

.

- - End Of File - - 4FCC9507AF75D47A5DB38498FBABD69F

5CB90281D1A59B251F6603134774EEC3

[kevinf80]

Ok, thanks for the update....

[girlintrouble]

Oops bad stuff found...which I guess AVG did not find!

Only issues with my machine are recently when I click shutdown on the menu it takes about 3 min for the shutdown choices dialog box come up. During this debug process it has worked immediately as normal on a few occasions but not on a few too.

The 2nd issue is sometimes when I leave the box alone for a few hours it starts the screensaver as expected but after some time it stops responding ie screen goes blank and does not respond I have 2 suspicions either / both may be incorrect, the room is quite hot, tends to happen then, maybe over heat, or driver issue. I do get the impression the box is alive under the dead window hard to explain, if I could remember the keystroke way to shutdown I suspect it would do a clean shutdown., These are trivial issues Ideally I need to rebuild this box as well as the box that got trashed using Comodo System Utilities.. Wld not recommend that product.

 

More to the point I have an external hard drive which has some of these files backed up on it. Id like to vaccinate it too ;-) 

Thanks for your input so far Kevin

 

 

C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\FullBackup\badgurl.co.uk\index.html JS/TrojanDownloader.Iframe.NKF trojan

C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\FullBackup\investmenttrainingreview.co.uk\index.html JS/TrojanDownloader.Iframe.NKF trojan

C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\FullBackup\investmenttrainingreview.co.uk\index.php JS/TrojanDownloader.Iframe.NKF trojan

C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Junk\badgurlbadindex.html JS/TrojanDownloader.Iframe.NKF trojan

C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Junk\index.html JS/TrojanDownloader.Iframe.NKF trojan

C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Junk\itrbadindex.html JS/TrojanDownloader.Iframe.NKF trojan

C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Livemotion\ITR\index.php JS/TrojanDownloader.Iframe.NKF trojan

C:\Documents and Settings\aisha\Desktop\FORUM STUFF\ITR Full Backup 150808\investmenttrainingreview.co.uk\indexdanger.html JS/TrojanDownloader.Iframe.NKF trojan

C:\Documents and Settings\aisha\My Documents\2012\BestVideoDownloader.exe a variant of Win32/KBM.A application

C:\Documents and Settings\aisha\My Documents\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe a variant of Win32/Verti.A application

J:\Documents and Settings\Aisha Saeed\My Documents\Downloads\Aly Michalka - wild horses - [MP3Juices.com].exe Win32/InstalleRex.C application

J:\Documents and Settings\Aisha Saeed\My Documents\My Documents\Business\Investment Training Review\ITR Full Backup 170808\investmenttrainingreview.co.uk\indexdanger.html JS/TrojanDownloader.Iframe.NKF trojan

J:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP201\A0034577.exe probably a variant of Win32/YourFileDownloader.A application

J:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP201\A0034578.exe a variant of Win32/Adware.MediaFinder.D application

[kevinf80]

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

• Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Filles
  
  

  :Filesipconfig /flushdns /cC:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\FullBackup\badgurl.co.uk\index.htmlC:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\FullBackup\investmenttrainingreview.co.uk\index.htmlC:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\FullBackup\investmenttrainingreview.co.uk\index.phpC:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Junk\badgurlbadindex.htmlC:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Junk\index.htmlC:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Junk\itrbadindex.htmlC:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Livemotion\ITR\index.phpC:\Documents and Settings\aisha\Desktop\FORUM STUFF\ITR Full Backup 150808\investmenttrainingreview.co.uk\indexdanger.htmlC:\Documents and Settings\aisha\My Documents\2012\BestVideoDownloader.exeC:\Documents and Settings\aisha\My Documents\Downloads\MediaPlayerClassic_RocketFuelInstaller.exeJ:\Documents and Settings\Aisha Saeed\My Documents\Downloads\Aly Michalka - wild horses - [MP3Juices.com].exeJ:\Documents and Settings\Aisha Saeed\My Documents\My Documents\Business\Investment Training Review\ITR Full Backup 170808\investmenttrainingreview.co.uk\indexdanger.htmlJ:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP201\A0034577.exeJ:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP201\A0034578.exe:Commands[EmptyTemp]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
• Click the red button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.
 

Next,

 

Remove Combofix now that we're done with it

• 
  

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")

 
Please follow the prompts to uninstall Combofix.
You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

The above procedure will delete the following:

• 
  

    ComboFix and its associated files and folders.
    VundoFix backups, if present
    The C:_OtMoveIt folder, if present
    Reset the clock settings.
    Hide file extensions, if required.
    Hide System/Hidden files, if required.
    Reset System Restore.

 

It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see those two logs from OTM and Security Check. Also confirm CF uninstall ok...

 

Regarding the external HD, just delete the suspicious backups, no need to keep them. Make fresh backups when we are sure this system is clean.

 

Regarding the start up or shutdown issues, will be worth installing SP3 and see what difference that makes.

 

If no other issues go here: http://support.microsoft.com/kb/322389 expand the relevant section for instructions how to d/l and install SP3....

 

Kevin

[girlintrouble]

Hi Kevin

I ran the moveit thing

First time it just hung, had to reboot

Tried again then it worked.

I have NOT removed combofix yet ----->

 

Remember i mentioned an external hard drive with backed up files on. Surely that will reinfect my system unless i deal with that

Also have I just moved the infected files to another area rather than fix them??

 

Here is the log file from the moveit

Thanks

 

 

All processes killed

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\aisha\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\aisha\Desktop\cmd.txt deleted successfully.

C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\FullBackup\badgurl.co.uk\index.html moved successfully.

C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\FullBackup\investmenttrainingreview.co.uk\index.html moved successfully.

C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\FullBackup\investmenttrainingreview.co.uk\index.php moved successfully.

C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Junk\badgurlbadindex.html moved successfully.

C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Junk\index.html moved successfully.

C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Junk\itrbadindex.html moved successfully.

C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Livemotion\ITR\index.php moved successfully.

C:\Documents and Settings\aisha\Desktop\FORUM STUFF\ITR Full Backup 150808\investmenttrainingreview.co.uk\indexdanger.html moved successfully.

C:\Documents and Settings\aisha\My Documents\2012\BestVideoDownloader.exe moved successfully.

C:\Documents and Settings\aisha\My Documents\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe moved successfully.

J:\Documents and Settings\Aisha Saeed\My Documents\Downloads\Aly Michalka - wild horses - [MP3Juices.com].exe moved successfully.

J:\Documents and Settings\Aisha Saeed\My Documents\My Documents\Business\Investment Training Review\ITR Full Backup 170808\investmenttrainingreview.co.uk\indexdanger.html moved successfully.

J:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP201\A0034577.exe moved successfully.

J:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP201\A0034578.exe moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: aisha

->Temp folder emptied: 77831 bytes

->Temporary Internet Files folder emptied: 162086 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 4136495 bytes

->Flash cache emptied: 2382050 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 4551820 bytes

 

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->FireFox cache emptied: 5666730 bytes

->Flash cache emptied: 348 bytes

 

User: Lightscribe

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 49353 bytes

->FireFox cache emptied: 1578567 bytes

->Flash cache emptied: 300 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: Owner

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 4544778 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 22.00 mb

 

 

OTM by OldTimer - Version 3.1.21.0 log created on 11082013_002523

 

Files moved on Reboot...

 

Registry entries deleted on Reboot...