Jump to content


Photo
- - - - -

Big Freeze Part Deux


  • This topic is locked This topic is locked
27 replies to this topic

#1 girlintrouble

girlintrouble

    New Member

  • Members
  • Pip
  • 17 posts

Posted 05 November 2013 - 12:53 PM

Hi lovely peeps

I say this as the msg said you guys are volunteers so Ill start by saying thanks for being there. I hope someone can help

 

I posted: the following in your general help section>>

Hi there guys

Im running win XP,  running latest MWB with latest definitions. Recently I find it hangs and then I have to force shutdown my machine to regain control. Cringe  :( - really dont like doing that

 

I dont have any other problems on my machine, it runs an AVG scan from start to end no problem.

 

Today (now yesterday) I saw it found 2 infections, but I had to shutdown mid scan as it really seemed stuck...when I rebooted and looked in quarantine it was empty :(

 

Tried re-scanning but again it got stuck again.

 

Any suggestions would be gratefully accepted.

thanks :  :)

 

Firefox replied by suggesting I was infected and I should run DDS

 

Im attaching the output below.

Its and old machine but its been running ok generally
im not getting any other symptoms of infection other than after I tell it to shutdown it takes a while before the shutdown box opens

 

Hope you guys can help

Thanks

 

 

Attached Files



#2 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 4,967 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 05 November 2013 - 03:16 PM

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.

  • Press Scan button.

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#3 girlintrouble

girlintrouble

    New Member

  • Members
  • Pip
  • 17 posts

Posted 05 November 2013 - 03:30 PM

Hi Kevin
I just wanted to say the freeze occurs when I MWB scan, I think what I wrote didnt make that clear

Pls let me know if I should do something other than your suggestion.

Thanks 



#4 girlintrouble

girlintrouble

    New Member

  • Members
  • Pip
  • 17 posts

Posted 05 November 2013 - 03:43 PM

You asked me to copy and paste FRST and ATTACH the addition file

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by aisha (administrator) on DELLXP on 05-11-2013 20:33:20
Running from C:\Documents and Settings\aisha\Desktop\MWB
Microsoft Windows XP Home Edition Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 6
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
() C:\Program Files\Dell\Media Experience\DMXLauncher.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(Sonic Solutions) C:\WINDOWS\System32\DLA\DLACTRLW.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
() C:\Program Files\Comodo\Dragon\dragon_updater.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Gteko Ltd.) C:\Program Files\Dell Support\DSAgnt.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
() C:\Program Files\Comodo\IceDragon\icedragon_updater.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Oracle Corporation) c:\oracle10gexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
() C:\Oracle10GExpress\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Microsoft Corporation) C:\WINDOWS\hh.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SigmatelSysTrayApp] - C:\WINDOWS\stsystra.exe [339968 2005-03-22] (SigmaTel, Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [139264 2005-06-17] (Intel Corporation)
HKLM\...\Run: [DMXLauncher] - C:\Program Files\Dell\Media Experience\DMXLauncher.exe [94208 2005-10-05] ()
HKLM\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [413696 2008-05-27] (Apple Inc.)
HKLM\...\Run: [DLA] - C:\WINDOWS\system32\DLA\DLACTRLW.EXE [122940 2005-09-08] (Sonic Solutions)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-01-11] (Adobe Systems Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [MBkLogOnHook] - C:\Program Files\McAfee\MBK\LogOnHook.exe
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [116040 2008-07-22] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [EPSON Stylus Photo R300 Series] - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE [99840 2003-06-04] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-30] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [306688 2004-07-19] (Gteko Ltd.)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [143360 2006-12-23] (Nero AG)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-07-30] (Hewlett-Packard Company)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2007-06-09] (Google Inc.)
MountPoints2: {1d4a2752-ae09-11de-b4e9-0013721a5dff} - J:\AutoRun.exe
HKU\Default User\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [ 2004-07-19] (Gteko Ltd.)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2006-12-23] (Nero AG)
HKU\Guest\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [ 2004-07-19] (Gteko Ltd.)
HKU\Guest\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2004-10-13] (Microsoft Corporation)
HKU\Guest\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2006-12-23] (Nero AG)
AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL [ 2009-10-30] (Google)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
ShortcutTarget: Windows Desktop Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.del...c=uk&l=en&s=gen
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.del...c=uk&l=en&s=gen
SearchScopes: HKLM - DefaultScope {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = 
SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search...eb_chrome_us&p={searchTerms}
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:466...idpQ7pOTFycc?q={searchTerms}
SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search...eb_chrome_us&p={searchTerms}
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll No File
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: BeInSync Toolbar Helper - {BB544049-306F-45B5-B719-CF9AB5A05B8E} - C:\Program Files\BeInSync Toolbar\v3.2.0.0\BeInSync_Toolbar.dll No File
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - BeInSync Toolbar - {1AC85D88-F777-471B-B541-48450C23F34D} - C:\Program Files\BeInSync Toolbar\v3.2.0.0\BeInSync_Toolbar.dll No File
Toolbar: HKLM - BeInSync - {4F2530BA-8C1D-4A6A-8BA0-74E93ADC9B12} - C:\Program Files\BeInSync\BISShellEx.dll (BeInSync)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Toolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -  No File
Toolbar: HKCU - BeInSync Toolbar - {1AC85D88-F777-471B-B541-48450C23F34D} - C:\Program Files\BeInSync Toolbar\v3.2.0.0\BeInSync_Toolbar.dll No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin....nderControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1159278959265
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [294400 2007-02-05] (Microsoft Corporation)
ShellExecuteHooks: DPDblHook Class - {561F5138-43B1-45D9-AEC9-478C51C1BD09} - C:\PROGRA~1\BeInSync\BISShellEx.dll [138240 2007-06-04] (BeInSync)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default
FF user.js: detected! => C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\user.js
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=13 - C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll (Google)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.46 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\aisha\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF SearchPlugin: C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\searchplugins\amazonbooksuk.xml
FF SearchPlugin: C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\searchplugins\dictionary.xml
FF SearchPlugin: C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\searchplugins\freedictmedical.xml
FF SearchPlugin: C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml
FF Extension: British English Dictionary - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\en-GB@dictionaries.addons.mozilla.org
FF Extension: United States English Spellchecker - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\en-US@dictionaries.addons.mozilla.org
FF Extension: Google Toolbar for Firefox - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: ColorZilla - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF Extension: azan-times - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\azan-times@hamid.net.xpi
FF Extension: feca4b87-3be4-43da-a1b1-137c24220968 - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
FF Extension: izer - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\izer@camelcamelcamel.com.xpi
FF Extension: jid0-irAmugmQgdURBSCIFZAcjR8ZQMg - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpi
FF Extension: jid0-SQnwtgW1b8BsMB5PLV5WScEDWOw - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOw@jetpack.xpi
FF Extension: YoutubeDownloader - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\YoutubeDownloader@huangho.net76.net.xpi
FF Extension: aios - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
FF Extension: defaults - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
FF Extension: preferences - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi
FF Extension: Adblock Plus - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecord
FF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecord
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKCU\...\Firefox\Extensions: [{57E72829-C158-4341-BBED-58F0AD1740FD}] - C:\Program Files\Google\Google Photos Screensaver\FF_ext
FF Extension: Google Photos Screensaver - C:\Program Files\Google\Google Photos Screensaver\FF_ext
 
========================== Services (Whitelisted) =================
 
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [116040 2008-07-22] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2104968 2013-10-09] ()
S3 GoogleDesktopManager-093009-130223; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2009-10-30] (Google)
S2 gupdate1c8c8d8c2edac0a; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2008-08-28] (Google Inc.)
R2 IceDragonUpdater; C:\Program Files\Comodo\IceDragon\icedragon_updater.exe [1821384 2013-07-14] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation)
S4 OracleJobSchedulerXE; c:\oracle10gexpress\app\oracle\product\10.2.0\server\Bin\extjob.exe [102400 2006-02-02] ()
S3 OracleMTSRecoveryService; C:\Oracle10GExpress\app\oracle\product\10.2.0\server\BIN\omtsreco.exe [57616 2006-02-02] (Oracle Corporation)
R2 OracleServiceXE; c:\oracle10gexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXE [59064320 2006-02-02] (Oracle Corporation)
S3 OracleXEClrAgent; C:\Oracle10GExpress\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe [45056 2006-02-02] ()
R2 OracleXETNSListener; C:\Oracle10GExpress\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [204800 2006-02-02] ()
S3 wampapache; c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [24635 2008-01-18] (Apache Software Foundation)
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe [5750784 2008-04-17] ()
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
 
==================== Drivers (Whitelisted) ====================
 
S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120632 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209208 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [145720 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102200 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 btaudio; C:\Windows\System32\drivers\btaudio.sys [534440 2008-04-15] (Broadcom Corporation.)
R3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [37160 2008-02-04] (Broadcom Corporation.)
R3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [990632 2008-04-15] (Broadcom Corporation.)
S3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [156392 2007-09-20] (Broadcom Corporation.)
S3 btwhid; C:\Windows\System32\DRIVERS\btwhid.sys [57384 2008-03-10] (Broadcom Corporation.)
S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [47272 2008-03-27] (Broadcom Corporation.)
R2 DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [25628 2005-09-08] (Sonic Solutions)
R1 DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [5628 2005-08-25] (Sonic Solutions)
R2 DLADResN; C:\Windows\System32\DLA\DLADResN.SYS [2496 2005-09-08] (Sonic Solutions)
R2 DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [86524 2005-09-08] (Sonic Solutions)
R2 DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [14684 2005-09-08] (Sonic Solutions)
R2 DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [6364 2005-09-08] (Sonic Solutions)
R1 DLARTL_N; C:\Windows\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions)
R2 DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [94332 2005-09-08] (Sonic Solutions)
R2 DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [87036 2005-09-08] (Sonic Solutions)
S3 DNINDIS5; C:\WINDOWS\system32\DNINDIS5.SYS [17149 2003-07-24] (Printing Communications Assoc., Inc. (PCAUSA))
S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation)
R2 DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions)
S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI)
S3 k750mdfl; C:\Windows\System32\DRIVERS\k750mdfl.sys [6576 2005-02-11] (MCCI)
S3 k750mdm; C:\Windows\System32\DRIVERS\k750mdm.sys [89872 2005-02-11] (MCCI)
S3 k750mgmt; C:\Windows\System32\DRIVERS\k750mgmt.sys [81728 2005-02-11] (MCCI)
S3 k750obex; C:\Windows\System32\DRIVERS\k750obex.sys [79488 2005-02-11] (MCCI)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R2 MDC8021X; C:\Windows\System32\DRIVERS\mdc8021x.sys [15890 2007-02-04] (Meetinghouse Data Communications)
R1 PQNTDrv; C:\Windows\System32\Drivers\PQNTDrv.sys [4228 2003-03-14] (PowerQuest Corporation)
R1 RapportCerberus_59849; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-10-28] ()
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [157264 2013-10-17] (Trusteer Ltd.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [230448 2013-10-17] (Trusteer Ltd.)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1047816 2005-11-16] (SigmaTel, Inc.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [12416 2007-07-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19840 2007-07-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [21632 2007-07-11] (LG Electronics Inc.)
S3 AR5523; system32\DRIVERS\wg11tnd5.sys [x]
S3 ATHFMWDL; System32\Drivers\ATHFMWDL.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 wanatw; system32\DRIVERS\wanatw4.sys [x]
U3 mbr; \??\C:\DOCUME~1\aisha\LOCALS~1\Temp\mbr.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-05 20:32 - 2013-11-05 20:32 - 00000000 ____D C:\FRST
2013-11-05 17:40 - 2013-11-05 20:32 - 00000000 ____D C:\Documents and Settings\aisha\Desktop\MWB
2013-11-05 17:37 - 2013-11-05 17:37 - 00024373 _____ C:\Documents and Settings\aisha\Desktop\dds.txt
2013-11-05 17:37 - 2013-11-05 17:37 - 00020818 _____ C:\Documents and Settings\aisha\Desktop\attach.txt
2013-10-30 21:00 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2013-10-30 21:00 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2013-10-30 21:00 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2013-10-30 21:00 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2013-10-30 21:00 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2013-10-30 21:00 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2013-10-30 21:00 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2013-10-30 21:00 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2013-10-30 21:00 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2013-10-30 21:00 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2013-10-30 21:00 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2013-10-30 21:00 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2013-10-30 21:00 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2013-10-30 21:00 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2013-10-30 21:00 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2013-10-30 21:00 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2013-10-30 21:00 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2013-10-30 21:00 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2013-10-30 21:00 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2013-10-30 21:00 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2013-10-30 21:00 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2013-10-30 21:00 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2013-10-30 21:00 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2013-10-30 21:00 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2013-10-30 21:00 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2013-10-30 21:00 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2013-10-30 21:00 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2013-10-30 21:00 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2013-10-30 21:00 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2013-10-30 21:00 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2013-10-30 21:00 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2013-10-30 21:00 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2013-10-30 21:00 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2013-10-30 21:00 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2013-10-30 21:00 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2013-10-30 21:00 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2013-10-30 21:00 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2013-10-30 21:00 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2013-10-30 21:00 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2013-10-30 21:00 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2013-10-30 21:00 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2013-10-30 21:00 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2013-10-30 21:00 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2013-10-30 20:59 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2013-10-30 20:59 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2013-10-30 20:59 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2013-10-30 20:59 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2013-10-30 20:59 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2013-10-30 20:59 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2013-10-30 20:59 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2013-10-30 20:59 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2013-10-30 20:59 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2013-10-30 20:59 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2013-10-30 20:59 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2013-10-30 20:59 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2013-10-30 20:59 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2013-10-30 20:59 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2013-10-30 20:59 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2013-10-30 20:59 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2013-10-30 20:59 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2013-10-30 20:59 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2013-10-30 20:59 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2013-10-30 20:59 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2013-10-30 20:59 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2013-10-30 20:59 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2013-10-30 20:59 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2013-10-30 20:59 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2013-10-30 20:59 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2013-10-30 20:59 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2013-10-30 20:59 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2013-10-30 20:59 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2013-10-30 20:59 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2013-10-30 20:59 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2013-10-30 20:59 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2013-10-30 20:59 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2013-10-30 20:59 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2013-10-30 20:59 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2013-10-30 20:59 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2013-10-30 20:59 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2013-10-30 20:59 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2013-10-30 20:59 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2013-10-30 20:59 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2013-10-30 20:59 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2013-10-30 20:59 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2013-10-30 20:59 - 2005-12-05 18:07 - 00061136 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput9_1_0.dll
2013-10-30 20:59 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2013-10-30 20:59 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2013-10-30 20:59 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2013-10-30 20:59 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2013-10-21 00:39 - 2013-10-21 00:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO
2013-10-20 13:19 - 2013-11-05 20:14 - 00955932 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-18 02:16 - 2013-10-18 02:16 - 04369632 _____ (Piriform Ltd) C:\Documents and Settings\aisha\Desktop\ccsetup406.exe
2013-10-17 21:46 - 2013-10-17 21:46 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-10-17 21:46 - 2013-10-17 21:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2013-10-17 19:20 - 2013-10-17 19:20 - 00048392 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll
2013-10-17 15:04 - 2013-10-17 15:04 - 00108816 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2013-10-10 12:07 - 2013-10-10 12:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
 
==================== One Month Modified Files and Folders =======
 
2013-11-05 20:32 - 2013-11-05 20:32 - 00000000 ____D C:\FRST
2013-11-05 20:32 - 2013-11-05 17:40 - 00000000 ____D C:\Documents and Settings\aisha\Desktop\MWB
2013-11-05 20:29 - 2009-09-30 21:40 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-05 20:14 - 2013-10-20 13:19 - 00955932 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-05 19:55 - 2012-12-19 21:36 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-05 18:08 - 2012-12-19 20:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-11-05 17:37 - 2013-11-05 17:37 - 00024373 _____ C:\Documents and Settings\aisha\Desktop\dds.txt
2013-11-05 17:37 - 2013-11-05 17:37 - 00020818 _____ C:\Documents and Settings\aisha\Desktop\attach.txt
2013-11-05 17:31 - 2013-07-28 21:40 - 00000868 _____ C:\WINDOWS\Tasks\Google Software Updater.job
2013-11-05 15:23 - 2006-06-09 11:34 - 00000000 ____D C:\Documents and Settings\aisha\Local Settings\Application Data\Google
2013-11-05 14:31 - 2013-04-14 16:10 - 00000000 ____D C:\Documents and Settings\aisha\My Documents\My Kindle Content
2013-11-05 11:34 - 2004-08-10 11:51 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-05 11:31 - 2004-08-10 11:59 - 00000236 _____ C:\WINDOWS\wiadebug.log
2013-11-05 11:31 - 2004-08-10 11:59 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-11-05 11:30 - 2009-09-30 21:40 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-05 11:30 - 2006-05-31 16:58 - 00050257 _____ C:\WINDOWS\system32\nvapps.xml
2013-11-05 11:30 - 2004-08-10 12:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-05 02:10 - 2004-08-10 12:08 - 00032496 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-05 02:07 - 2006-06-09 11:34 - 00000178 ___SH C:\Documents and Settings\aisha\ntuser.ini
2013-11-05 02:07 - 2006-06-09 11:34 - 00000000 ____D C:\Documents and Settings\aisha
2013-11-04 21:35 - 2007-12-10 21:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google Updater
2013-11-04 21:20 - 2012-12-19 20:30 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-04 21:20 - 2012-12-19 20:30 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-11-04 21:20 - 2012-12-19 20:30 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-11-04 10:42 - 2012-12-19 19:17 - 00000000 ____D C:\Documents and Settings\aisha\My Documents\2012
2013-11-03 02:20 - 2006-07-28 19:26 - 00000000 ____D C:\Documents and Settings\aisha\Application Data\Skype
2013-11-02 16:25 - 2013-01-23 01:53 - 00013967 _____ C:\Documents and Settings\aisha\Desktop\HALIFAX.odt
2013-10-30 21:00 - 2004-08-10 12:02 - 00000000 ____D C:\WINDOWS\system32\DirectX
2013-10-30 20:58 - 2004-08-10 12:09 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-28 12:52 - 2013-09-26 22:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection
2013-10-27 11:14 - 2004-08-10 11:57 - 00557242 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-24 17:30 - 2006-08-02 20:57 - 00046592 ____C C:\Documents and Settings\aisha\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-21 00:39 - 2013-10-21 00:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO
2013-10-18 23:39 - 2013-04-02 12:25 - 00000000 ____D C:\Documents and Settings\aisha\Desktop\ESA
2013-10-18 02:25 - 2012-12-19 19:21 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-18 02:17 - 2012-12-19 20:40 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-10-18 02:17 - 2012-12-19 20:40 - 00000000 ____D C:\Program Files\CCleaner
2013-10-18 02:16 - 2013-10-18 02:16 - 04369632 _____ (Piriform Ltd) C:\Documents and Settings\aisha\Desktop\ccsetup406.exe
2013-10-18 02:14 - 2013-10-03 18:00 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-17 21:46 - 2013-10-17 21:46 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-10-17 21:46 - 2013-10-17 21:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2013-10-17 21:46 - 2007-03-15 22:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2013-10-17 21:46 - 2006-07-28 19:26 - 00000000 ___RD C:\Program Files\Skype
2013-10-17 19:25 - 2012-12-20 01:33 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO
2013-10-17 19:20 - 2013-10-17 19:20 - 00048392 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll
2013-10-17 19:20 - 2012-12-19 21:25 - 00000000 ____D C:\Documents and Settings\aisha\Local Settings\Application Data\COMODO
2013-10-17 19:19 - 2012-12-19 21:24 - 00000000 ____D C:\Program Files\Comodo
2013-10-17 15:04 - 2013-10-17 15:04 - 00108816 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2013-10-10 12:07 - 2013-10-10 12:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2013-10-10 12:07 - 2013-09-27 17:12 - 00000702 _____ C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2013-10-10 12:06 - 2012-12-19 20:24 - 00000000 ___HD C:\$AVG
2013-10-09 00:55 - 2012-12-19 21:36 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-09 00:55 - 2012-12-19 21:36 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe
[2004-08-10 11:51] - [2007-06-13 10:23] - 1033216 ____A (Microsoft Corporation) 97bd6515465659ff8f3b7be375b2ea87 
 
C:\Windows\System32\winlogon.exe
[2004-08-10 11:51] - [2004-08-04 04:00] - 0502272 ____A (Microsoft Corporation) 01c3346c241652f43aed8e2149881bfe 
 
C:\Windows\System32\svchost.exe
[2004-08-10 11:51] - [2004-08-04 04:00] - 0014336 ____A (Microsoft Corporation) 8f078ae4ed187aaabc0a305146de6716 
 
C:\Windows\System32\services.exe
[2004-08-10 11:51] - [2009-02-06 10:22] - 0110592 ____A (Microsoft Corporation) 4712531ab7a01b7ee059853ca17d39bd 
 
C:\Windows\System32\User32.dll
[2004-08-10 11:51] - [2007-03-08 15:36] - 0577536 ____A (Microsoft Corporation) b409909f6e2e8a7067076ed748abf1e7 
 
C:\Windows\System32\userinit.exe
[2004-08-10 11:51] - [2004-08-04 04:00] - 0024576 ____A (Microsoft Corporation) 39b1ffb03c2296323832acbae50d2aff 
 
C:\Windows\System32\Drivers\volsnap.sys
[2004-08-10 11:51] - [2004-08-04 04:00] - 0052352 ____A (Microsoft Corporation) ee4660083deba849ff6c485d944b379b 
 
 
==================== End Of Log ============================

Attached Files



#5 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 4,967 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 05 November 2013 - 04:35 PM

Run the MGA Diagnostic Tool and post back the report it creates:

 

  •  

     

  • Download MGADiag from here: http://go.microsoft....k/?linkid=52012 and save it to your desktop.

     

     

  • Double-click on MGADiag.exe to launch the program

     

     

  • Click "Continue"

     

     

  • Ensure that the "Windows" tab is selected (it should be by default).

     

     

  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.

     

     

  • Paste the MGA Diagnostic Report back here in your next reply.

     

     


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#6 girlintrouble

girlintrouble

    New Member

  • Members
  • Pip
  • 17 posts

Posted 05 November 2013 - 04:42 PM

Hey there

Its genuine ;-)

 

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-GD6GR-K6DP3-4C8MT
Windows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=
Windows Product ID: 76477-OEM-2111907-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.2.0.hom
ID: {59F5F760-AB9D-40D2-B136-435F575AC6F5}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.5.540.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A
 
Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A
 
Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.5.540.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft
 
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
 
OGA Data-->
Office Status: 100 Genuine
Microsoft Visio Professional 2002 SR-1 [English] - 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
 
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
 
File Scan Data-->
 
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{59F5F760-AB9D-40D2-B136-435F575AC6F5}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>76477-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-1724573143-1416609827-1520951156</SID><SYSTEM><Manufacturer>Dell Inc.                </Manufacturer><Model>Dell DXP051                  </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.                </Manufacturer><Version>A04</Version><SMBIOSVersion major="2" minor="3"/><Date>20060419000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>2A173F3701846077</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Dell Dimension DXPO51</name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.5.540.0"/><File Name="WgaLogon.dll" Version="1.5.540.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90510409-6D54-11D4-BEE3-00C04F990354}"><LegitResult>100</LegitResult><Name>Microsoft Visio Professional 2002 SR-1 [English]</Name><Ver>10</Ver><Val>B07727A4C4B404C</Val><Hash>g7TU5cpk8XGUieJuay8QbOa4AXk=</Hash><Pid>54079-640-0000383-16068</Pid><PidType>14</PidType></Product><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>1DF4684CEE8B586</Val><Hash>0COS5gAhhspDMqHrtHQP/35EAvU=</Hash><Pid>89388-707-8049205-65831</Pid><PidType>14</PidType></Product></Products><Applications><App Id="51" Version="10" Result="100"/><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>  
 
Licensing Data-->
N/A
 
Windows Activation Technologies-->
N/A
 
HWID Data-->
N/A
 
OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1ABD7:Dell Inc|1ABD7:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System
 
OEM Activation 2.0 Data-->
N/A


#7 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 4,967 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 05 November 2013 - 04:51 PM

I`m not looking to see if its genuine, I already knew that from previous logs. I look to see if any reason why Service Pack 3 (SP3) is not on your system. Maybe you could tell me that?

 

Download and save mbam-clean.exe and save to your desktop from the following:

 

http://www.malwareby.../mbam-clean.exe

 

Now do the following:

 

 

  •   

     

       


  • Click on Start and select Control Panel

     

       


  • Open Add/Remove Programs

     

       


  • Uninstall Malwarebytes' Anti-Malware

     

       


  • Restart your computer, very important to do that!!

     

       


  • Run mbam-clean.exe

     

       


  • It will ask to restart your computer, please allow it to do so, very important!!

     

     

    Next, D/L and install Malwarebytes again and update as follows :-

     

    mbamicontw5.gif Please download Malwarebytes Anti-Malware and save it to your desktop.

     

    Double Click mbam-setup.exe to install the application.

     

     


  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.

     

     


  • If an update is found, it will download and install the latest version.

     

     


  • Once the program has loaded, select "Perform Quick Scan", then click Scan.

     

     


  • The scan may take some time to finish,so please be patient.

     

     


  • When the scan is complete, click OK, then Show Results to view the results.

     

     


  • Make sure that everything is checked, and click Remove Selected.

     

     


  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)

     

     


  • Please save the log to a location you will remember.

     

     


  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

     

     


  • Copy and paste the entire report in your next reply.

     

     


 

 

Extra Note:

 

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#8 girlintrouble

girlintrouble

    New Member

  • Members
  • Pip
  • 17 posts

Posted 05 November 2013 - 05:10 PM

Hi Kevin 

Sorry Im a bit confused by your instructions let me check I understood 

 

a You tell me to download mbamclean

b Then deisntall mwb in CP

c Reboot

d Then download from the link and reinstall from that etc...

 

Your instructions didnt tell em to run mbamclean, i thought it was for use later on but nothing later on pointed me to it

Or perhaps you did want me to tun it.?

Sorry if Im being a bit dim Id rather check than do it wrong and create confusion

 

SP3 may not be installed on this box. I have an nearly identical PC (def with SP3) which got screwed running some Comodo sw. I got this older box out of the loft, it probably didnt get updated

The box had been running fine for over a year without it though, this problem only occurred very recently

Thanks



#9 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 4,967 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 05 November 2013 - 05:22 PM

You mention at the onset that Malwarebytes locks up when you scan, then it needs a hard shutdown. We already run FRST, no obvious malware in the logs.

 

I would like to totally remove, clean all traces then reinstall Malwarebytes, see if it will now run ok.... The instructions I posted definitely tell you to run mbam-clean.exe


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#10 girlintrouble

girlintrouble

    New Member

  • Members
  • Pip
  • 17 posts

Posted 05 November 2013 - 06:47 PM

Oops sorry, my bad, dont know why I didnt see it.

 

BTW I do use Ccleaner regularly, not used it since yesterday, I noticed your site says not to use when trying to fix so I havent. 

Hopefully that hasnt deleted anything useful....!

Will do that and come back to you



#11 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 4,967 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 05 November 2013 - 07:16 PM

Nothing wrong with CCleaner, has many very good functions....


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#12 girlintrouble

girlintrouble

    New Member

  • Members
  • Pip
  • 17 posts

Posted 05 November 2013 - 07:51 PM

Hi there

I went through the destructions ;) all went according to your suggestion

EXCEPT - when I came to re-run the scan I had exactly the same results it froze before 3 min, had to crash the machine

So same results as before, couldnt run a full scan.........



#13 girlintrouble

girlintrouble

    New Member

  • Members
  • Pip
  • 17 posts

Posted 05 November 2013 - 10:09 PM

Hmm funnily enough after a further reboot I managed to run my first successful express scan for days

It found 2 items: PUP.Optional.ExpressInstall.A

See log file below

 

I didnt try to use MWB quarantine etc> Thought it best to wait for further instructions.

Also the delayed shutdown problem also seems to be fixed!

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.05.07
 
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
aisha :: DELLXP [administrator]
 
Protection: Enabled
 
06/11/2013 02:39:38
MBAM-log-2013-11-06 (02-58-28).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 244856
Time elapsed: 17 minute(s), 11 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE () -> No action taken.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Documents and Settings\aisha\My Documents\Downloads\Setup.exe (PUP.Optional.ExpressInstall.A) -> No action taken.
 
(end)


#14 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 4,967 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 06 November 2013 - 04:58 AM

Yes please re-run Malwarebytes and remove those entries,

 

Next,

 

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

 

http://download.blee...Bs/ComboFix.exe

 

  • Ensure that Combofix is saved directly to the Desktop <--- Very important

     

  • Disable all security programs as they will have a negative effect on Combofix, instructions available here  http://www.bleepingc...opic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.

     

  • Close any open browsers and any other programs you might have running

     

  • Double click the combofix.gif icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

     

  • Instructions for running Combofix available here http://www.bleepingc...to-use-combofix if required.

     

  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

     

  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

 

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

 

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here  http://thespykiller....dex.php?page=20 why  disabling autoruns is recommended.

 

*EXTRA NOTES*

  •    

  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.

       

  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal

       

  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

 

Post the log in next reply please...

 

Kevin


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#15 girlintrouble

girlintrouble

    New Member

  • Members
  • Pip
  • 17 posts

Posted 06 November 2013 - 11:54 AM

Do I need to de-active MWB or  Comodo firewall also? I take it I can turn off my internet while I do this?



#16 girlintrouble

girlintrouble

    New Member

  • Members
  • Pip
  • 17 posts

Posted 06 November 2013 - 12:00 PM

Sorry actually its windows firewall on my box (see above)



#17 girlintrouble

girlintrouble

    New Member

  • Members
  • Pip
  • 17 posts

Posted 06 November 2013 - 01:06 PM

OK I decided to go ahead and follow the instructions as best I could

I turned off AVG, Firewall and MWB

I ran the  ComboFix

It installed Windows recovery Console

Completed Stage 1 to 50 

Then it deleted 6 TMP files and seemed to get stuck

I waited about 20 min

Rebooted and found no log file.

 

Not sure what to do.

Can I turn on my FW and AVG?



#18 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 4,967 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 06 November 2013 - 04:37 PM

Did you re-boot while Combofix was still running? If so please run it one more time, have patience CF scan time can be excessive if dealing with a stubborn infections


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image

#19 girlintrouble

girlintrouble

    New Member

  • Members
  • Pip
  • 17 posts

Posted 06 November 2013 - 06:08 PM

It ran through this time

I have reactiveated Firewall, AVG and MWB, hope thats ok

If I need to deactivate pls advise

Here is the log file

Did it find stuff, I think it might have done I didnt watch the whole thing

 

Thanks

 

ComboFix 13-11-04.01 - aisha 06/11/2013  22:22:29.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.2046.1280 [GMT 0:00]
Running from: c:\documents and settings\aisha\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\aisha\My Documents\~WRL0003.tmp
c:\documents and settings\aisha\My Documents\~WRL0005.tmp
c:\documents and settings\aisha\My Documents\~WRL3156.tmp
c:\windows\system32\SET380.tmp
c:\windows\system32\SET382.tmp
c:\windows\system32\SET38E.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-06 to 2013-11-06  )))))))))))))))))))))))))))))))
.
.
2013-11-06 00:09 . 2013-11-06 00:09 -------- d-----w- c:\documents and settings\aisha\Application Data\Malwarebytes
2013-11-06 00:09 . 2013-11-06 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-11-06 00:09 . 2013-11-06 00:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-06 00:09 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-05 21:39 . 2013-11-05 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2013-11-05 20:32 . 2013-11-05 20:32 -------- d-----w- C:\FRST
2013-10-30 20:59 . 2008-05-30 14:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2013-10-30 20:55 . 2013-11-04 11:02 -------- d-----w- c:\windows\Logs
2013-10-21 00:39 . 2013-10-21 00:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO
2013-10-17 21:46 . 2013-10-17 21:46 -------- d-----w- c:\program files\Common Files\Skype
2013-10-17 19:20 . 2013-10-17 19:20 48392 ----a-w- c:\windows\system32\certsentry.dll
2013-10-17 15:04 . 2013-10-17 15:04 108816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 00:55 . 2012-12-19 21:36 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 00:55 . 2012-12-19 21:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-25 19:57 . 2013-08-01 15:06 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-09-10 21:11 . 2012-09-21 03:45 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-08 21:12 . 2012-09-14 03:05 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-09-02 09:39 . 2012-10-02 03:30 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-09-02 09:28 . 2012-10-15 03:48 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-09-02 09:28 . 2012-10-22 13:02 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 09:28 . 2012-09-21 03:46 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-08-20 21:54 . 2012-10-05 03:32 102200 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-30 13:00 . 2013-10-03 18:00 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BeInSyncConflict]
@="{458829D6-C79F-4A99-897C-0DA32AB1A619}"
[HKEY_CLASSES_ROOT\CLSID\{458829D6-C79F-4A99-897C-0DA32AB1A619}]
2007-06-04 16:19 138240 ----a-w- c:\progra~1\BeInSync\BISShellEx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BeInSyncConflictUnsync]
@="{278A95EA-3EAE-4BCE-9986-0A86A98B1407}"
[HKEY_CLASSES_ROOT\CLSID\{278A95EA-3EAE-4BCE-9986-0A86A98B1407}]
2007-06-04 16:19 138240 ----a-w- c:\progra~1\BeInSync\BISShellEx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BeInSyncUnsync]
@="{6E80B8CC-6741-4362-A7E1-467763FC6297}"
[HKEY_CLASSES_ROOT\CLSID\{6E80B8CC-6741-4362-A7E1-467763FC6297}]
2007-06-04 16:19 138240 ----a-w- c:\progra~1\BeInSync\BISShellEx.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-07-30 2363392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-01 7561216]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-10-07 4908592]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-14 596584]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe  /startup [2007-2-5 118784]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{561F5138-43B1-45D9-AEC9-478C51C1BD09}"= "c:\progra~1\BeInSync\BISShellEx.dll" [2007-06-04 138240]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BeInSync]
2007-06-04 16:19 424448 ----a-w- c:\program files\BeInSync\BeInSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-10-30 13:00 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-07-30 09:47 289064 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCM Notify-Me]
2003-09-11 17:02 118784 ----a-w- c:\program files\TCM\NotifyMe.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BeInSync\\BeInSyncServer.exe"=
"c:\\My Downloads\\Skype\\Skype\\skype\\skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
"c:\\WINDOWS\\Temp\\CMC_DRAGON\\restart_helper.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15/10/2012 03:48 145720]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 03:46 223032]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14/09/2012 03:05 27448]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [17/10/2013 15:04 108816]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [01/08/2013 15:06 120632]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22/10/2012 13:02 209208]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21/09/2012 03:45 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [02/10/2012 03:30 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21/09/2012 03:46 193848]
R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [28/10/2013 12:55 340432]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [17/10/2013 15:04 157264]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [17/10/2013 15:04 230448]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [03/10/2013 21:00 3538480]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [25/09/2013 20:47 301152]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [09/10/2013 17:33 2104968]
R2 IceDragonUpdater;COMODO IceDragon Update Service;c:\program files\Comodo\IceDragon\icedragon_updater.exe [14/07/2013 10:57 1821384]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [06/11/2013 00:09 418376]
R2 OracleServiceXE;OracleServiceXE;c:\oracle10gexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oracle10gexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
R2 OracleXETNSListener;OracleXETNSListener;c:\oracle10gexpress\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [02/02/2006 00:49 204800]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [17/10/2013 15:04 1444120]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/11/2013 00:09 22856]
S2 gupdate1c8c8d8c2edac0a;Google Update Service (gupdate1c8c8d8c2edac0a);c:\program files\Google\Update\GoogleUpdate.exe [16/07/2008 17:54 133104]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [06/11/2013 00:09 701512]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys --> c:\windows\system32\Drivers\ATHFMWDL.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [04/02/2007 19:04 17149]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [31/05/2006 17:16 30192]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oracle10gexpress\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oracle10gexpress\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 12:28 160944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-07-30 09:39 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-19 00:55]
.
2013-11-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-15 17:30]
.
2013-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-16 23:37]
.
2013-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-16 23:37]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?72e21d2efef84384b10840286289d8aa
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?72e21d2efef84384b10840286289d8aa
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - ExtSQL: 2013-09-25 00:55; feca4b87-3be4-43da-a1b1-137c24220968@jetpack; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
FF - ExtSQL: 2013-09-25 00:58; jid0-SQnwtgW1b8BsMB5PLV5WScEDWOw@jetpack; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOw@jetpack.xpi
FF - ExtSQL: 2013-09-25 01:06; YoutubeDownloader@huangho.net76.net; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\YoutubeDownloader@huangho.net76.net.xpi
FF - ExtSQL: 2013-09-25 01:54; jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpi
FF - ExtSQL: !HIDDEN! 2009-11-16 03:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-MBkLogOnHook - c:\program files\McAfee\MBK\LogOnHook.exe
AddRemove-Registrar Registry Manager 5.62  (Lite Edition) - c:\program files\Registrar Registry Manager\unwise.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-06 22:47
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3672)
c:\progra~1\BeInSync\MSVCR71.dll
c:\progra~1\BeInSync\DPzlib1.dll
c:\progra~1\BeInSync\log4cpp.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\oracle10gexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\TEMP\CMC_DRAGON\restart_helper.exe
c:\windows\stsystra.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Windows Desktop Search\WindowsSearch.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2013-11-06  22:59:45 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-06 22:59
.
Pre-Run: 8,768,249,856 bytes free
Post-Run: 8,585,031,680 bytes free
.
- - End Of File - - B2C254DBFEC0081E857425B1FA4A6F67
5CB90281D1A59B251F6603134774EEC3


#20 kevinf80

kevinf80

    Forum Deity

  • Trusted Advisors
  • PipPipPipPipPipPip
  • 4,967 posts
  • Gender:Male
  • Location:Sunderland. UK

Posted 07 November 2013 - 04:34 AM

We continue:

 

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

ClearJavaCache::

 

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

CF3.jpg

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

Next,

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan

  • click on the Run ESET Online Scanner button

  • Tick the box next to YES, I accept the Terms of Use.

    Click Start

  • When asked, allow the add/on to be installed

    Click Start

  • Make sure that the option Remove found threats is unticked

  • Click on Advanced Settings, ensure the options

  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

    Click Scan

  • wait for the virus definitions to be downloaded

  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found

  • put a checkmark in "Uninstall application on close"

  • close program

  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"

  • click on "export to text file" and save it as ESET SCAN and save to the desktop

  • Click on back

  • put a checkmark in "Uninstall application on close"

  • click on finish

 

close program

 

copy and paste the report here

 

Let me see those logs, give an update on any current issues or concerns...

 

If these logs are clean we can go for SP3 update..

 

Kevin...


Posted Image Posted Image
If you are satisfied with my help, consider a donation. Thank you...
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users