Jump to content

AnastasiaBN

Members
 View Profile  See their activity

  • Posts

    20

  • Joined

  • Last visited

Reputation

0 Neutral
  1. AnastasiaBN
    Whoa, so as soon as I opened the Malware Bytes program (and yes, I have a paid version), my desktop was miraculously restored! How do I check if the protections modules are enabled? What do I need to click or unclick?
  2. AnastasiaBN
    Hi, I logged onto my password-protected account, and I got stuck on the wallpaper screen again - the only way I can access any files at all whatever is by going to Task Explorer and go to Applications - File - Run. I was able to open my desktop and find the last file that I ran, it is the AdwCleaner file. I'm going to try the MBAM thing now. # AdwCleaner v3.311 - Report created 02/10/2014 at 05:34:05 # Updated 30/09/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Natalia - D56S2NG1 # Running from : C:\Documents and Settings\Natalia\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files\Common Files\AVG Secure Search Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB [!] Folder Deleted : C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [!] Folder Deleted : C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\SOFTWARE\SimplyGen ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v32.0.3 (x86 en-US) [ File : C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\4aarq8xi.default\prefs.js ] [ File : C:\Documents and Settings\Natalia\Application Data\Mozilla\Firefox\Profiles\jbvd64q4.default-1358785706187\prefs.js ] -\\ Google Chrome v [ File : C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=410&sr=0&q={searchTerms} Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} ************************* AdwCleaner[R0].txt - [2608 octets] - [01/10/2014 23:46:25] AdwCleaner[s0].txt - [2573 octets] - [02/10/2014 05:34:05] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2633 octets] ##########
  3. AnastasiaBN
    Hi there, I am having a major problem. I do not recall what step I was on, but something has happened where I can no longer access my profile on my computer. Allow me to explain. I have two profiles on my laptop computer, one that is password protected and another that is not password protected. When my computer starts up, I am taken to the welcome screen with the two profiles. I have been downloading these applications and going through the steps on my protected profile, which is the one I use the vast majority of the time. But now, every time I enter my password for my protected profile, I am taken to a screen with my desktop wallpaper, but my profile never completely loads. I am simply stuck with a screen of my desktop wallpaper and an arrow that i can roll around the screen, but nothing happens. I have tried to log into my profile about a dozen times, and each time I get stuck. The only way I can leave the screen is by pressing CTRL+ALT+DELETE, logging off, and logging onto the other profile, from which I am writing now. I can enter the non-password protected profile with no problem. Can you help me? Do I need to go into the computer on safe mode or something? I am very concerned. All of my files are located on the password protected profile I cannot access.
  4. AnastasiaBN
    Many thanks for your help! Here is the FRST.txt log. There is no Addition.txt log: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-09-2014 Ran by Natalia (administrator) on D56S2NG1 on 30-09-2014 22:51:40 Running from C:\Documents and Settings\Natalia\Desktop Loaded Profile: Natalia (Available profiles: Natalia & John) Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe () C:\WINDOWS\system32\WLTRYSVC.EXE (Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE () C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe () C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Roxio) C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe (Amazon.com) C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe () C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE () C:\Program Files\Unlocker\UnlockerAssistant.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (SillySot Software) C:\Program Files\Iconoid\iconoid.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Zhorn Software) C:\Program Files\Stickies\stickies.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Mozilla Corporation) C:\Mozilla Firefox\firefox.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [851968 2007-07-09] (Synaptics, Inc.) HKLM\...\Run: [broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [2183168 2008-05-15] (Dell Inc.) HKLM\...\Run: [unlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [15872 2008-05-02] () HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [404712 2013-01-04] (BillP Studios) HKLM\...\Run: [Dell QuickSet] => C:\Program Files\Dell\QuickSet\Quickset.exe [1245184 2008-02-22] (Dell Inc.) Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [iconoid] => C:\Program Files\Iconoid\iconoid.exe [274432 2007-02-03] (SillySot Software) HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [Google Update] => C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-06-07] (Google Inc.) HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [MusicManager] => C:\Documents and Settings\Natalia\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-07-22] (Google Inc.) HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google) HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software ) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass) Startup: C:\Documents and Settings\Natalia\Start Menu\Programs\Startup\Stickies.lnk ShortcutTarget: Stickies.lnk -> C:\Program Files\Stickies\stickies.exe (Zhorn Software) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [Offline Files] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} => C:\WINDOWS\System32\cscui.dll (Microsoft Corporation) BootExecute: autocheck autochk /r \??\C:autocheck autochk * ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {2A696BCE-44CF-45a4-B905-59CDFA08531A} URL = http://del.icio.us/search/?fr=del_icio_us&p={searchTerms}&type=all SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-linksys BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: CDelHotkeys Object -> {78875F5C-A685-4405-8DC5-D48DC65452B0} -> C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\LastPass_2025502219\LPToolbar.dll (LastPass) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\LastPass_2025502219\LPToolbar.dll (LastPass) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!) DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Natalia\Application Data\Mozilla\Firefox\Profiles\jbvd64q4.default-1358785706187 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=1.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Natalia\Application Data\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Natalia\Application Data\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=8 -> C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Natalia\Application Data\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Natalia\Application Data\mozilla\plugins\npo1d.dll (Google) FF Extension: LastPass - C:\Documents and Settings\Natalia\Application Data\Mozilla\Firefox\Profiles\jbvd64q4.default-1358785706187\Extensions\support@lastpass.com [2014-08-22] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-17] FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2012-12-10] FF StartMenuInternet: FIREFOX.EXE - C:\Mozilla Firefox\firefox.exe Chrome: ======= CHR CustomProfile: C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-21] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-03] CHR Extension: (Show the YouTube Channel bar or the name.) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-08-01] CHR Extension: (Search by Image (by Google)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-08-01] CHR Extension: (Email this page (by Google)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2014-08-01] CHR Extension: (Rather) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkigkllnlkoblfbgfnfngfcnhmndonjm [2014-08-01] CHR Extension: (Facebook Disconnect) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2014-08-01] CHR Extension: (Google Play Music) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-08-01] CHR Extension: (PicMonkey) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2014-08-01] CHR Extension: (AdBlock) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-01] CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2014-07-06] CHR Extension: (LastPass: Free Password Manager) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-08-01] CHR Extension: (Disconnect Search) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2014-08-01] CHR Extension: (Larry Filter for Twitter) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifgdeokhnfkbgdocafpokgdnnfbnbbok [2014-08-01] CHR Extension: (Disconnect) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-08-01] CHR Extension: (StayFocusd) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2014-08-01] CHR Extension: (Save to Pocket) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-08-01] CHR Extension: (Google Wallet) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26] CHR Extension: (Personal Blocklist (by Google)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2014-08-01] CHR CustomProfile: C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Profile 1 CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\13.2.0.5\avg.crx [] CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\Natalia\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-13] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-12-10] CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] () R2 ADVService; C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2010-09-13] (Amazon.com) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-06-23] (Macrovision Europe Ltd.) [File not signed] S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-10] (Google) S2 gupdate1c9951982642bf6; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-22] (Google Inc.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170408 2012-12-18] (Oracle Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-23] () R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) R2 RoxioNow Service; C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe [400368 2010-10-20] (Roxio) R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-14] (SupportSoft, Inc.) R2 vToolbarUpdater13.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] () R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1921024 2008-05-15] (Dell Inc.) [File not signed] S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed] R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [26984 2012-11-08] (AVG Technologies) R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1123328 2008-05-15] (Broadcom Corp.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R3 DXEC02; C:\WINDOWS\System32\drivers\dxec02.sys [103168 2006-11-02] (Knowles Acoustics) [File not signed] R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211200 2007-12-02] (Conexant Systems, Inc.) R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989952 2007-12-02] (Conexant Systems, Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-30] (Malwarebytes Corporation) R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R3 OEM02Afx; C:\WINDOWS\system32\Drivers\OEM02Afx.sys [141376 2007-08-28] (Creative Technology Ltd.) S3 QV2KUX; C:\WINDOWS\System32\DRIVERS\qv2kux.sys [3328 2001-08-17] (Microsoft Corporation) R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2008-03-30] (SigmaTel, Inc.) S1 mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [X] S3 motmodem; system32\DRIVERS\motmodem.sys [X] S3 RimUsb; System32\Drivers\RimUsb.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U3 TlntSvr; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-30 22:51 - 2014-09-30 22:52 - 00025610 _____ () C:\Documents and Settings\Natalia\Desktop\FRST.txt 2014-09-30 22:49 - 2014-09-30 22:49 - 01100288 _____ (Farbar) C:\Documents and Settings\Natalia\Desktop\FRST.exe 2014-09-11 10:18 - 2014-09-11 10:18 - 17903792 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-30 22:52 - 2008-07-27 17:56 - 00000000 ____D () C:\Documents and Settings\Natalia\Local Settings\Temp 2014-09-30 22:51 - 2014-08-13 02:59 - 00000000 ____D () C:\FRST 2014-09-30 22:49 - 2014-08-13 03:04 - 00000000 ____D () C:\Mozilla Firefox 2014-09-30 22:46 - 2014-04-07 11:33 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job 2014-09-30 22:40 - 2014-04-13 23:41 - 00000000 ___RD () C:\Documents and Settings\Natalia\My Documents\Google Drive 2014-09-30 22:39 - 2014-07-04 12:13 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-09-30 22:39 - 2008-08-29 01:13 - 00000000 ____D () C:\Documents and Settings\Natalia\Application Data\stickies 2014-09-30 22:39 - 2004-08-10 14:02 - 01818696 _____ () C:\WINDOWS\WindowsUpdate.log 2014-09-30 22:38 - 2009-06-29 23:03 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-30 22:36 - 2004-08-10 14:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-09-30 22:36 - 2004-08-10 13:59 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-09-30 22:36 - 2004-08-10 13:59 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-09-30 22:34 - 2008-07-27 17:56 - 00000178 ___SH () C:\Documents and Settings\Natalia\ntuser.ini 2014-09-30 22:34 - 2004-08-10 14:08 - 00032492 _____ () C:\WINDOWS\SchedLgU.Txt 2014-09-30 22:21 - 2010-02-24 21:25 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-809295428-1601180853-2587088129-1006UA.job 2014-09-30 22:19 - 2008-07-27 22:06 - 00000000 ____D () C:\Temp 2014-09-30 22:18 - 2013-01-10 23:24 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-09-29 21:55 - 2008-07-27 17:56 - 00000000 ____D () C:\Documents and Settings\Natalia 2014-09-29 21:12 - 2009-06-29 23:03 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-29 20:43 - 2013-01-06 19:03 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp 2014-09-29 20:18 - 2004-08-10 13:51 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-09-29 20:17 - 2012-05-10 16:23 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-09-22 02:41 - 2013-01-11 21:24 - 00231568 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2014-09-19 12:49 - 2009-02-22 14:11 - 00000868 _____ () C:\WINDOWS\Tasks\Google Software Updater.job 2014-09-19 12:30 - 2009-10-06 17:53 - 00000000 ____D () C:\Documents and Settings\Natalia\My Documents\City Council Policy and Projects 2014-09-19 12:19 - 2010-02-24 21:25 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-809295428-1601180853-2587088129-1006Core.job 2014-09-17 19:41 - 2008-07-28 13:33 - 00221184 _____ () C:\Documents and Settings\Natalia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-15 09:10 - 2010-01-10 17:58 - 00000000 ____D () C:\Documents and Settings\Natalia\My Documents\City Council Speeches 2014-09-15 09:02 - 2013-07-20 10:21 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-09-15 09:01 - 2008-08-09 09:27 - 98758480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-09-11 10:19 - 2013-01-10 23:24 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-09-11 10:19 - 2013-01-10 23:24 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-08-31 19:59 - 2013-08-14 18:02 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================
  5. AnastasiaBN
    can someone help me please?
  6. AnastasiaBN
    Hi, my computer is still slow. Can I get an update on what to do next please?
  7. AnastasiaBN
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:26-08-2014 Ran by Natalia at 2014-08-27 13:12:34 Run:1 Running from C:\Documents and Settings\Natalia\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Start C:\Documents and Settings\Natalia\Local Settings\Temp\1_Offer_5.exe C:\Documents and Settings\Natalia\Local Settings\Temp\1_Offer_7.exe C:\Documents and Settings\Natalia\Local Settings\Temp\6_Offer_15.exe C:\Documents and Settings\Natalia\Local Settings\Temp\gkc.exe C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a96e236d.exe C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-c6c93e88.exe End ***************** C:\Documents and Settings\Natalia\Local Settings\Temp\1_Offer_5.exe => Moved successfully. C:\Documents and Settings\Natalia\Local Settings\Temp\1_Offer_7.exe => Moved successfully. C:\Documents and Settings\Natalia\Local Settings\Temp\6_Offer_15.exe => Moved successfully. C:\Documents and Settings\Natalia\Local Settings\Temp\gkc.exe => Moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a96e236d.exe => Moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-c6c93e88.exe => Moved successfully. ==== End of Fixlog ====
  8. AnastasiaBN
    Hi, can I get an update on what to do next please?
  9. AnastasiaBN
    I hope this is what you are looking for? Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 8/19/2014Scan Time: 2:26:07 PMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.08.19.09Rootkit Database: v2014.08.16.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows XP Service Pack 3CPU: x86File System: NTFSUser: Natalia Scan Type: Threat ScanResult: CompletedObjects Scanned: 320918Time Elapsed: 1 hr, 27 min, 24 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: WarnPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)
  10. AnastasiaBN
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01 Ran by Natalia (administrator) on D56S2NG1 on 17-08-2014 17:32:07 Running from C:\Documents and Settings\Natalia\Desktop Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe () C:\WINDOWS\system32\WLTRYSVC.EXE (Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE () C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe () C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Roxio) C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe (Amazon.com) C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe () C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE () C:\Program Files\Unlocker\UnlockerAssistant.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (SillySot Software) C:\Program Files\Iconoid\iconoid.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe (Zhorn Software) C:\Program Files\Stickies\stickies.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Apple Inc.) C:\Program Files\iTunes\iTunes.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Spotify Ltd) C:\Documents and Settings\Natalia\Application Data\Spotify\spotify.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation) C:\WINDOWS\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.179.3058.0.exe (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation) HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [iconoid] => C:\Program Files\Iconoid\iconoid.exe [274432 2007-02-03] (SillySot Software) HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [Google Update] => C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-06-07] (Google Inc.) HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [MusicManager] => C:\Documents and Settings\Natalia\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.) HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google) HKU\S-1-5-21-809295428-1601180853-2587088129-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iconoid] => C:\Program Files\Iconoid\iconoid.exe [274432 2007-02-03] (SillySot Software) HKU\S-1-5-21-809295428-1601180853-2587088129-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-06-07] (Google Inc.) HKU\S-1-5-21-809295428-1601180853-2587088129-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MusicManager] => C:\Documents and Settings\Natalia\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.) HKU\S-1-5-21-809295428-1601180853-2587088129-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google) HKU\S-1-5-21-809295428-1601180853-2587088129-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.) HKU\S-1-5-21-809295428-1601180853-2587088129-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {599be100-e233-11e0-a665-001fe16fe0eb} - F:\setup.exe -a Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software ) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass) Startup: C:\Documents and Settings\Natalia\Start Menu\Programs\Startup\Stickies.lnk ShortcutTarget: Stickies.lnk -> C:\Program Files\Stickies\stickies.exe (Zhorn Software) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) BootExecute: autocheck autochk /r \??\C:autocheck autochk * ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {2A696BCE-44CF-45a4-B905-59CDFA08531A} URL = http://del.icio.us/search/?fr=del_icio_us&p={searchTerms}&type=all SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-linksys BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: CDelHotkeys Object -> {78875F5C-A685-4405-8DC5-D48DC65452B0} -> C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\LastPass_2025502219\LPToolbar.dll (LastPass) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\LastPass_2025502219\LPToolbar.dll (LastPass) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!) DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Natalia\Application Data\Mozilla\Firefox\Profiles\jbvd64q4.default-1358785706187 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=1.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Natalia\Application Data\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Natalia\Application Data\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=8 -> C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Natalia\Application Data\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Natalia\Application Data\mozilla\plugins\npo1d.dll (Google) FF Extension: LastPass - C:\Documents and Settings\Natalia\Application Data\Mozilla\Firefox\Profiles\jbvd64q4.default-1358785706187\Extensions\support@lastpass.com [2014-08-13] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-17] FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2012-12-10] FF StartMenuInternet: FIREFOX.EXE - C:\Mozilla Firefox\firefox.exe Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR StartupUrls: "hxxp://www.google.com/" CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter} CHR Extension: (Google Drive) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-21] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-03] CHR Extension: (Turn Off the Lights) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-08-01] CHR Extension: (Search by Image (by Google)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-08-01] CHR Extension: (Email this page (by Google)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2014-08-01] CHR Extension: (Rather) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkigkllnlkoblfbgfnfngfcnhmndonjm [2014-08-01] CHR Extension: (Facebook Disconnect) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2014-08-01] CHR Extension: (Google Play Music) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-08-01] CHR Extension: (PicMonkey) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2014-08-01] CHR Extension: (AdBlock) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-01] CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2014-07-06] CHR Extension: (LastPass: Free Password Manager) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-08-01] CHR Extension: (Disconnect Search) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2014-08-01] CHR Extension: (Larry Filter for Twitter) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifgdeokhnfkbgdocafpokgdnnfbnbbok [2014-08-01] CHR Extension: (Disconnect) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-08-01] CHR Extension: (StayFocusd) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2014-08-01] CHR Extension: (Save to Pocket) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-08-01] CHR Extension: (Google Wallet) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26] CHR Extension: (Personal Blocklist (by Google)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2014-08-01] CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\13.2.0.5\avg.crx [2014-08-01] CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\Natalia\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-13] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-12-10] CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] () R2 ADVService; C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2010-09-13] (Amazon.com) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-06-23] (Macrovision Europe Ltd.) [File not signed] S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-10] (Google) S2 gupdate1c9951982642bf6; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-22] (Google Inc.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170408 2012-12-18] (Oracle Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-23] () R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) R2 RoxioNow Service; C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe [400368 2010-10-20] (Roxio) R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-14] (SupportSoft, Inc.) R2 vToolbarUpdater13.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] () R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1921024 2008-05-15] (Dell Inc.) [File not signed] S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed] R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [26984 2012-11-08] (AVG Technologies) R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1123328 2008-05-15] (Broadcom Corp.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R3 DXEC02; C:\WINDOWS\System32\drivers\dxec02.sys [103168 2006-11-02] (Knowles Acoustics) [File not signed] R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211200 2007-12-02] (Conexant Systems, Inc.) R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989952 2007-12-02] (Conexant Systems, Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-15] (Malwarebytes Corporation) R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R3 OEM02Afx; C:\WINDOWS\system32\Drivers\OEM02Afx.sys [141376 2007-08-28] (Creative Technology Ltd.) S3 QV2KUX; C:\WINDOWS\System32\DRIVERS\qv2kux.sys [3328 2001-08-17] (Microsoft Corporation) R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2008-03-30] (SigmaTel, Inc.) S1 mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [X] S3 motmodem; system32\DRIVERS\motmodem.sys [X] S3 RimUsb; System32\Drivers\RimUsb.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U3 TlntSvr; ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-17 17:32 - 2014-08-17 17:34 - 00027795 _____ () C:\Documents and Settings\Natalia\Desktop\FRST.txt 2014-08-17 17:31 - 2014-08-17 17:31 - 00000000 ____D () C:\Documents and Settings\Natalia\Desktop\FRST-OlderVersion 2014-08-13 02:59 - 2014-08-17 17:32 - 00000000 ____D () C:\FRST 2014-08-13 02:58 - 2014-08-13 02:58 - 00000668 _____ () C:\Documents and Settings\Natalia\Desktop\Shortcut to Downloads.lnk 2014-08-13 02:51 - 2014-08-17 17:31 - 01093632 _____ (Farbar) C:\Documents and Settings\Natalia\Desktop\FRST.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-17 17:34 - 2014-08-17 17:32 - 00027795 _____ () C:\Documents and Settings\Natalia\Desktop\FRST.txt 2014-08-17 17:34 - 2008-07-27 17:56 - 00000000 ____D () C:\Documents and Settings\Natalia\Local Settings\Temp 2014-08-17 17:32 - 2014-08-13 02:59 - 00000000 ____D () C:\FRST 2014-08-17 17:31 - 2014-08-17 17:31 - 00000000 ____D () C:\Documents and Settings\Natalia\Desktop\FRST-OlderVersion 2014-08-17 17:31 - 2014-08-13 02:51 - 01093632 _____ (Farbar) C:\Documents and Settings\Natalia\Desktop\FRST.exe 2014-08-17 17:31 - 2014-04-02 18:26 - 00000000 ____D () C:\Documents and Settings\Natalia\Desktop\2014 2014-08-17 17:31 - 2011-12-20 18:53 - 00000000 ____D () C:\Documents and Settings\Natalia\Application Data\Spotify 2014-08-17 17:31 - 2004-08-10 14:02 - 02090609 _____ () C:\WINDOWS\WindowsUpdate.log 2014-08-17 17:20 - 2010-02-24 21:25 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-809295428-1601180853-2587088129-1006UA.job 2014-08-17 17:18 - 2013-01-10 23:24 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-08-16 15:46 - 2004-08-10 13:59 - 00000211 _____ () C:\WINDOWS\wiadebug.log 2014-08-16 15:12 - 2009-06-29 23:03 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-16 12:52 - 2008-06-23 00:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help 2014-08-16 12:49 - 2009-02-22 14:11 - 00000868 _____ () C:\WINDOWS\Tasks\Google Software Updater.job 2014-08-16 12:32 - 2004-08-10 14:08 - 00032428 _____ () C:\WINDOWS\SchedLgU.Txt 2014-08-16 12:25 - 2013-01-06 19:03 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp 2014-08-16 12:19 - 2010-02-24 21:25 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-809295428-1601180853-2587088129-1006Core.job 2014-08-16 12:12 - 2013-07-20 10:21 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-08-16 12:12 - 2009-06-29 23:03 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-16 12:12 - 2008-08-09 09:27 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-08-15 01:48 - 2011-12-20 18:53 - 00000000 ____D () C:\Documents and Settings\Natalia\Local Settings\Application Data\Spotify 2014-08-15 00:33 - 2014-07-04 12:13 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-13 03:07 - 2014-07-04 11:21 - 00000000 ____D () C:\Mozilla Firefox 2014-08-13 02:58 - 2014-08-13 02:58 - 00000668 _____ () C:\Documents and Settings\Natalia\Desktop\Shortcut to Downloads.lnk 2014-08-13 02:37 - 2014-04-07 11:33 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job 2014-08-13 02:30 - 2014-04-13 23:41 - 00000000 ___RD () C:\Documents and Settings\Natalia\My Documents\Google Drive 2014-08-13 02:28 - 2008-07-27 22:06 - 00000000 ____D () C:\Temp 2014-08-13 02:27 - 2004-08-10 14:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-08-13 02:27 - 2004-08-10 13:59 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-08-02 14:39 - 2014-06-17 02:14 - 00000000 ____D () C:\Documents and Settings\Natalia\Desktop\files 2014-08-02 14:38 - 2013-12-31 22:07 - 00000000 ____D () C:\Documents and Settings\Natalia\Application Data\vlc 2014-08-02 14:36 - 2008-07-28 13:33 - 00216064 _____ () C:\Documents and Settings\Natalia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-08-01 15:52 - 2012-05-10 16:23 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-08-01 14:28 - 2008-08-29 01:13 - 00000000 ____D () C:\Documents and Settings\Natalia\Application Data\stickies 2014-08-01 14:03 - 2011-08-30 20:59 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-08-01 14:03 - 2004-08-10 13:51 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-08-01 14:02 - 2013-12-28 17:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$ 2014-07-29 22:32 - 2008-07-27 17:56 - 00000178 ___SH () C:\Documents and Settings\Natalia\ntuser.ini 2014-07-29 22:32 - 2008-07-27 17:56 - 00000000 ____D () C:\Documents and Settings\Natalia 2014-07-28 18:51 - 2011-08-30 20:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight 2014-07-24 20:17 - 2014-07-04 12:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-24 20:17 - 2014-07-04 12:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-07-20 19:19 - 2013-01-10 23:24 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-07-20 19:19 - 2013-01-10 23:24 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-07-20 19:15 - 2014-04-13 23:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive Some content of TEMP: ==================== C:\Documents and Settings\Natalia\Local Settings\Temp\1_Offer_5.exe C:\Documents and Settings\Natalia\Local Settings\Temp\1_Offer_7.exe C:\Documents and Settings\Natalia\Local Settings\Temp\6_Offer_15.exe C:\Documents and Settings\Natalia\Local Settings\Temp\gkc.exe C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a96e236d.exe C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-c6c93e88.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================
  11. AnastasiaBN
    hi all, I'm infected! i'm not quite sure what has happened honestly, i haven't downloaded anything unusual. yesterday and today i started to notice that chrome was running slowly ... and then everything else - from itunes to 'my computer' to any other program - took a couple minutes to load. it's sluggish as all heck. i have an old school dell inspiron 1520 running on Windows XP; we've had our ups and downs, but it's always been reliable and good to me. happy to have found this, look forward to some help. enclosed please find the FRST.txt and Addition.txt logs. I await further instruction. thanks! Anastasia FRST.txt Addition.txt
  12. AnastasiaBN
    Hi! So, I uninstalled and ininstalled Adobe Flash and that seemed to do the trick for restoring the sound. Thanks. I uninstalled ComboFix and ran OTCleanIt. However, I still have things like ADWCleaner, HijackThis, and SecurityCheck on my desktop. Should I manually remove those? I also downloaded those security programs, so hopefully I'll be good to go!!
  13. AnastasiaBN
    Hi there, I completed the DMA reset. Turns out one of channels transfer modes was stuck in "PIO Mode" so it rebooted back to the proper mode. My sound on iTunes, Explorer, and Firefox seems to be working fine now. Netflix on Chrome seems to be clear as well. However I am still experiencing some static on YouTube in Chrome. Also, when I click on my Device Manager, I actually have 2 Primary IDE Channel options. Not sure if this is normal. (see attachments.)
  14. AnastasiaBN
    Hi, I have not done these tasks above because I just experienced some new problems. I just started listening to some Youtube videos on Google Chrome and the sound is terrible. It sounds very jagged and punctuated with static. I tried Soundcloud, Netflix, and videos in Picasa in Chrome and I have the same issue. I tried these things in Firefox and the sound is also filled with static, although it is not as bad. Internet Explorer, surprisingly, sounds a lot better. I find it bizarre that my browsers would react differently to these sounds, but it is true! Google Chrome is by far the worst - I can hardly listen to anything on Chrome while on Explorer the music is at least bearable. I just tried iTunes and the sound is for the most part fine, with just a little bit of static here and there. This just started about a month ago. I believe I had downloaded some music manipulation software that brought me this original malware. Could it be that something rode in with the programs to cause this sound to deteriorate? The fact that the sound is unevenly playing through different browsers makes me think it is not just a Dell hardware speaker problem. Thanks for any help.
  15. AnastasiaBN
    Hi, I completed all of the tasks above. Computer is working fine - smooth and quick. Have not restarted but I look forward to a faster start process now that I have eliminated all those unneeded start-up entries. In any case, the ESET scan found one threat. Here is it: C:\Documents and Settings\Natalia\My Documents\Downloads\7zip_installer_d162802.exe probably a variant of Win32/InstallIQ application
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.