AnastasiaBN

October 23, 2014

Whoa, so as soon as I opened the Malware Bytes program (and yes, I have a paid version), my desktop was miraculously restored!

How do I check if the protections modules are enabled? What do I need to click or unclick?

October 23, 2014

Hi,

I logged onto my password-protected account, and I got stuck on the wallpaper screen again - the only way I can access any files at all whatever is by going to Task Explorer and go to Applications - File - Run. I was able to open my desktop and find the last file that I ran, it is the AdwCleaner file.

I'm going to try the MBAM thing now.

# AdwCleaner v3.311 - Report created 02/10/2014 at 05:34:05
# Updated 30/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Natalia - D56S2NG1
# Running from : C:\Documents and Settings\Natalia\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
[!] Folder Deleted : C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm
[!] Folder Deleted : C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\SimplyGen

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\4aarq8xi.default\prefs.js ]

[ File : C:\Documents and Settings\Natalia\Application Data\Mozilla\Firefox\Profiles\jbvd64q4.default-1358785706187\prefs.js ]

-\\ Google Chrome v

[ File : C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=410&sr=0&q={searchTerms}
Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2608 octets] - [01/10/2014 23:46:25]
AdwCleaner[s0].txt - [2573 octets] - [02/10/2014 05:34:05]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2633 octets] ##########

October 22, 2014

Hi there,

I am having a major problem.

I do not recall what step I was on, but something has happened where I can no longer access my profile on my computer.

Allow me to explain. I have two profiles on my laptop computer, one that is password protected and another that is not password protected. When my computer starts up, I am taken to the welcome screen with the two profiles. I have been downloading these applications and going through the steps on my protected profile, which is the one I use the vast majority of the time. But now, every time I enter my password for my protected profile, I am taken to a screen with my desktop wallpaper, but my profile never completely loads. I am simply stuck with a screen of my desktop wallpaper and an arrow that i can roll around the screen, but nothing happens. I have tried to log into my profile about a dozen times, and each time I get stuck. The only way I can leave the screen is by pressing CTRL+ALT+DELETE, logging off, and logging onto the other profile, from which I am writing now.

I can enter the non-password protected profile with no problem.

Can you help me? Do I need to go into the computer on safe mode or something? I am very concerned. All of my files are located on the password protected profile I cannot access.

October 1, 2014

Many thanks for your help!

Here is the FRST.txt log. There is no Addition.txt log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-09-2014
Ran by Natalia (administrator) on D56S2NG1 on 30-09-2014 22:51:40
Running from C:\Documents and Settings\Natalia\Desktop
Loaded Profile: Natalia (Available profiles: Natalia & John)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
() C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Roxio) C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
(Amazon.com) C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(SillySot Software) C:\Program Files\Iconoid\iconoid.exe
(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Zhorn Software) C:\Program Files\Stickies\stickies.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Mozilla Corporation) C:\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [851968 2007-07-09] (Synaptics, Inc.)
HKLM\...\Run: [broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [2183168 2008-05-15] (Dell Inc.)
HKLM\...\Run: [unlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [15872 2008-05-02] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [404712 2013-01-04] (BillP Studios)
HKLM\...\Run: [Dell QuickSet] => C:\Program Files\Dell\QuickSet\Quickset.exe [1245184 2008-02-22] (Dell Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [iconoid] => C:\Program Files\Iconoid\iconoid.exe [274432 2007-02-03] (SillySot Software)
HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [Google Update] => C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-06-07] (Google Inc.)
HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [MusicManager] => C:\Documents and Settings\Natalia\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-07-22] (Google Inc.)
HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Documents and Settings\Natalia\Start Menu\Programs\Startup\Stickies.lnk
ShortcutTarget: Stickies.lnk -> C:\Program Files\Stickies\stickies.exe (Zhorn Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [Offline Files] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} => C:\WINDOWS\System32\cscui.dll (Microsoft Corporation)
BootExecute: autocheck autochk /r \??\C:autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {2A696BCE-44CF-45a4-B905-59CDFA08531A} URL = http://del.icio.us/search/?fr=del_icio_us&p={searchTerms}&type=all
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-linksys
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CDelHotkeys Object -> {78875F5C-A685-4405-8DC5-D48DC65452B0} -> C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\LastPass_2025502219\LPToolbar.dll (LastPass)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\LastPass_2025502219\LPToolbar.dll (LastPass)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Natalia\Application Data\Mozilla\Firefox\Profiles\jbvd64q4.default-1358785706187
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Natalia\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Natalia\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=8 -> C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Natalia\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Natalia\Application Data\mozilla\plugins\npo1d.dll (Google)
FF Extension: LastPass - C:\Documents and Settings\Natalia\Application Data\Mozilla\Firefox\Profiles\jbvd64q4.default-1358785706187\Extensions\support@lastpass.com [2014-08-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-17]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2012-12-10]
FF StartMenuInternet: FIREFOX.EXE - C:\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR CustomProfile: C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-03]
CHR Extension: (Show the YouTube Channel bar or the name.) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-08-01]
CHR Extension: (Search by Image (by Google)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-08-01]
CHR Extension: (Email this page (by Google)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2014-08-01]
CHR Extension: (Rather) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkigkllnlkoblfbgfnfngfcnhmndonjm [2014-08-01]
CHR Extension: (Facebook Disconnect) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2014-08-01]
CHR Extension: (Google Play Music) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-08-01]
CHR Extension: (PicMonkey) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2014-08-01]
CHR Extension: (AdBlock) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-01]
CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2014-07-06]
CHR Extension: (LastPass: Free Password Manager) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-08-01]
CHR Extension: (Disconnect Search) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2014-08-01]
CHR Extension: (Larry Filter for Twitter) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifgdeokhnfkbgdocafpokgdnnfbnbbok [2014-08-01]
CHR Extension: (Disconnect) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-08-01]
CHR Extension: (StayFocusd) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2014-08-01]
CHR Extension: (Save to Pocket) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-08-01]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Personal Blocklist (by Google)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2014-08-01]
CHR CustomProfile: C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Profile 1
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\13.2.0.5\avg.crx []
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\Natalia\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-13]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-12-10]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 ADVService; C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2010-09-13] (Amazon.com) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-06-23] (Macrovision Europe Ltd.) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-10] (Google)
S2 gupdate1c9951982642bf6; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-22] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170408 2012-12-18] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-23] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 RoxioNow Service; C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe [400368 2010-10-20] (Roxio)
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-14] (SupportSoft, Inc.)
R2 vToolbarUpdater13.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] ()
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1921024 2008-05-15] (Dell Inc.) [File not signed]
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [26984 2012-11-08] (AVG Technologies)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1123328 2008-05-15] (Broadcom Corp.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 DXEC02; C:\WINDOWS\System32\drivers\dxec02.sys [103168 2006-11-02] (Knowles Acoustics) [File not signed]
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211200 2007-12-02] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989952 2007-12-02] (Conexant Systems, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-30] (Malwarebytes Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 OEM02Afx; C:\WINDOWS\system32\Drivers\OEM02Afx.sys [141376 2007-08-28] (Creative Technology Ltd.)
S3 QV2KUX; C:\WINDOWS\System32\DRIVERS\qv2kux.sys [3328 2001-08-17] (Microsoft Corporation)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2008-03-30] (SigmaTel, Inc.)
S1 mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-30 22:51 - 2014-09-30 22:52 - 00025610 _____ () C:\Documents and Settings\Natalia\Desktop\FRST.txt
2014-09-30 22:49 - 2014-09-30 22:49 - 01100288 _____ (Farbar) C:\Documents and Settings\Natalia\Desktop\FRST.exe
2014-09-11 10:18 - 2014-09-11 10:18 - 17903792 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-30 22:52 - 2008-07-27 17:56 - 00000000 ____D () C:\Documents and Settings\Natalia\Local Settings\Temp
2014-09-30 22:51 - 2014-08-13 02:59 - 00000000 ____D () C:\FRST
2014-09-30 22:49 - 2014-08-13 03:04 - 00000000 ____D () C:\Mozilla Firefox
2014-09-30 22:46 - 2014-04-07 11:33 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-09-30 22:40 - 2014-04-13 23:41 - 00000000 ___RD () C:\Documents and Settings\Natalia\My Documents\Google Drive
2014-09-30 22:39 - 2014-07-04 12:13 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-30 22:39 - 2008-08-29 01:13 - 00000000 ____D () C:\Documents and Settings\Natalia\Application Data\stickies
2014-09-30 22:39 - 2004-08-10 14:02 - 01818696 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-30 22:38 - 2009-06-29 23:03 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-30 22:36 - 2004-08-10 14:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-30 22:36 - 2004-08-10 13:59 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-30 22:36 - 2004-08-10 13:59 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-09-30 22:34 - 2008-07-27 17:56 - 00000178 ___SH () C:\Documents and Settings\Natalia\ntuser.ini
2014-09-30 22:34 - 2004-08-10 14:08 - 00032492 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-30 22:21 - 2010-02-24 21:25 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-809295428-1601180853-2587088129-1006UA.job
2014-09-30 22:19 - 2008-07-27 22:06 - 00000000 ____D () C:\Temp
2014-09-30 22:18 - 2013-01-10 23:24 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-29 21:55 - 2008-07-27 17:56 - 00000000 ____D () C:\Documents and Settings\Natalia
2014-09-29 21:12 - 2009-06-29 23:03 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-29 20:43 - 2013-01-06 19:03 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-09-29 20:18 - 2004-08-10 13:51 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-29 20:17 - 2012-05-10 16:23 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-22 02:41 - 2013-01-11 21:24 - 00231568 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-09-19 12:49 - 2009-02-22 14:11 - 00000868 _____ () C:\WINDOWS\Tasks\Google Software Updater.job
2014-09-19 12:30 - 2009-10-06 17:53 - 00000000 ____D () C:\Documents and Settings\Natalia\My Documents\City Council Policy and Projects
2014-09-19 12:19 - 2010-02-24 21:25 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-809295428-1601180853-2587088129-1006Core.job
2014-09-17 19:41 - 2008-07-28 13:33 - 00221184 _____ () C:\Documents and Settings\Natalia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-15 09:10 - 2010-01-10 17:58 - 00000000 ____D () C:\Documents and Settings\Natalia\My Documents\City Council Speeches
2014-09-15 09:02 - 2013-07-20 10:21 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-15 09:01 - 2008-08-09 09:27 - 98758480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-11 10:19 - 2013-01-10 23:24 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-11 10:19 - 2013-01-10 23:24 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-08-31 19:59 - 2013-08-14 18:02 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

September 20, 2014

can someone help me please?

September 13, 2014

Hi, my computer is still slow. Can I get an update on what to do next please?

August 27, 2014

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:26-08-2014

Ran by Natalia at 2014-08-27 13:12:34 Run:1

Running from C:\Documents and Settings\Natalia\Desktop

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

Start

C:\Documents and Settings\Natalia\Local Settings\Temp\1_Offer_5.exe

C:\Documents and Settings\Natalia\Local Settings\Temp\1_Offer_7.exe

C:\Documents and Settings\Natalia\Local Settings\Temp\6_Offer_15.exe

C:\Documents and Settings\Natalia\Local Settings\Temp\gkc.exe

C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a96e236d.exe

C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-c6c93e88.exe

End

*****************

C:\Documents and Settings\Natalia\Local Settings\Temp\1_Offer_5.exe => Moved successfully.

C:\Documents and Settings\Natalia\Local Settings\Temp\1_Offer_7.exe => Moved successfully.

C:\Documents and Settings\Natalia\Local Settings\Temp\6_Offer_15.exe => Moved successfully.

C:\Documents and Settings\Natalia\Local Settings\Temp\gkc.exe => Moved successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a96e236d.exe => Moved successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-c6c93e88.exe => Moved successfully.

==== End of Fixlog ====

August 27, 2014

Hi, can I get an update on what to do next please?

August 19, 2014

I hope this is what you are looking for?

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 8/19/2014

Scan Time: 2:26:07 PM

Logfile:

Administrator: Yes

Version: 2.00.2.1012

Malware Database: v2014.08.19.09

Rootkit Database: v2014.08.16.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows XP Service Pack 3

CPU: x86

File System: NTFS

User: Natalia

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 320918

Time Elapsed: 1 hr, 27 min, 24 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

August 17, 2014

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01

Ran by Natalia (administrator) on D56S2NG1 on 17-08-2014 17:32:07

Running from C:\Documents and Settings\Natalia\Desktop

Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)

Internet Explorer Version 8

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

() C:\WINDOWS\system32\WLTRYSVC.EXE

(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE

() C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

() C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

(Roxio) C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe

(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe

() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

(Amazon.com) C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

() C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe

(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe

(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe

(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE

() C:\Program Files\Unlocker\UnlockerAssistant.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe

(SillySot Software) C:\Program Files\Iconoid\iconoid.exe

(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe

(Google) C:\Program Files\Google\Drive\googledrivesync.exe

(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe

(Zhorn Software) C:\Program Files\Stickies\stickies.exe

(Google) C:\Program Files\Google\Drive\googledrivesync.exe

(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Apple Inc.) C:\Program Files\iTunes\iTunes.exe

(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Spotify Ltd) C:\Documents and Settings\Natalia\Application Data\Spotify\spotify.exe

(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

(Microsoft Corporation) C:\WINDOWS\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.179.3058.0.exe

(Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0

HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)

HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [iconoid] => C:\Program Files\Iconoid\iconoid.exe [274432 2007-02-03] (SillySot Software)

HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [Google Update] => C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-06-07] (Google Inc.)

HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [MusicManager] => C:\Documents and Settings\Natalia\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)

HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)

HKU\S-1-5-21-809295428-1601180853-2587088129-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iconoid] => C:\Program Files\Iconoid\iconoid.exe [274432 2007-02-03] (SillySot Software)

HKU\S-1-5-21-809295428-1601180853-2587088129-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-06-07] (Google Inc.)

HKU\S-1-5-21-809295428-1601180853-2587088129-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MusicManager] => C:\Documents and Settings\Natalia\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)

HKU\S-1-5-21-809295428-1601180853-2587088129-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)

HKU\S-1-5-21-809295428-1601180853-2587088129-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)

HKU\S-1-5-21-809295428-1601180853-2587088129-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {599be100-e233-11e0-a665-001fe16fe0eb} - F:\setup.exe -a

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk

ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk

ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)

Startup: C:\Documents and Settings\Natalia\Start Menu\Programs\Startup\Stickies.lnk

ShortcutTarget: Stickies.lnk -> C:\Program Files\Stickies\stickies.exe (Zhorn Software)

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

BootExecute: autocheck autochk /r \??\C:autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {2A696BCE-44CF-45a4-B905-59CDFA08531A} URL = http://del.icio.us/search/?fr=del_icio_us&p={searchTerms}&type=all

SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-linksys

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: CDelHotkeys Object -> {78875F5C-A685-4405-8DC5-D48DC65452B0} -> C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)

BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\LastPass_2025502219\LPToolbar.dll (LastPass)

BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)

Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\LastPass_2025502219\LPToolbar.dll (LastPass)

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

Toolbar: HKCU - Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll

DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:

========

FF ProfilePath: C:\Documents and Settings\Natalia\Application Data\Mozilla\Firefox\Profiles\jbvd64q4.default-1358785706187

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=1.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Natalia\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Natalia\Application Data\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=8 -> C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Natalia\Application Data\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Natalia\Application Data\mozilla\plugins\npo1d.dll (Google)

FF Extension: LastPass - C:\Documents and Settings\Natalia\Application Data\Mozilla\Firefox\Profiles\jbvd64q4.default-1358785706187\Extensions\support@lastpass.com [2014-08-13]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-17]

FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff

FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2012-12-10]

FF StartMenuInternet: FIREFOX.EXE - C:\Mozilla Firefox\firefox.exe

Chrome:

=======

CHR HomePage: hxxp://www.google.com/

CHR StartupUrls: "hxxp://www.google.com/"

CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}

CHR Extension: (Google Drive) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-21]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-03]

CHR Extension: (Turn Off the Lights) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-08-01]

CHR Extension: (Search by Image (by Google)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-08-01]

CHR Extension: (Email this page (by Google)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2014-08-01]

CHR Extension: (Rather) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkigkllnlkoblfbgfnfngfcnhmndonjm [2014-08-01]

CHR Extension: (Facebook Disconnect) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2014-08-01]

CHR Extension: (Google Play Music) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-08-01]

CHR Extension: (PicMonkey) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2014-08-01]

CHR Extension: (AdBlock) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-01]

CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2014-07-06]

CHR Extension: (LastPass: Free Password Manager) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-08-01]

CHR Extension: (Disconnect Search) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2014-08-01]

CHR Extension: (Larry Filter for Twitter) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifgdeokhnfkbgdocafpokgdnnfbnbbok [2014-08-01]

CHR Extension: (Disconnect) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-08-01]

CHR Extension: (StayFocusd) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2014-08-01]

CHR Extension: (Save to Pocket) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-08-01]

CHR Extension: (Google Wallet) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]

CHR Extension: (Personal Blocklist (by Google)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2014-08-01]

CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\13.2.0.5\avg.crx [2014-08-01]

CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\Natalia\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-13]

CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-12-10]

CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()

R2 ADVService; C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2010-09-13] (Amazon.com) [File not signed]

S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-06-23] (Macrovision Europe Ltd.) [File not signed]

S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-10] (Google)

S2 gupdate1c9951982642bf6; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-22] (Google Inc.)

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170408 2012-12-18] (Oracle Corporation)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-23] ()

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)

R2 RoxioNow Service; C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe [400368 2010-10-20] (Roxio)

R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-14] (SupportSoft, Inc.)

R2 vToolbarUpdater13.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] ()

R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1921024 2008-05-15] (Dell Inc.) [File not signed]

S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)

R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]

R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [26984 2012-11-08] (AVG Technologies)

R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1123328 2008-05-15] (Broadcom Corp.)

S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)

R3 DXEC02; C:\WINDOWS\System32\drivers\dxec02.sys [103168 2006-11-02] (Knowles Acoustics) [File not signed]

R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211200 2007-12-02] (Conexant Systems, Inc.)

R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989952 2007-12-02] (Conexant Systems, Inc.)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-15] (Malwarebytes Corporation)

R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)

S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)

R3 OEM02Afx; C:\WINDOWS\system32\Drivers\OEM02Afx.sys [141376 2007-08-28] (Creative Technology Ltd.)

S3 QV2KUX; C:\WINDOWS\System32\DRIVERS\qv2kux.sys [3328 2001-08-17] (Microsoft Corporation)

R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2008-03-30] (SigmaTel, Inc.)

S1 mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [X]

S3 motmodem; system32\DRIVERS\motmodem.sys [X]

S3 RimUsb; System32\Drivers\RimUsb.sys [X]

U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-17 17:32 - 2014-08-17 17:34 - 00027795 _____ () C:\Documents and Settings\Natalia\Desktop\FRST.txt

2014-08-17 17:31 - 2014-08-17 17:31 - 00000000 ____D () C:\Documents and Settings\Natalia\Desktop\FRST-OlderVersion

2014-08-13 02:59 - 2014-08-17 17:32 - 00000000 ____D () C:\FRST

2014-08-13 02:58 - 2014-08-13 02:58 - 00000668 _____ () C:\Documents and Settings\Natalia\Desktop\Shortcut to Downloads.lnk

2014-08-13 02:51 - 2014-08-17 17:31 - 01093632 _____ (Farbar) C:\Documents and Settings\Natalia\Desktop\FRST.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-17 17:34 - 2014-08-17 17:32 - 00027795 _____ () C:\Documents and Settings\Natalia\Desktop\FRST.txt

2014-08-17 17:34 - 2008-07-27 17:56 - 00000000 ____D () C:\Documents and Settings\Natalia\Local Settings\Temp

2014-08-17 17:32 - 2014-08-13 02:59 - 00000000 ____D () C:\FRST

2014-08-17 17:31 - 2014-08-17 17:31 - 00000000 ____D () C:\Documents and Settings\Natalia\Desktop\FRST-OlderVersion

2014-08-17 17:31 - 2014-08-13 02:51 - 01093632 _____ (Farbar) C:\Documents and Settings\Natalia\Desktop\FRST.exe

2014-08-17 17:31 - 2014-04-02 18:26 - 00000000 ____D () C:\Documents and Settings\Natalia\Desktop\2014

2014-08-17 17:31 - 2011-12-20 18:53 - 00000000 ____D () C:\Documents and Settings\Natalia\Application Data\Spotify

2014-08-17 17:31 - 2004-08-10 14:02 - 02090609 _____ () C:\WINDOWS\WindowsUpdate.log

2014-08-17 17:20 - 2010-02-24 21:25 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-809295428-1601180853-2587088129-1006UA.job

2014-08-17 17:18 - 2013-01-10 23:24 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-08-16 15:46 - 2004-08-10 13:59 - 00000211 _____ () C:\WINDOWS\wiadebug.log

2014-08-16 15:12 - 2009-06-29 23:03 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-08-16 12:52 - 2008-06-23 00:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help

2014-08-16 12:49 - 2009-02-22 14:11 - 00000868 _____ () C:\WINDOWS\Tasks\Google Software Updater.job

2014-08-16 12:32 - 2004-08-10 14:08 - 00032428 _____ () C:\WINDOWS\SchedLgU.Txt

2014-08-16 12:25 - 2013-01-06 19:03 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp

2014-08-16 12:19 - 2010-02-24 21:25 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-809295428-1601180853-2587088129-1006Core.job

2014-08-16 12:12 - 2013-07-20 10:21 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-08-16 12:12 - 2009-06-29 23:03 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-08-16 12:12 - 2008-08-09 09:27 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-08-15 01:48 - 2011-12-20 18:53 - 00000000 ____D () C:\Documents and Settings\Natalia\Local Settings\Application Data\Spotify

2014-08-15 00:33 - 2014-07-04 12:13 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-08-13 03:07 - 2014-07-04 11:21 - 00000000 ____D () C:\Mozilla Firefox

2014-08-13 02:58 - 2014-08-13 02:58 - 00000668 _____ () C:\Documents and Settings\Natalia\Desktop\Shortcut to Downloads.lnk

2014-08-13 02:37 - 2014-04-07 11:33 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job

2014-08-13 02:30 - 2014-04-13 23:41 - 00000000 ___RD () C:\Documents and Settings\Natalia\My Documents\Google Drive

2014-08-13 02:28 - 2008-07-27 22:06 - 00000000 ____D () C:\Temp

2014-08-13 02:27 - 2004-08-10 14:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-08-13 02:27 - 2004-08-10 13:59 - 00000049 _____ () C:\WINDOWS\wiaservc.log

2014-08-02 14:39 - 2014-06-17 02:14 - 00000000 ____D () C:\Documents and Settings\Natalia\Desktop\files

2014-08-02 14:38 - 2013-12-31 22:07 - 00000000 ____D () C:\Documents and Settings\Natalia\Application Data\vlc

2014-08-02 14:36 - 2008-07-28 13:33 - 00216064 _____ () C:\Documents and Settings\Natalia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-08-01 15:52 - 2012-05-10 16:23 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-08-01 14:28 - 2008-08-29 01:13 - 00000000 ____D () C:\Documents and Settings\Natalia\Application Data\stickies

2014-08-01 14:03 - 2011-08-30 20:59 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-08-01 14:03 - 2004-08-10 13:51 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl

2014-08-01 14:02 - 2013-12-28 17:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$

2014-07-29 22:32 - 2008-07-27 17:56 - 00000178 ___SH () C:\Documents and Settings\Natalia\ntuser.ini

2014-07-29 22:32 - 2008-07-27 17:56 - 00000000 ____D () C:\Documents and Settings\Natalia

2014-07-28 18:51 - 2011-08-30 20:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight

2014-07-24 20:17 - 2014-07-04 12:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-24 20:17 - 2014-07-04 12:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-07-20 19:19 - 2013-01-10 23:24 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2014-07-20 19:19 - 2013-01-10 23:24 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2014-07-20 19:15 - 2014-04-13 23:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive

Some content of TEMP:

====================

C:\Documents and Settings\Natalia\Local Settings\Temp\1_Offer_5.exe

C:\Documents and Settings\Natalia\Local Settings\Temp\1_Offer_7.exe

C:\Documents and Settings\Natalia\Local Settings\Temp\6_Offer_15.exe

C:\Documents and Settings\Natalia\Local Settings\Temp\gkc.exe

C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a96e236d.exe

C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-c6c93e88.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

August 13, 2014

hi all,

I'm infected! i'm not quite sure what has happened honestly, i haven't downloaded anything unusual. yesterday and today i started to notice that chrome was running slowly ... and then everything else - from itunes to 'my computer' to any other program - took a couple minutes to load. it's sluggish as all heck.

i have an old school dell inspiron 1520 running on Windows XP; we've had our ups and downs, but it's always been reliable and good to me.

happy to have found this, look forward to some help. enclosed please find the FRST.txt and Addition.txt logs. I await further instruction.

thanks!
Anastasia

FRST.txt

Addition.txt

January 12, 2013

Hi!

So, I uninstalled and ininstalled Adobe Flash and that seemed to do the trick for restoring the sound. Thanks.

I uninstalled ComboFix and ran OTCleanIt. However, I still have things like ADWCleaner, HijackThis, and SecurityCheck on my desktop. Should I manually remove those?

I also downloaded those security programs, so hopefully I'll be good to go!!

January 10, 2013

Hi there,

I completed the DMA reset. Turns out one of channels transfer modes was stuck in "PIO Mode" so it rebooted back to the proper mode.

My sound on iTunes, Explorer, and Firefox seems to be working fine now. Netflix on Chrome seems to be clear as well. However I am still experiencing some static on YouTube in Chrome.

Also, when I click on my Device Manager, I actually have 2 Primary IDE Channel options. Not sure if this is normal. (see attachments.)

January 7, 2013

Hi, I have not done these tasks above because I just experienced some new problems.

I just started listening to some Youtube videos on Google Chrome and the sound is terrible. It sounds very jagged and punctuated with static. I tried Soundcloud, Netflix, and videos in Picasa in Chrome and I have the same issue. I tried these things in Firefox and the sound is also filled with static, although it is not as bad. Internet Explorer, surprisingly, sounds a lot better. I find it bizarre that my browsers would react differently to these sounds, but it is true! Google Chrome is by far the worst - I can hardly listen to anything on Chrome while on Explorer the music is at least bearable.

I just tried iTunes and the sound is for the most part fine, with just a little bit of static here and there.

This just started about a month ago. I believe I had downloaded some music manipulation software that brought me this original malware. Could it be that something rode in with the programs to cause this sound to deteriorate?

The fact that the sound is unevenly playing through different browsers makes me think it is not just a Dell hardware speaker problem.

Thanks for any help.

January 7, 2013

Hi,

I completed all of the tasks above. Computer is working fine - smooth and quick. Have not restarted but I look forward to a faster start process now that I have eliminated all those unneeded start-up entries.

In any case, the ESET scan found one threat. Here is it:

C:\Documents and Settings\Natalia\My Documents\Downloads\7zip_installer_d162802.exe probably a variant of Win32/InstallIQ application

January 7, 2013

Here are the logs from MBAM and HijackThis. I also completed all the other tasks with no problems. My computer seems to be running faster than ever. Wonderful! Thank you for the tips.

MBAM

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.06.08

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Natalia :: D56S2NG1 [administrator]

1/6/2013 7:58:00 PM

mbam-log-2013-01-06 (19-58-00).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 229941

Time elapsed: 23 minute(s), 3 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

HijackThis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:23:06 PM, on 1/6/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe

C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\WINDOWS\OEM02Mon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Dell\QuickSet\Quickset.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Iconoid\iconoid.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe

C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\notepad.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Natalia\My Documents\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080623

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: CDelHotkeys Object - {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [iconoid] "C:\Program Files\Iconoid\iconoid.exe"

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Documents and Settings\Natalia\Application Data\Spotify\Data\SpotifyWebHelper.exe"

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO

O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe

O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

O4 - Global Startup: Amazon Unbox.lnk = ?

O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Natalia\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Natalia\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

O9 - Extra button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

O9 - Extra button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.cinemanow.com

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Google Update Service (gupdate1c9951982642bf6) (gupdate1c9951982642bf6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Unknown owner - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: RoxioNow Service - Roxio - C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--

End of file - 13425 bytes

January 6, 2013

Here is the new Combfix report. My computer seems to be working fine! It's back to moving quickly between programs and there are no unnecessary delays when using a program. Did the reports turn up any specific virus or malware? Is there anything I need to be worried about, such as compromising of personal information?

Thank you so much for your help! Y'all are great.

ComboFix 13-01-05.01 - Natalia 01/06/2013 17:45:30.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3574.2887 [GMT -5:00]

Running from: c:\documents and settings\Natalia\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Natalia\Desktop\CFScript.txt

.

((((((((((((((((((((((((( Files Created from 2012-12-06 to 2013-01-06 )))))))))))))))))))))))))))))))

.

2013-01-05 17:14 . 2013-01-05 17:15 -------- d-----w- c:\windows\LastGood

2013-01-04 00:47 . 2013-01-04 00:47 -------- d-----w- c:\program files\Common Files\Skype

2013-01-04 00:47 . 2013-01-04 00:47 -------- d-----r- c:\program files\Skype

2012-12-19 01:26 . 2012-12-19 01:26 -------- d-----w- c:\documents and settings\Natalia\Local Settings\Application Data\Sun

2012-12-18 23:38 . 2012-12-18 23:35 859072 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-12-18 23:38 . 2012-12-18 23:35 779704 ----a-w- c:\windows\system32\deployJava1.dll

2012-12-18 23:37 . 2012-12-18 23:35 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-12-17 06:31 . 2012-11-01 12:17 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll

2012-12-17 06:30 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll

2012-12-17 06:30 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

2012-12-15 18:58 . 2012-12-15 18:58 -------- d-----w- c:\documents and settings\Natalia\Local Settings\Application Data\ESET

2012-12-13 04:31 . 2013-01-05 17:15 -------- d-----w- c:\program files\ESET

2012-12-11 02:50 . 2012-12-11 02:56 -------- d-----w- c:\program files\DVDVideoSoft

2012-12-11 02:50 . 2012-12-11 02:50 -------- d-----w- c:\program files\Common Files\DVDVideoSoft

2012-12-11 02:49 . 2012-12-11 03:00 -------- d-----w- c:\documents and settings\Natalia\Application Data\DVDVideoSoft

2012-12-11 02:29 . 2012-12-11 03:31 -------- d-----w- c:\documents and settings\Natalia\Application Data\Audacity

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-18 23:35 . 2008-06-23 04:33 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-12-16 12:23 . 2004-08-10 17:50 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-12 07:27 . 2012-05-12 18:17 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-12 07:27 . 2011-05-13 03:09 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-13 01:25 . 2004-08-10 17:51 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-08 20:22 . 2012-09-01 00:06 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-11-02 02:02 . 2004-08-10 17:50 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17 . 2004-08-10 17:51 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17 . 2004-08-10 17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec

2011-06-01 04:31 . 2011-06-01 04:31 667344 ----a-w- c:\program files\mp3gain-win-1_2_5.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Natalia\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Natalia\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Natalia\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Natalia\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"Iconoid"="c:\program files\Iconoid\iconoid.exe" [2007-02-03 274432]

"Spotify Web Helper"="c:\documents and settings\Natalia\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2012-11-26 1193176]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-10 851968]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-10 137752]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-10 162328]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-10 137752]

"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-16 2183168]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2008-03-31 405504]

"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-11 30192]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-11-06 184320]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]

"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2008-02-22 1245184]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\documents and settings\Natalia\Start Menu\Programs\Startup\

Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-1-16 757760]

Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Amazon Unbox.lnk - c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2010-9-13 97384]

Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2010-10-19 1795488]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-22 50688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-06-23 04:55 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\SecondLife\\SLVoice.exe"=

"c:\\Documents and Settings\\Natalia\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Natalia\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=

"c:\\Documents and Settings\\Natalia\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Roxio\\RoxioNow Player\\RNowShell.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\Natalia\\Application Data\\Spotify\\spotify.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [8/31/2012 7:06 PM 26984]

R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [10/23/2012 5:58 PM 120728]

R2 RoxioNow Service;RoxioNow Service;c:\program files\Roxio\RoxioNow Player\RNowSvc.exe [10/20/2010 9:30 PM 400368]

R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [11/8/2012 3:23 PM 711112]

R4 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys --> c:\windows\system32\DRIVERS\ehdrv.sys [?]

R4 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]

S2 gupdate1c9951982642bf6;Google Update Service (gupdate1c9951982642bf6);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2009 1:15 PM 133104]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]

S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/22/2008 11:45 PM 30192]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]

S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]

S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?]

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 07:27]

.

2013-01-05 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-06 12:47]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 18:15]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 18:15]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-809295428-1601180853-2587088129-1006Core.job

- c:\documents and settings\Natalia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 01:35]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-809295428-1601180853-2587088129-1006UA.job

- c:\documents and settings\Natalia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-01 01:35]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local;192.168.*.*

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Copy to Semagic - c:\program files\Semagic\copy.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - c:\documents and settings\Natalia\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm

IE: Free YouTube to MP3 Converter - c:\documents and settings\Natalia\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Semagic - c:\program files\Semagic\link.htm

Trusted Zone: cinemanow.com

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

FF - ProfilePath - c:\documents and settings\Natalia\Application Data\Mozilla\Firefox\Profiles\9kldy8fr.default\

FF - ExtSQL: 2012-12-10 21:50; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-01-06 18:00

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(900)

c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

c:\windows\System32\BCMLogon.dll

c:\windows\system32\igfxdev.dll

.

- - - - - - - > 'explorer.exe'(1184)

c:\windows\system32\WININET.dll

c:\documents and settings\Natalia\Application Data\Dropbox\bin\DropboxExt.14.dll

c:\windows\system32\ieframe.dll

c:\program files\Iconoid\tr3dll.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2013-01-06 18:03:03

ComboFix-quarantined-files.txt 2013-01-06 23:03

ComboFix2.txt 2013-01-05 20:14

ComboFix3.txt 2012-12-17 05:35

.

Pre-Run: 136,089,735,168 bytes free

Post-Run: 136,092,667,904 bytes free

.

- - End Of File - - D3C30D9E9327CA8452EE4C4E9235DFB2

January 5, 2013

Hi, Attached is the log from Combofix. My computer definitely seems to be running faster. I can't tell whether it's fully repaired because I haven't tried to run any major programs or do any major work here yet, but so far so good.

COMBOFIX LOG

ComboFix 13-01-05.01 - Natalia 01/05/2013 14:54:14.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3574.2818 [GMT -5:00]

Running from: c:\documents and settings\Natalia\Desktop\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2012-12-05 to 2013-01-05 )))))))))))))))))))))))))))))))