AnastasiaBN
-
Posts
20 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by AnastasiaBN
-
Whoa, so as soon as I opened the Malware Bytes program (and yes, I have a paid version), my desktop was miraculously restored! How do I check if the protections modules are enabled? What do I need to click or unclick?
-
Hi, I logged onto my password-protected account, and I got stuck on the wallpaper screen again - the only way I can access any files at all whatever is by going to Task Explorer and go to Applications - File - Run. I was able to open my desktop and find the last file that I ran, it is the AdwCleaner file. I'm going to try the MBAM thing now. # AdwCleaner v3.311 - Report created 02/10/2014 at 05:34:05 # Updated 30/09/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Natalia - D56S2NG1 # Running from : C:\Documents and Settings\Natalia\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files\Common Files\AVG Secure Search Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB [!] Folder Deleted : C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [!] Folder Deleted : C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\SOFTWARE\SimplyGen ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v32.0.3 (x86 en-US) [ File : C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\4aarq8xi.default\prefs.js ] [ File : C:\Documents and Settings\Natalia\Application Data\Mozilla\Firefox\Profiles\jbvd64q4.default-1358785706187\prefs.js ] -\\ Google Chrome v [ File : C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=410&sr=0&q={searchTerms} Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} ************************* AdwCleaner[R0].txt - [2608 octets] - [01/10/2014 23:46:25] AdwCleaner[s0].txt - [2573 octets] - [02/10/2014 05:34:05] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2633 octets] ##########
-
Hi there, I am having a major problem. I do not recall what step I was on, but something has happened where I can no longer access my profile on my computer. Allow me to explain. I have two profiles on my laptop computer, one that is password protected and another that is not password protected. When my computer starts up, I am taken to the welcome screen with the two profiles. I have been downloading these applications and going through the steps on my protected profile, which is the one I use the vast majority of the time. But now, every time I enter my password for my protected profile, I am taken to a screen with my desktop wallpaper, but my profile never completely loads. I am simply stuck with a screen of my desktop wallpaper and an arrow that i can roll around the screen, but nothing happens. I have tried to log into my profile about a dozen times, and each time I get stuck. The only way I can leave the screen is by pressing CTRL+ALT+DELETE, logging off, and logging onto the other profile, from which I am writing now. I can enter the non-password protected profile with no problem. Can you help me? Do I need to go into the computer on safe mode or something? I am very concerned. All of my files are located on the password protected profile I cannot access.
-
Many thanks for your help! Here is the FRST.txt log. There is no Addition.txt log: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-09-2014 Ran by Natalia (administrator) on D56S2NG1 on 30-09-2014 22:51:40 Running from C:\Documents and Settings\Natalia\Desktop Loaded Profile: Natalia (Available profiles: Natalia & John) Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe () C:\WINDOWS\system32\WLTRYSVC.EXE (Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE () C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe () C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Roxio) C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe (Amazon.com) C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe () C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE () C:\Program Files\Unlocker\UnlockerAssistant.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (SillySot Software) C:\Program Files\Iconoid\iconoid.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Zhorn Software) C:\Program Files\Stickies\stickies.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Mozilla Corporation) C:\Mozilla Firefox\firefox.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [851968 2007-07-09] (Synaptics, Inc.) HKLM\...\Run: [broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [2183168 2008-05-15] (Dell Inc.) HKLM\...\Run: [unlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [15872 2008-05-02] () HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [404712 2013-01-04] (BillP Studios) HKLM\...\Run: [Dell QuickSet] => C:\Program Files\Dell\QuickSet\Quickset.exe [1245184 2008-02-22] (Dell Inc.) Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [iconoid] => C:\Program Files\Iconoid\iconoid.exe [274432 2007-02-03] (SillySot Software) HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [Google Update] => C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-06-07] (Google Inc.) HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [MusicManager] => C:\Documents and Settings\Natalia\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-07-22] (Google Inc.) HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google) HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software ) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass) Startup: C:\Documents and Settings\Natalia\Start Menu\Programs\Startup\Stickies.lnk ShortcutTarget: Stickies.lnk -> C:\Program Files\Stickies\stickies.exe (Zhorn Software) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: [Offline Files] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} => C:\WINDOWS\System32\cscui.dll (Microsoft Corporation) BootExecute: autocheck autochk /r \??\C:autocheck autochk * ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {2A696BCE-44CF-45a4-B905-59CDFA08531A} URL = http://del.icio.us/search/?fr=del_icio_us&p={searchTerms}&type=all SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-linksys BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: CDelHotkeys Object -> {78875F5C-A685-4405-8DC5-D48DC65452B0} -> C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\LastPass_2025502219\LPToolbar.dll (LastPass) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\LastPass_2025502219\LPToolbar.dll (LastPass) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!) DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Natalia\Application Data\Mozilla\Firefox\Profiles\jbvd64q4.default-1358785706187 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=1.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Natalia\Application Data\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Natalia\Application Data\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=8 -> C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Natalia\Application Data\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Natalia\Application Data\mozilla\plugins\npo1d.dll (Google) FF Extension: LastPass - C:\Documents and Settings\Natalia\Application Data\Mozilla\Firefox\Profiles\jbvd64q4.default-1358785706187\Extensions\support@lastpass.com [2014-08-22] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-17] FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2012-12-10] FF StartMenuInternet: FIREFOX.EXE - C:\Mozilla Firefox\firefox.exe Chrome: ======= CHR CustomProfile: C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-21] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-03] CHR Extension: (Show the YouTube Channel bar or the name.) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-08-01] CHR Extension: (Search by Image (by Google)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-08-01] CHR Extension: (Email this page (by Google)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2014-08-01] CHR Extension: (Rather) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkigkllnlkoblfbgfnfngfcnhmndonjm [2014-08-01] CHR Extension: (Facebook Disconnect) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2014-08-01] CHR Extension: (Google Play Music) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-08-01] CHR Extension: (PicMonkey) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2014-08-01] CHR Extension: (AdBlock) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-01] CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2014-07-06] CHR Extension: (LastPass: Free Password Manager) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-08-01] CHR Extension: (Disconnect Search) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2014-08-01] CHR Extension: (Larry Filter for Twitter) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifgdeokhnfkbgdocafpokgdnnfbnbbok [2014-08-01] CHR Extension: (Disconnect) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-08-01] CHR Extension: (StayFocusd) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2014-08-01] CHR Extension: (Save to Pocket) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-08-01] CHR Extension: (Google Wallet) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26] CHR Extension: (Personal Blocklist (by Google)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2014-08-01] CHR CustomProfile: C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Profile 1 CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\13.2.0.5\avg.crx [] CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\Natalia\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-13] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-12-10] CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] () R2 ADVService; C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2010-09-13] (Amazon.com) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-06-23] (Macrovision Europe Ltd.) [File not signed] S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-10] (Google) S2 gupdate1c9951982642bf6; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-22] (Google Inc.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170408 2012-12-18] (Oracle Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-23] () R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) R2 RoxioNow Service; C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe [400368 2010-10-20] (Roxio) R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-14] (SupportSoft, Inc.) R2 vToolbarUpdater13.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] () R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1921024 2008-05-15] (Dell Inc.) [File not signed] S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed] R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [26984 2012-11-08] (AVG Technologies) R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1123328 2008-05-15] (Broadcom Corp.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R3 DXEC02; C:\WINDOWS\System32\drivers\dxec02.sys [103168 2006-11-02] (Knowles Acoustics) [File not signed] R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211200 2007-12-02] (Conexant Systems, Inc.) R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989952 2007-12-02] (Conexant Systems, Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-30] (Malwarebytes Corporation) R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R3 OEM02Afx; C:\WINDOWS\system32\Drivers\OEM02Afx.sys [141376 2007-08-28] (Creative Technology Ltd.) S3 QV2KUX; C:\WINDOWS\System32\DRIVERS\qv2kux.sys [3328 2001-08-17] (Microsoft Corporation) R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2008-03-30] (SigmaTel, Inc.) S1 mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [X] S3 motmodem; system32\DRIVERS\motmodem.sys [X] S3 RimUsb; System32\Drivers\RimUsb.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U3 TlntSvr; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-30 22:51 - 2014-09-30 22:52 - 00025610 _____ () C:\Documents and Settings\Natalia\Desktop\FRST.txt 2014-09-30 22:49 - 2014-09-30 22:49 - 01100288 _____ (Farbar) C:\Documents and Settings\Natalia\Desktop\FRST.exe 2014-09-11 10:18 - 2014-09-11 10:18 - 17903792 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-30 22:52 - 2008-07-27 17:56 - 00000000 ____D () C:\Documents and Settings\Natalia\Local Settings\Temp 2014-09-30 22:51 - 2014-08-13 02:59 - 00000000 ____D () C:\FRST 2014-09-30 22:49 - 2014-08-13 03:04 - 00000000 ____D () C:\Mozilla Firefox 2014-09-30 22:46 - 2014-04-07 11:33 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job 2014-09-30 22:40 - 2014-04-13 23:41 - 00000000 ___RD () C:\Documents and Settings\Natalia\My Documents\Google Drive 2014-09-30 22:39 - 2014-07-04 12:13 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-09-30 22:39 - 2008-08-29 01:13 - 00000000 ____D () C:\Documents and Settings\Natalia\Application Data\stickies 2014-09-30 22:39 - 2004-08-10 14:02 - 01818696 _____ () C:\WINDOWS\WindowsUpdate.log 2014-09-30 22:38 - 2009-06-29 23:03 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-30 22:36 - 2004-08-10 14:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-09-30 22:36 - 2004-08-10 13:59 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-09-30 22:36 - 2004-08-10 13:59 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-09-30 22:34 - 2008-07-27 17:56 - 00000178 ___SH () C:\Documents and Settings\Natalia\ntuser.ini 2014-09-30 22:34 - 2004-08-10 14:08 - 00032492 _____ () C:\WINDOWS\SchedLgU.Txt 2014-09-30 22:21 - 2010-02-24 21:25 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-809295428-1601180853-2587088129-1006UA.job 2014-09-30 22:19 - 2008-07-27 22:06 - 00000000 ____D () C:\Temp 2014-09-30 22:18 - 2013-01-10 23:24 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-09-29 21:55 - 2008-07-27 17:56 - 00000000 ____D () C:\Documents and Settings\Natalia 2014-09-29 21:12 - 2009-06-29 23:03 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-29 20:43 - 2013-01-06 19:03 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp 2014-09-29 20:18 - 2004-08-10 13:51 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-09-29 20:17 - 2012-05-10 16:23 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-09-22 02:41 - 2013-01-11 21:24 - 00231568 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2014-09-19 12:49 - 2009-02-22 14:11 - 00000868 _____ () C:\WINDOWS\Tasks\Google Software Updater.job 2014-09-19 12:30 - 2009-10-06 17:53 - 00000000 ____D () C:\Documents and Settings\Natalia\My Documents\City Council Policy and Projects 2014-09-19 12:19 - 2010-02-24 21:25 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-809295428-1601180853-2587088129-1006Core.job 2014-09-17 19:41 - 2008-07-28 13:33 - 00221184 _____ () C:\Documents and Settings\Natalia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-09-15 09:10 - 2010-01-10 17:58 - 00000000 ____D () C:\Documents and Settings\Natalia\My Documents\City Council Speeches 2014-09-15 09:02 - 2013-07-20 10:21 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-09-15 09:01 - 2008-08-09 09:27 - 98758480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-09-11 10:19 - 2013-01-10 23:24 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-09-11 10:19 - 2013-01-10 23:24 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-08-31 19:59 - 2013-08-14 18:02 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================
-
can someone help me please?
-
Hi, my computer is still slow. Can I get an update on what to do next please?
-
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:26-08-2014 Ran by Natalia at 2014-08-27 13:12:34 Run:1 Running from C:\Documents and Settings\Natalia\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Start C:\Documents and Settings\Natalia\Local Settings\Temp\1_Offer_5.exe C:\Documents and Settings\Natalia\Local Settings\Temp\1_Offer_7.exe C:\Documents and Settings\Natalia\Local Settings\Temp\6_Offer_15.exe C:\Documents and Settings\Natalia\Local Settings\Temp\gkc.exe C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a96e236d.exe C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-c6c93e88.exe End ***************** C:\Documents and Settings\Natalia\Local Settings\Temp\1_Offer_5.exe => Moved successfully. C:\Documents and Settings\Natalia\Local Settings\Temp\1_Offer_7.exe => Moved successfully. C:\Documents and Settings\Natalia\Local Settings\Temp\6_Offer_15.exe => Moved successfully. C:\Documents and Settings\Natalia\Local Settings\Temp\gkc.exe => Moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a96e236d.exe => Moved successfully. C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-c6c93e88.exe => Moved successfully. ==== End of Fixlog ====
-
Hi, can I get an update on what to do next please?
-
I hope this is what you are looking for? Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 8/19/2014Scan Time: 2:26:07 PMLogfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.08.19.09Rootkit Database: v2014.08.16.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows XP Service Pack 3CPU: x86File System: NTFSUser: Natalia Scan Type: Threat ScanResult: CompletedObjects Scanned: 320918Time Elapsed: 1 hr, 27 min, 24 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: WarnPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)
-
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01 Ran by Natalia (administrator) on D56S2NG1 on 17-08-2014 17:32:07 Running from C:\Documents and Settings\Natalia\Desktop Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe () C:\WINDOWS\system32\WLTRYSVC.EXE (Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE () C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe () C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Roxio) C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe (Amazon.com) C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe () C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE () C:\Program Files\Unlocker\UnlockerAssistant.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe (SillySot Software) C:\Program Files\Iconoid\iconoid.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe (Zhorn Software) C:\Program Files\Stickies\stickies.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Apple Inc.) C:\Program Files\iTunes\iTunes.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Spotify Ltd) C:\Documents and Settings\Natalia\Application Data\Spotify\spotify.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation) C:\WINDOWS\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.179.3058.0.exe (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation) HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [iconoid] => C:\Program Files\Iconoid\iconoid.exe [274432 2007-02-03] (SillySot Software) HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [Google Update] => C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-06-07] (Google Inc.) HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [MusicManager] => C:\Documents and Settings\Natalia\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.) HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google) HKU\S-1-5-21-809295428-1601180853-2587088129-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iconoid] => C:\Program Files\Iconoid\iconoid.exe [274432 2007-02-03] (SillySot Software) HKU\S-1-5-21-809295428-1601180853-2587088129-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-06-07] (Google Inc.) HKU\S-1-5-21-809295428-1601180853-2587088129-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MusicManager] => C:\Documents and Settings\Natalia\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.) HKU\S-1-5-21-809295428-1601180853-2587088129-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google) HKU\S-1-5-21-809295428-1601180853-2587088129-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.) HKU\S-1-5-21-809295428-1601180853-2587088129-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {599be100-e233-11e0-a665-001fe16fe0eb} - F:\setup.exe -a Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software ) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass) Startup: C:\Documents and Settings\Natalia\Start Menu\Programs\Startup\Stickies.lnk ShortcutTarget: Stickies.lnk -> C:\Program Files\Stickies\stickies.exe (Zhorn Software) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google) BootExecute: autocheck autochk /r \??\C:autocheck autochk * ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {2A696BCE-44CF-45a4-B905-59CDFA08531A} URL = http://del.icio.us/search/?fr=del_icio_us&p={searchTerms}&type=all SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-linksys BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: CDelHotkeys Object -> {78875F5C-A685-4405-8DC5-D48DC65452B0} -> C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\LastPass_2025502219\LPToolbar.dll (LastPass) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\LastPass_2025502219\LPToolbar.dll (LastPass) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!) DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Natalia\Application Data\Mozilla\Firefox\Profiles\jbvd64q4.default-1358785706187 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=1.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Natalia\Application Data\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Natalia\Application Data\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=8 -> C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Natalia\Application Data\mozilla\plugins\npgoogletalk.dll (Google) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Natalia\Application Data\mozilla\plugins\npo1d.dll (Google) FF Extension: LastPass - C:\Documents and Settings\Natalia\Application Data\Mozilla\Firefox\Profiles\jbvd64q4.default-1358785706187\Extensions\support@lastpass.com [2014-08-13] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-17] FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2012-12-10] FF StartMenuInternet: FIREFOX.EXE - C:\Mozilla Firefox\firefox.exe Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR StartupUrls: "hxxp://www.google.com/" CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter} CHR Extension: (Google Drive) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-21] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-03] CHR Extension: (Turn Off the Lights) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-08-01] CHR Extension: (Search by Image (by Google)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-08-01] CHR Extension: (Email this page (by Google)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2014-08-01] CHR Extension: (Rather) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkigkllnlkoblfbgfnfngfcnhmndonjm [2014-08-01] CHR Extension: (Facebook Disconnect) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2014-08-01] CHR Extension: (Google Play Music) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-08-01] CHR Extension: (PicMonkey) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2014-08-01] CHR Extension: (AdBlock) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-01] CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2014-07-06] CHR Extension: (LastPass: Free Password Manager) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-08-01] CHR Extension: (Disconnect Search) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2014-08-01] CHR Extension: (Larry Filter for Twitter) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifgdeokhnfkbgdocafpokgdnnfbnbbok [2014-08-01] CHR Extension: (Disconnect) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-08-01] CHR Extension: (StayFocusd) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2014-08-01] CHR Extension: (Save to Pocket) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-08-01] CHR Extension: (Google Wallet) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26] CHR Extension: (Personal Blocklist (by Google)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2014-08-01] CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\13.2.0.5\avg.crx [2014-08-01] CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\Natalia\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-13] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-12-10] CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] () R2 ADVService; C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2010-09-13] (Amazon.com) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-06-23] (Macrovision Europe Ltd.) [File not signed] S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-10] (Google) S2 gupdate1c9951982642bf6; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-22] (Google Inc.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170408 2012-12-18] (Oracle Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-23] () R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) R2 RoxioNow Service; C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe [400368 2010-10-20] (Roxio) R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-14] (SupportSoft, Inc.) R2 vToolbarUpdater13.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] () R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1921024 2008-05-15] (Dell Inc.) [File not signed] S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed] R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [26984 2012-11-08] (AVG Technologies) R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1123328 2008-05-15] (Broadcom Corp.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R3 DXEC02; C:\WINDOWS\System32\drivers\dxec02.sys [103168 2006-11-02] (Knowles Acoustics) [File not signed] R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211200 2007-12-02] (Conexant Systems, Inc.) R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989952 2007-12-02] (Conexant Systems, Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-15] (Malwarebytes Corporation) R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R3 OEM02Afx; C:\WINDOWS\system32\Drivers\OEM02Afx.sys [141376 2007-08-28] (Creative Technology Ltd.) S3 QV2KUX; C:\WINDOWS\System32\DRIVERS\qv2kux.sys [3328 2001-08-17] (Microsoft Corporation) R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2008-03-30] (SigmaTel, Inc.) S1 mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [X] S3 motmodem; system32\DRIVERS\motmodem.sys [X] S3 RimUsb; System32\Drivers\RimUsb.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U3 TlntSvr; ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-17 17:32 - 2014-08-17 17:34 - 00027795 _____ () C:\Documents and Settings\Natalia\Desktop\FRST.txt 2014-08-17 17:31 - 2014-08-17 17:31 - 00000000 ____D () C:\Documents and Settings\Natalia\Desktop\FRST-OlderVersion 2014-08-13 02:59 - 2014-08-17 17:32 - 00000000 ____D () C:\FRST 2014-08-13 02:58 - 2014-08-13 02:58 - 00000668 _____ () C:\Documents and Settings\Natalia\Desktop\Shortcut to Downloads.lnk 2014-08-13 02:51 - 2014-08-17 17:31 - 01093632 _____ (Farbar) C:\Documents and Settings\Natalia\Desktop\FRST.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-17 17:34 - 2014-08-17 17:32 - 00027795 _____ () C:\Documents and Settings\Natalia\Desktop\FRST.txt 2014-08-17 17:34 - 2008-07-27 17:56 - 00000000 ____D () C:\Documents and Settings\Natalia\Local Settings\Temp 2014-08-17 17:32 - 2014-08-13 02:59 - 00000000 ____D () C:\FRST 2014-08-17 17:31 - 2014-08-17 17:31 - 00000000 ____D () C:\Documents and Settings\Natalia\Desktop\FRST-OlderVersion 2014-08-17 17:31 - 2014-08-13 02:51 - 01093632 _____ (Farbar) C:\Documents and Settings\Natalia\Desktop\FRST.exe 2014-08-17 17:31 - 2014-04-02 18:26 - 00000000 ____D () C:\Documents and Settings\Natalia\Desktop\2014 2014-08-17 17:31 - 2011-12-20 18:53 - 00000000 ____D () C:\Documents and Settings\Natalia\Application Data\Spotify 2014-08-17 17:31 - 2004-08-10 14:02 - 02090609 _____ () C:\WINDOWS\WindowsUpdate.log 2014-08-17 17:20 - 2010-02-24 21:25 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-809295428-1601180853-2587088129-1006UA.job 2014-08-17 17:18 - 2013-01-10 23:24 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-08-16 15:46 - 2004-08-10 13:59 - 00000211 _____ () C:\WINDOWS\wiadebug.log 2014-08-16 15:12 - 2009-06-29 23:03 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-16 12:52 - 2008-06-23 00:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help 2014-08-16 12:49 - 2009-02-22 14:11 - 00000868 _____ () C:\WINDOWS\Tasks\Google Software Updater.job 2014-08-16 12:32 - 2004-08-10 14:08 - 00032428 _____ () C:\WINDOWS\SchedLgU.Txt 2014-08-16 12:25 - 2013-01-06 19:03 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp 2014-08-16 12:19 - 2010-02-24 21:25 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-809295428-1601180853-2587088129-1006Core.job 2014-08-16 12:12 - 2013-07-20 10:21 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-08-16 12:12 - 2009-06-29 23:03 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-16 12:12 - 2008-08-09 09:27 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-08-15 01:48 - 2011-12-20 18:53 - 00000000 ____D () C:\Documents and Settings\Natalia\Local Settings\Application Data\Spotify 2014-08-15 00:33 - 2014-07-04 12:13 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-08-13 03:07 - 2014-07-04 11:21 - 00000000 ____D () C:\Mozilla Firefox 2014-08-13 02:58 - 2014-08-13 02:58 - 00000668 _____ () C:\Documents and Settings\Natalia\Desktop\Shortcut to Downloads.lnk 2014-08-13 02:37 - 2014-04-07 11:33 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job 2014-08-13 02:30 - 2014-04-13 23:41 - 00000000 ___RD () C:\Documents and Settings\Natalia\My Documents\Google Drive 2014-08-13 02:28 - 2008-07-27 22:06 - 00000000 ____D () C:\Temp 2014-08-13 02:27 - 2004-08-10 14:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-08-13 02:27 - 2004-08-10 13:59 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-08-02 14:39 - 2014-06-17 02:14 - 00000000 ____D () C:\Documents and Settings\Natalia\Desktop\files 2014-08-02 14:38 - 2013-12-31 22:07 - 00000000 ____D () C:\Documents and Settings\Natalia\Application Data\vlc 2014-08-02 14:36 - 2008-07-28 13:33 - 00216064 _____ () C:\Documents and Settings\Natalia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-08-01 15:52 - 2012-05-10 16:23 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-08-01 14:28 - 2008-08-29 01:13 - 00000000 ____D () C:\Documents and Settings\Natalia\Application Data\stickies 2014-08-01 14:03 - 2011-08-30 20:59 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-08-01 14:03 - 2004-08-10 13:51 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-08-01 14:02 - 2013-12-28 17:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$ 2014-07-29 22:32 - 2008-07-27 17:56 - 00000178 ___SH () C:\Documents and Settings\Natalia\ntuser.ini 2014-07-29 22:32 - 2008-07-27 17:56 - 00000000 ____D () C:\Documents and Settings\Natalia 2014-07-28 18:51 - 2011-08-30 20:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight 2014-07-24 20:17 - 2014-07-04 12:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-24 20:17 - 2014-07-04 12:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-07-20 19:19 - 2013-01-10 23:24 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-07-20 19:19 - 2013-01-10 23:24 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-07-20 19:15 - 2014-04-13 23:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive Some content of TEMP: ==================== C:\Documents and Settings\Natalia\Local Settings\Temp\1_Offer_5.exe C:\Documents and Settings\Natalia\Local Settings\Temp\1_Offer_7.exe C:\Documents and Settings\Natalia\Local Settings\Temp\6_Offer_15.exe C:\Documents and Settings\Natalia\Local Settings\Temp\gkc.exe C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a96e236d.exe C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-c6c93e88.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================
-
hi all, I'm infected! i'm not quite sure what has happened honestly, i haven't downloaded anything unusual. yesterday and today i started to notice that chrome was running slowly ... and then everything else - from itunes to 'my computer' to any other program - took a couple minutes to load. it's sluggish as all heck. i have an old school dell inspiron 1520 running on Windows XP; we've had our ups and downs, but it's always been reliable and good to me. happy to have found this, look forward to some help. enclosed please find the FRST.txt and Addition.txt logs. I await further instruction. thanks! Anastasia FRST.txt Addition.txt
-
slow, sluggish computer. infected!
AnastasiaBN replied to AnastasiaBN's topic in Resolved Malware Removal Logs
Hi! So, I uninstalled and ininstalled Adobe Flash and that seemed to do the trick for restoring the sound. Thanks. I uninstalled ComboFix and ran OTCleanIt. However, I still have things like ADWCleaner, HijackThis, and SecurityCheck on my desktop. Should I manually remove those? I also downloaded those security programs, so hopefully I'll be good to go!! -
slow, sluggish computer. infected!
AnastasiaBN replied to AnastasiaBN's topic in Resolved Malware Removal Logs
Hi there, I completed the DMA reset. Turns out one of channels transfer modes was stuck in "PIO Mode" so it rebooted back to the proper mode. My sound on iTunes, Explorer, and Firefox seems to be working fine now. Netflix on Chrome seems to be clear as well. However I am still experiencing some static on YouTube in Chrome. Also, when I click on my Device Manager, I actually have 2 Primary IDE Channel options. Not sure if this is normal. (see attachments.)
-
slow, sluggish computer. infected!
AnastasiaBN replied to AnastasiaBN's topic in Resolved Malware Removal Logs
Hi, I have not done these tasks above because I just experienced some new problems. I just started listening to some Youtube videos on Google Chrome and the sound is terrible. It sounds very jagged and punctuated with static. I tried Soundcloud, Netflix, and videos in Picasa in Chrome and I have the same issue. I tried these things in Firefox and the sound is also filled with static, although it is not as bad. Internet Explorer, surprisingly, sounds a lot better. I find it bizarre that my browsers would react differently to these sounds, but it is true! Google Chrome is by far the worst - I can hardly listen to anything on Chrome while on Explorer the music is at least bearable. I just tried iTunes and the sound is for the most part fine, with just a little bit of static here and there. This just started about a month ago. I believe I had downloaded some music manipulation software that brought me this original malware. Could it be that something rode in with the programs to cause this sound to deteriorate? The fact that the sound is unevenly playing through different browsers makes me think it is not just a Dell hardware speaker problem. Thanks for any help. -
slow, sluggish computer. infected!
AnastasiaBN replied to AnastasiaBN's topic in Resolved Malware Removal Logs
Hi, I completed all of the tasks above. Computer is working fine - smooth and quick. Have not restarted but I look forward to a faster start process now that I have eliminated all those unneeded start-up entries. In any case, the ESET scan found one threat. Here is it: C:\Documents and Settings\Natalia\My Documents\Downloads\7zip_installer_d162802.exe probably a variant of Win32/InstallIQ application -
slow, sluggish computer. infected!
AnastasiaBN replied to AnastasiaBN's topic in Resolved Malware Removal Logs
Here are the logs from MBAM and HijackThis. I also completed all the other tasks with no problems. My computer seems to be running faster than ever. Wonderful! Thank you for the tips. MBAM Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.06.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Natalia :: D56S2NG1 [administrator] 1/6/2013 7:58:00 PM mbam-log-2013-01-06 (19-58-00).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 229941 Time elapsed: 23 minute(s), 3 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) HijackThis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:23:06 PM, on 1/6/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\WINDOWS\OEM02Mon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Dell\QuickSet\Quickset.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Iconoid\iconoid.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Natalia\My Documents\Downloads\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080623 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.* O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: CDelHotkeys Object - {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [iconoid] "C:\Program Files\Iconoid\iconoid.exe" O4 - HKCU\..\Run: [spotify Web Helper] "C:\Documents and Settings\Natalia\Application Data\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O4 - Global Startup: Amazon Unbox.lnk = ? O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Natalia\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Natalia\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll O9 - Extra button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll O9 - Extra button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.cinemanow.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe O23 - Service: Google Update Service (gupdate1c9951982642bf6) (gupdate1c9951982642bf6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Unknown owner - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: RoxioNow Service - Roxio - C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 13425 bytes -
slow, sluggish computer. infected!
AnastasiaBN replied to AnastasiaBN's topic in Resolved Malware Removal Logs
Here is the new Combfix report. My computer seems to be working fine! It's back to moving quickly between programs and there are no unnecessary delays when using a program. Did the reports turn up any specific virus or malware? Is there anything I need to be worried about, such as compromising of personal information? Thank you so much for your help! Y'all are great. ComboFix 13-01-05.01 - Natalia 01/06/2013 17:45:30.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3574.2887 [GMT -5:00] Running from: c:\documents and settings\Natalia\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Natalia\Desktop\CFScript.txt . . ((((((((((((((((((((((((( Files Created from 2012-12-06 to 2013-01-06 ))))))))))))))))))))))))))))))) . . 2013-01-05 17:14 . 2013-01-05 17:15 -------- d-----w- c:\windows\LastGood 2013-01-04 00:47 . 2013-01-04 00:47 -------- d-----w- c:\program files\Common Files\Skype 2013-01-04 00:47 . 2013-01-04 00:47 -------- d-----r- c:\program files\Skype 2012-12-19 01:26 . 2012-12-19 01:26 -------- d-----w- c:\documents and settings\Natalia\Local Settings\Application Data\Sun 2012-12-18 23:38 . 2012-12-18 23:35 859072 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-12-18 23:38 . 2012-12-18 23:35 779704 ----a-w- c:\windows\system32\deployJava1.dll 2012-12-18 23:37 . 2012-12-18 23:35 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-12-17 06:31 . 2012-11-01 12:17 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll 2012-12-17 06:30 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll 2012-12-17 06:30 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll 2012-12-15 18:58 . 2012-12-15 18:58 -------- d-----w- c:\documents and settings\Natalia\Local Settings\Application Data\ESET 2012-12-13 04:31 . 2013-01-05 17:15 -------- d-----w- c:\program files\ESET 2012-12-11 02:50 . 2012-12-11 02:56 -------- d-----w- c:\program files\DVDVideoSoft 2012-12-11 02:50 . 2012-12-11 02:50 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2012-12-11 02:49 . 2012-12-11 03:00 -------- d-----w- c:\documents and settings\Natalia\Application Data\DVDVideoSoft 2012-12-11 02:29 . 2012-12-11 03:31 -------- d-----w- c:\documents and settings\Natalia\Application Data\Audacity . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-18 23:35 . 2008-06-23 04:33 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-12-16 12:23 . 2004-08-10 17:50 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-12 07:27 . 2012-05-12 18:17 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-12 07:27 . 2011-05-13 03:09 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-13 01:25 . 2004-08-10 17:51 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-08 20:22 . 2012-09-01 00:06 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-11-02 02:02 . 2004-08-10 17:50 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2004-08-10 17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec 2011-06-01 04:31 . 2011-06-01 04:31 667344 ----a-w- c:\program files\mp3gain-win-1_2_5.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Natalia\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Natalia\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Natalia\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Natalia\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "Iconoid"="c:\program files\Iconoid\iconoid.exe" [2007-02-03 274432] "Spotify Web Helper"="c:\documents and settings\Natalia\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-11-26 1193176] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-10 851968] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-10 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-10 162328] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-10 137752] "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-16 2183168] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2008-03-31 405504] "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-11 30192] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-11-06 184320] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736] "Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2008-02-22 1245184] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\documents and settings\Natalia\Start Menu\Programs\Startup\ Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-1-16 757760] Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Amazon Unbox.lnk - c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2010-9-13 97384] Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2010-10-19 1795488] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-22 50688] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-06-23 04:55 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk * . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\SecondLife\\SLVoice.exe"= "c:\\Documents and Settings\\Natalia\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Natalia\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"= "c:\\Documents and Settings\\Natalia\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Roxio\\RoxioNow Player\\RNowShell.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Natalia\\Application Data\\Spotify\\spotify.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [8/31/2012 7:06 PM 26984] R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [10/23/2012 5:58 PM 120728] R2 RoxioNow Service;RoxioNow Service;c:\program files\Roxio\RoxioNow Player\RNowSvc.exe [10/20/2010 9:30 PM 400368] R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [11/8/2012 3:23 PM 711112] R4 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys --> c:\windows\system32\DRIVERS\ehdrv.sys [?] R4 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?] S2 gupdate1c9951982642bf6;Google Update Service (gupdate1c9951982642bf6);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2009 1:15 PM 133104] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944] S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/22/2008 11:45 PM 30192] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?] S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?] S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?] . Contents of the 'Scheduled Tasks' folder . 2013-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 07:27] . 2013-01-05 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-06 12:47] . 2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 18:15] . 2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 18:15] . 2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-809295428-1601180853-2587088129-1006Core.job - c:\documents and settings\Natalia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 01:35] . 2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-809295428-1601180853-2587088129-1006UA.job - c:\documents and settings\Natalia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 01:35] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local;192.168.*.* IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Copy to Semagic - c:\program files\Semagic\copy.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube Download - c:\documents and settings\Natalia\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - c:\documents and settings\Natalia\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Semagic - c:\program files\Semagic\link.htm Trusted Zone: cinemanow.com TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 FF - ProfilePath - c:\documents and settings\Natalia\Application Data\Mozilla\Firefox\Profiles\9kldy8fr.default\ FF - ExtSQL: 2012-12-10 21:50; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-06 18:00 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(900) c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll c:\windows\System32\BCMLogon.dll c:\windows\system32\igfxdev.dll . - - - - - - - > 'explorer.exe'(1184) c:\windows\system32\WININET.dll c:\documents and settings\Natalia\Application Data\Dropbox\bin\DropboxExt.14.dll c:\windows\system32\ieframe.dll c:\program files\Iconoid\tr3dll.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2013-01-06 18:03:03 ComboFix-quarantined-files.txt 2013-01-06 23:03 ComboFix2.txt 2013-01-05 20:14 ComboFix3.txt 2012-12-17 05:35 . Pre-Run: 136,089,735,168 bytes free Post-Run: 136,092,667,904 bytes free . - - End Of File - - D3C30D9E9327CA8452EE4C4E9235DFB2 -
slow, sluggish computer. infected!
AnastasiaBN replied to AnastasiaBN's topic in Resolved Malware Removal Logs
Hi, Attached is the log from Combofix. My computer definitely seems to be running faster. I can't tell whether it's fully repaired because I haven't tried to run any major programs or do any major work here yet, but so far so good. COMBOFIX LOG ComboFix 13-01-05.01 - Natalia 01/05/2013 14:54:14.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3574.2818 [GMT -5:00] Running from: c:\documents and settings\Natalia\Desktop\ComboFix.exe . . ((((((((((((((((((((((((( Files Created from 2012-12-05 to 2013-01-05 ))))))))))))))))))))))))))))))) . . 2013-01-05 17:14 . 2013-01-05 17:15 -------- d-----w- c:\windows\LastGood 2013-01-04 00:47 . 2013-01-04 00:47 -------- d-----w- c:\program files\Common Files\Skype 2013-01-04 00:47 . 2013-01-04 00:47 -------- d-----r- c:\program files\Skype 2012-12-19 01:26 . 2012-12-19 01:26 -------- d-----w- c:\documents and settings\Natalia\Local Settings\Application Data\Sun 2012-12-18 23:38 . 2012-12-18 23:35 859072 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-12-18 23:38 . 2012-12-18 23:35 779704 ----a-w- c:\windows\system32\deployJava1.dll 2012-12-18 23:37 . 2012-12-18 23:35 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-12-17 06:31 . 2012-11-01 12:17 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll 2012-12-17 06:30 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll 2012-12-17 06:30 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll 2012-12-15 18:58 . 2012-12-15 18:58 -------- d-----w- c:\documents and settings\Natalia\Local Settings\Application Data\ESET 2012-12-13 04:31 . 2013-01-05 17:15 -------- d-----w- c:\program files\ESET 2012-12-11 02:50 . 2012-12-11 02:56 -------- d-----w- c:\program files\DVDVideoSoft 2012-12-11 02:50 . 2012-12-11 02:50 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2012-12-11 02:49 . 2012-12-11 03:00 -------- d-----w- c:\documents and settings\Natalia\Application Data\DVDVideoSoft 2012-12-11 02:29 . 2012-12-11 03:31 -------- d-----w- c:\documents and settings\Natalia\Application Data\Audacity . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-18 23:35 . 2008-06-23 04:33 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-12-16 12:23 . 2004-08-10 17:50 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-12 07:27 . 2012-05-12 18:17 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-12 07:27 . 2011-05-13 03:09 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-13 01:25 . 2004-08-10 17:51 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-08 20:22 . 2012-09-01 00:06 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-11-02 02:02 . 2004-08-10 17:50 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2004-08-10 17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec 2011-06-01 04:31 . 2011-06-01 04:31 667344 ----a-w- c:\program files\mp3gain-win-1_2_5.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Natalia\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Natalia\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Natalia\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Natalia\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "Iconoid"="c:\program files\Iconoid\iconoid.exe" [2007-02-03 274432] "Spotify Web Helper"="c:\documents and settings\Natalia\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-11-26 1193176] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-10 851968] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-10 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-10 162328] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-10 137752] "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-16 2183168] "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2008-03-31 405504] "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-11 30192] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-11-06 184320] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736] "Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2008-02-22 1245184] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\documents and settings\Natalia\Start Menu\Programs\Startup\ Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-1-16 757760] Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Amazon Unbox.lnk - c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2010-9-13 97384] Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2010-10-19 1795488] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-22 50688] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-06-23 04:55 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk * . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\SecondLife\\SLVoice.exe"= "c:\\Documents and Settings\\Natalia\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Natalia\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"= "c:\\Documents and Settings\\Natalia\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Roxio\\RoxioNow Player\\RNowShell.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\Natalia\\Application Data\\Spotify\\spotify.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [8/31/2012 7:06 PM 26984] R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [10/23/2012 5:58 PM 120728] R2 RoxioNow Service;RoxioNow Service;c:\program files\Roxio\RoxioNow Player\RNowSvc.exe [10/20/2010 9:30 PM 400368] R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [11/8/2012 3:23 PM 711112] R4 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys --> c:\windows\system32\DRIVERS\ehdrv.sys [?] R4 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?] S2 gupdate1c9951982642bf6;Google Update Service (gupdate1c9951982642bf6);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2009 1:15 PM 133104] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944] S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/22/2008 11:45 PM 30192] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?] S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?] S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?] . Contents of the 'Scheduled Tasks' folder . 2013-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 07:27] . 2013-01-05 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-06 12:47] . 2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 18:15] . 2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 18:15] . 2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-809295428-1601180853-2587088129-1006Core.job - c:\documents and settings\Natalia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 01:35] . 2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-809295428-1601180853-2587088129-1006UA.job - c:\documents and settings\Natalia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 01:35] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local;192.168.*.* IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Copy to Semagic - c:\program files\Semagic\copy.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube Download - c:\documents and settings\Natalia\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - c:\documents and settings\Natalia\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Semagic - c:\program files\Semagic\link.htm Trusted Zone: cinemanow.com TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 FF - ProfilePath - c:\documents and settings\Natalia\Application Data\Mozilla\Firefox\Profiles\9kldy8fr.default\ FF - ExtSQL: 2012-12-10 21:50; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-05 15:09 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(900) c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll c:\windows\System32\BCMLogon.dll c:\windows\system32\igfxdev.dll . - - - - - - - > 'explorer.exe'(180) c:\windows\system32\WININET.dll c:\documents and settings\Natalia\Application Data\Dropbox\bin\DropboxExt.14.dll c:\windows\system32\ieframe.dll c:\program files\Iconoid\tr3dll.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2013-01-05 15:14:24 ComboFix-quarantined-files.txt 2013-01-05 20:14 ComboFix2.txt 2012-12-17 05:35 . Pre-Run: 136,046,710,784 bytes free Post-Run: 136,096,616,448 bytes free . - - End Of File - - 54BF9815B57A6357D2413A4C3056ABA1 -
slow, sluggish computer. infected!
AnastasiaBN replied to AnastasiaBN's topic in Resolved Malware Removal Logs
Hi, Thank you for the quick reply. Here are my logs in the same order as above. -Security Check- Results of screen317's Security Check version 0.99.56 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! ESET NOD32 Antivirus ESET Online Scanner v3 `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 7 Update 10 Java™ 6 Update 5 Java version out of Date! Adobe Flash Player 11.5.502.135 Adobe Reader 8 Adobe Reader out of Date! Mozilla Firefox (17.0.1) ````````Process Check: objlist.exe by Laurent```````` ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: ````````````````````End of Log`````````````````````` -AdwCleaner- # AdwCleaner v2.104 - Logfile created 01/03/2013 at 21:24:10 # Updated 29/12/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Natalia - D56S2NG1 # Boot Mode : Normal # Running from : C:\Documents and Settings\Natalia\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF} Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1 Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792} ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Documents and Settings\Natalia\Application Data\Mozilla\Firefox\Profiles\9kldy8fr.default\prefs.js Deleted : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir[...] File : C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\4aarq8xi.default\prefs.js [OK] File is clean. -\\ Google Chrome v23.0.1271.97 File : C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://www.google.com/", "hxxp://cityweb/", "hxxp://www.se[...] Deleted [l.2288] : urls_to_restore_on_startup = [ "hxxp://www.google.com/", "hxxp://cityweb/", "hxxp://www.searc[...] ************************* AdwCleaner[R1].txt - [24149 octets] - [10/12/2012 23:24:20] AdwCleaner[R2].txt - [24210 octets] - [10/12/2012 23:29:05] AdwCleaner[R3].txt - [24271 octets] - [12/12/2012 20:57:22] AdwCleaner[s2].txt - [24317 octets] - [12/12/2012 20:59:07] AdwCleaner[s3].txt - [2199 octets] - [03/01/2013 21:24:10] ########## EOF - C:\AdwCleaner[s3].txt - [2259 octets] ########## -RogueKiller- RogueKiller V8.4.2 [Dec 31 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo...13-roguekiller/ Website : http://tigzy.geeksto...roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Natalia [Admin rights] Mode : Remove -- Date : 01/03/2013 21:48:21 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 9 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200BEVT-75ZCT0 +++++ --- User --- [MBR] 1b9a91935128e9c3e78101cb6881ab8c [bSP] 74c3e5f98933aa316c7c225b4c7cf3a6 : Dell MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 94 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 192780 | Size: 298402 Mo 2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 611337510 | Size: 2557 Mo 3 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 616574700 | Size: 4180 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_01032013_02d2148.txt >> RKreport[1]_S_01032013_02d2145.txt ; RKreport[2]_D_01032013_02d2148.txt -
hi all, I'm infected! this all started a couple weeks ago when I downloaded some audio / mp3 manipulation software and some sort of malware must have came along for the ride ... all because I wanted to slow down the tempo of songs to parse out guitar tab. sigh. at first, google chrome was displaying a search.nu toolbar but after running one of my anti-virus programs it was removed, yet i am still having problems with extreme sluggishness. before i found this forum I tried to do some more clean-up myself with malware and other virus software but this was unsuccessful. happy to have found this, look forward to some help. enclosed please find the dds and attach logs. thanks! dds.txt attach.txt
