Jump to content

girlintrouble

Members
  • Posts

    17
  • Joined

  • Last visited

Everything posted by girlintrouble

  1. Oops stopped reading at the combofix bit Didnt realize you answered my previous questions Deleting backups might be a bit difficult, those are directories backed up numerous times on the disk into multiple directories Id prefer to find a way to scan and fix it in one hit if its possible without having to provide a list of directories if possible (to avoid having to put you to the trouble of editing some long list
  2. Hi Kevin I ran the moveit thing First time it just hung, had to reboot Tried again then it worked. I have NOT removed combofix yet -----> Remember i mentioned an external hard drive with backed up files on. Surely that will reinfect my system unless i deal with that Also have I just moved the infected files to another area rather than fix them?? Here is the log file from the moveit Thanks All processes killed========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Documents and Settings\aisha\Desktop\cmd.bat deleted successfully.C:\Documents and Settings\aisha\Desktop\cmd.txt deleted successfully.C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\FullBackup\badgurl.co.uk\index.html moved successfully.C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\FullBackup\investmenttrainingreview.co.uk\index.html moved successfully.C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\FullBackup\investmenttrainingreview.co.uk\index.php moved successfully.C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Junk\badgurlbadindex.html moved successfully.C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Junk\index.html moved successfully.C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Junk\itrbadindex.html moved successfully.C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Livemotion\ITR\index.php moved successfully.C:\Documents and Settings\aisha\Desktop\FORUM STUFF\ITR Full Backup 150808\investmenttrainingreview.co.uk\indexdanger.html moved successfully.C:\Documents and Settings\aisha\My Documents\2012\BestVideoDownloader.exe moved successfully.C:\Documents and Settings\aisha\My Documents\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe moved successfully.J:\Documents and Settings\Aisha Saeed\My Documents\Downloads\Aly Michalka - wild horses - [MP3Juices.com].exe moved successfully.J:\Documents and Settings\Aisha Saeed\My Documents\My Documents\Business\Investment Training Review\ITR Full Backup 170808\investmenttrainingreview.co.uk\indexdanger.html moved successfully.J:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP201\A0034577.exe moved successfully.J:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP201\A0034578.exe moved successfully.========== COMMANDS ========== [EMPTYTEMP] User: aisha->Temp folder emptied: 77831 bytes->Temporary Internet Files folder emptied: 162086 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 4136495 bytes->Flash cache emptied: 2382050 bytes User: All Users User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 4551820 bytes User: Guest->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 67 bytes->FireFox cache emptied: 5666730 bytes->Flash cache emptied: 348 bytes User: Lightscribe User: LocalService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 49353 bytes->FireFox cache emptied: 1578567 bytes->Flash cache emptied: 300 bytes User: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 32902 bytes User: Owner->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 2577 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 4544778 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 22.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 11082013_002523 Files moved on Reboot... Registry entries deleted on Reboot...
  3. Oops bad stuff found...which I guess AVG did not find! Only issues with my machine are recently when I click shutdown on the menu it takes about 3 min for the shutdown choices dialog box come up. During this debug process it has worked immediately as normal on a few occasions but not on a few too. The 2nd issue is sometimes when I leave the box alone for a few hours it starts the screensaver as expected but after some time it stops responding ie screen goes blank and does not respond I have 2 suspicions either / both may be incorrect, the room is quite hot, tends to happen then, maybe over heat, or driver issue. I do get the impression the box is alive under the dead window hard to explain, if I could remember the keystroke way to shutdown I suspect it would do a clean shutdown., These are trivial issues Ideally I need to rebuild this box as well as the box that got trashed using Comodo System Utilities.. Wld not recommend that product. More to the point I have an external hard drive which has some of these files backed up on it. Id like to vaccinate it too ;-) Thanks for your input so far Kevin C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\FullBackup\badgurl.co.uk\index.html JS/TrojanDownloader.Iframe.NKF trojan C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\FullBackup\investmenttrainingreview.co.uk\index.html JS/TrojanDownloader.Iframe.NKF trojan C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\FullBackup\investmenttrainingreview.co.uk\index.php JS/TrojanDownloader.Iframe.NKF trojan C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Junk\badgurlbadindex.html JS/TrojanDownloader.Iframe.NKF trojan C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Junk\index.html JS/TrojanDownloader.Iframe.NKF trojan C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Junk\itrbadindex.html JS/TrojanDownloader.Iframe.NKF trojan C:\Documents and Settings\aisha\Desktop\FORUM STUFF\forum\Livemotion\ITR\index.php JS/TrojanDownloader.Iframe.NKF trojan C:\Documents and Settings\aisha\Desktop\FORUM STUFF\ITR Full Backup 150808\investmenttrainingreview.co.uk\indexdanger.html JS/TrojanDownloader.Iframe.NKF trojan C:\Documents and Settings\aisha\My Documents\2012\BestVideoDownloader.exe a variant of Win32/KBM.A application C:\Documents and Settings\aisha\My Documents\Downloads\MediaPlayerClassic_RocketFuelInstaller.exe a variant of Win32/Verti.A application J:\Documents and Settings\Aisha Saeed\My Documents\Downloads\Aly Michalka - wild horses - [MP3Juices.com].exe Win32/InstalleRex.C application J:\Documents and Settings\Aisha Saeed\My Documents\My Documents\Business\Investment Training Review\ITR Full Backup 170808\investmenttrainingreview.co.uk\indexdanger.html JS/TrojanDownloader.Iframe.NKF trojan J:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP201\A0034577.exe probably a variant of Win32/YourFileDownloader.A application J:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP201\A0034578.exe a variant of Win32/Adware.MediaFinder.D application
  4. This is the log for ComboFix Will do remaining activity and return Thanks Kevin ComboFix 13-11-04.01 - aisha 07/11/2013 12:01:44.3.2 - x86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1196 [GMT 0:00]Running from: c:\documents and settings\aisha\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\aisha\Desktop\CFScript.txtAV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}..((((((((((((((((((((((((( Files Created from 2013-10-07 to 2013-11-07 )))))))))))))))))))))))))))))))..2013-11-06 00:09 . 2013-11-06 00:09 -------- d-----w- c:\documents and settings\aisha\Application Data\Malwarebytes2013-11-06 00:09 . 2013-11-06 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2013-11-06 00:09 . 2013-11-06 00:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-11-06 00:09 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-11-05 21:39 . 2013-11-05 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage2013-11-05 20:32 . 2013-11-05 20:32 -------- d-----w- C:\FRST2013-10-30 20:59 . 2008-05-30 14:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll2013-10-30 20:55 . 2013-11-04 11:02 -------- d-----w- c:\windows\Logs2013-10-21 00:39 . 2013-10-21 00:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO2013-10-17 21:46 . 2013-10-17 21:46 -------- d-----w- c:\program files\Common Files\Skype2013-10-17 19:20 . 2013-10-17 19:20 48392 ----a-w- c:\windows\system32\certsentry.dll2013-10-17 15:04 . 2013-10-17 15:04 108816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-09 00:55 . 2012-12-19 21:36 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-10-09 00:55 . 2012-12-19 21:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-09-25 19:57 . 2013-08-01 15:06 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys2013-09-10 21:11 . 2012-09-21 03:45 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys2013-09-08 21:12 . 2012-09-14 03:05 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys2013-09-02 09:39 . 2012-10-02 03:30 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys2013-09-02 09:28 . 2012-10-15 03:48 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys2013-09-02 09:28 . 2012-10-22 13:02 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys2013-09-02 09:28 . 2012-09-21 03:46 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys2013-08-20 21:54 . 2012-10-05 03:32 102200 ----a-w- c:\windows\system32\drivers\avgmfx86.sys2009-10-30 13:00 . 2013-10-03 18:00 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BeInSyncConflict]@="{458829D6-C79F-4A99-897C-0DA32AB1A619}"[HKEY_CLASSES_ROOT\CLSID\{458829D6-C79F-4A99-897C-0DA32AB1A619}]2007-06-04 16:19 138240 ----a-w- c:\progra~1\BeInSync\BISShellEx.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BeInSyncConflictUnsync]@="{278A95EA-3EAE-4BCE-9986-0A86A98B1407}"[HKEY_CLASSES_ROOT\CLSID\{278A95EA-3EAE-4BCE-9986-0A86A98B1407}]2007-06-04 16:19 138240 ----a-w- c:\progra~1\BeInSync\BISShellEx.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BeInSyncUnsync]@="{6E80B8CC-6741-4362-A7E1-467763FC6297}"[HKEY_CLASSES_ROOT\CLSID\{6E80B8CC-6741-4362-A7E1-467763FC6297}]2007-06-04 16:19 138240 ----a-w- c:\progra~1\BeInSync\BISShellEx.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-07-30 2363392]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 68856].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-01 7561216]"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-10-07 4908592]"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360].c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-14 596584]Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2007-2-5 118784].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]"{561F5138-43B1-45D9-AEC9-478C51C1BD09}"= "c:\progra~1\BeInSync\BISShellEx.dll" [2007-06-04 138240].[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnkbackup=c:\windows\pss\Metacafe.lnkCommon Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BeInSync]2007-06-04 16:19 424448 ----a-w- c:\program files\BeInSync\BeInSync.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]2009-10-30 13:00 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2008-07-30 09:47 289064 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCM Notify-Me]2003-09-11 17:02 118784 ----a-w- c:\program files\TCM\NotifyMe.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\LimeWire\\LimeWire.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\BeInSync\\BeInSyncServer.exe"="c:\\My Downloads\\Skype\\Skype\\skype\\skype.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"="c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"="c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"="c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=.R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15/10/2012 03:48 145720]R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 03:46 223032]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14/09/2012 03:05 27448]R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [17/10/2013 15:04 108816]R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [01/08/2013 15:06 120632]R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22/10/2012 13:02 209208]R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21/09/2012 03:45 22840]R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [02/10/2012 03:30 176952]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21/09/2012 03:46 193848]R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [28/10/2013 12:55 340432]R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [17/10/2013 15:04 157264]R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [17/10/2013 15:04 230448]R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [25/09/2013 20:47 301152]R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [09/10/2013 17:33 2104968]R2 IceDragonUpdater;COMODO IceDragon Update Service;c:\program files\Comodo\IceDragon\icedragon_updater.exe [14/07/2013 10:57 1821384]R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [06/11/2013 00:09 418376]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [06/11/2013 00:09 701512]R2 OracleServiceXE;OracleServiceXE;c:\oracle10gexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oracle10gexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [17/10/2013 15:04 1444120]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/11/2013 00:09 22856]S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [03/10/2013 21:00 3538480]S2 gupdate1c8c8d8c2edac0a;Google Update Service (gupdate1c8c8d8c2edac0a);c:\program files\Google\Update\GoogleUpdate.exe [16/07/2008 17:54 133104]S2 OracleXETNSListener;OracleXETNSListener;c:\oracle10gexpress\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [02/02/2006 00:49 204800]S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys --> c:\windows\system32\Drivers\ATHFMWDL.sys [?]S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [04/02/2007 19:04 17149]S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [31/05/2006 17:16 30192]S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oracle10gexpress\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oracle10gexpress\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 12:28 160944].[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]2008-07-30 09:39 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe.Contents of the 'Scheduled Tasks' folder.2013-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-19 00:55].2013-11-07 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-15 17:30].2013-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-16 23:37].2013-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-16 23:37]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = *.localIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?72e21d2efef84384b10840286289d8aaIE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?72e21d2efef84384b10840286289d8aaIE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: DhcpNameServer = 192.168.0.1FF - ProfilePath - c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\FF - prefs.js: browser.search.selectedEngine - AVG Secure SearchFF - prefs.js: browser.startup.homepage - www.google.comFF - ExtSQL: 2013-09-25 00:55; feca4b87-3be4-43da-a1b1-137c24220968@jetpack; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpiFF - ExtSQL: 2013-09-25 00:58; jid0-SQnwtgW1b8BsMB5PLV5WScEDWOw@jetpack; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOw@jetpack.xpiFF - ExtSQL: 2013-09-25 01:06; YoutubeDownloader@huangho.net76.net; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\YoutubeDownloader@huangho.net76.net.xpiFF - ExtSQL: 2013-09-25 01:54; jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpiFF - ExtSQL: !HIDDEN! 2009-11-16 03:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-11-07 12:23Windows 5.1.2600 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(4192)c:\progra~1\BeInSync\MSVCR71.dllc:\progra~1\BeInSync\DPzlib1.dllc:\progra~1\BeInSync\log4cpp.dllc:\windows\system32\btmmhook.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Completion time: 2013-11-07 12:26:44ComboFix-quarantined-files.txt 2013-11-07 12:26ComboFix2.txt 2013-11-06 22:59.Pre-Run: 8,544,833,536 bytes freePost-Run: 8,561,889,280 bytes free.- - End Of File - - 4FCC9507AF75D47A5DB38498FBABD69F5CB90281D1A59B251F6603134774EEC3
  5. It ran through this time I have reactiveated Firewall, AVG and MWB, hope thats ok If I need to deactivate pls advise Here is the log file Did it find stuff, I think it might have done I didnt watch the whole thing Thanks ComboFix 13-11-04.01 - aisha 06/11/2013 22:22:29.2.2 - x86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1280 [GMT 0:00]Running from: c:\documents and settings\aisha\Desktop\ComboFix.exeAV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..---- Previous Run -------.c:\documents and settings\aisha\My Documents\~WRL0003.tmpc:\documents and settings\aisha\My Documents\~WRL0005.tmpc:\documents and settings\aisha\My Documents\~WRL3156.tmpc:\windows\system32\SET380.tmpc:\windows\system32\SET382.tmpc:\windows\system32\SET38E.tmp..((((((((((((((((((((((((( Files Created from 2013-10-06 to 2013-11-06 )))))))))))))))))))))))))))))))..2013-11-06 00:09 . 2013-11-06 00:09 -------- d-----w- c:\documents and settings\aisha\Application Data\Malwarebytes2013-11-06 00:09 . 2013-11-06 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2013-11-06 00:09 . 2013-11-06 00:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-11-06 00:09 . 2013-04-04 14:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-11-05 21:39 . 2013-11-05 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage2013-11-05 20:32 . 2013-11-05 20:32 -------- d-----w- C:\FRST2013-10-30 20:59 . 2008-05-30 14:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll2013-10-30 20:55 . 2013-11-04 11:02 -------- d-----w- c:\windows\Logs2013-10-21 00:39 . 2013-10-21 00:39 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO2013-10-17 21:46 . 2013-10-17 21:46 -------- d-----w- c:\program files\Common Files\Skype2013-10-17 19:20 . 2013-10-17 19:20 48392 ----a-w- c:\windows\system32\certsentry.dll2013-10-17 15:04 . 2013-10-17 15:04 108816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-10-09 00:55 . 2012-12-19 21:36 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-10-09 00:55 . 2012-12-19 21:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-09-25 19:57 . 2013-08-01 15:06 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys2013-09-10 21:11 . 2012-09-21 03:45 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys2013-09-08 21:12 . 2012-09-14 03:05 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys2013-09-02 09:39 . 2012-10-02 03:30 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys2013-09-02 09:28 . 2012-10-15 03:48 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys2013-09-02 09:28 . 2012-10-22 13:02 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys2013-09-02 09:28 . 2012-09-21 03:46 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys2013-08-20 21:54 . 2012-10-05 03:32 102200 ----a-w- c:\windows\system32\drivers\avgmfx86.sys2009-10-30 13:00 . 2013-10-03 18:00 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BeInSyncConflict]@="{458829D6-C79F-4A99-897C-0DA32AB1A619}"[HKEY_CLASSES_ROOT\CLSID\{458829D6-C79F-4A99-897C-0DA32AB1A619}]2007-06-04 16:19 138240 ----a-w- c:\progra~1\BeInSync\BISShellEx.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BeInSyncConflictUnsync]@="{278A95EA-3EAE-4BCE-9986-0A86A98B1407}"[HKEY_CLASSES_ROOT\CLSID\{278A95EA-3EAE-4BCE-9986-0A86A98B1407}]2007-06-04 16:19 138240 ----a-w- c:\progra~1\BeInSync\BISShellEx.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BeInSyncUnsync]@="{6E80B8CC-6741-4362-A7E1-467763FC6297}"[HKEY_CLASSES_ROOT\CLSID\{6E80B8CC-6741-4362-A7E1-467763FC6297}]2007-06-04 16:19 138240 ----a-w- c:\progra~1\BeInSync\BISShellEx.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-07-30 2363392]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 68856].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-01 7561216]"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-10-07 4908592]"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360].c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-14 596584]Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2007-2-5 118784].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]"{561F5138-43B1-45D9-AEC9-478C51C1BD09}"= "c:\progra~1\BeInSync\BISShellEx.dll" [2007-06-04 138240].[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnkbackup=c:\windows\pss\Metacafe.lnkCommon Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BeInSync]2007-06-04 16:19 424448 ----a-w- c:\program files\BeInSync\BeInSync.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]2009-10-30 13:00 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2008-07-30 09:47 289064 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]2009-07-26 16:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCM Notify-Me]2003-09-11 17:02 118784 ----a-w- c:\program files\TCM\NotifyMe.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\LimeWire\\LimeWire.exe"="c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\BeInSync\\BeInSyncServer.exe"="c:\\My Downloads\\Skype\\Skype\\skype\\skype.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"="c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"="c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"="c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"="c:\\WINDOWS\\Temp\\CMC_DRAGON\\restart_helper.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=.R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15/10/2012 03:48 145720]R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 03:46 223032]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14/09/2012 03:05 27448]R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [17/10/2013 15:04 108816]R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [01/08/2013 15:06 120632]R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22/10/2012 13:02 209208]R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21/09/2012 03:45 22840]R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [02/10/2012 03:30 176952]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21/09/2012 03:46 193848]R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [28/10/2013 12:55 340432]R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [17/10/2013 15:04 157264]R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [17/10/2013 15:04 230448]R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [03/10/2013 21:00 3538480]R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [25/09/2013 20:47 301152]R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [09/10/2013 17:33 2104968]R2 IceDragonUpdater;COMODO IceDragon Update Service;c:\program files\Comodo\IceDragon\icedragon_updater.exe [14/07/2013 10:57 1821384]R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [06/11/2013 00:09 418376]R2 OracleServiceXE;OracleServiceXE;c:\oracle10gexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oracle10gexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]R2 OracleXETNSListener;OracleXETNSListener;c:\oracle10gexpress\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [02/02/2006 00:49 204800]R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [17/10/2013 15:04 1444120]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/11/2013 00:09 22856]S2 gupdate1c8c8d8c2edac0a;Google Update Service (gupdate1c8c8d8c2edac0a);c:\program files\Google\Update\GoogleUpdate.exe [16/07/2008 17:54 133104]S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [06/11/2013 00:09 701512]S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys --> c:\windows\system32\Drivers\ATHFMWDL.sys [?]S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [04/02/2007 19:04 17149]S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [31/05/2006 17:16 30192]S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oracle10gexpress\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oracle10gexpress\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 12:28 160944].[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]2008-07-30 09:39 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe.Contents of the 'Scheduled Tasks' folder.2013-11-06 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-19 00:55].2013-11-06 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-15 17:30].2013-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-16 23:37].2013-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-16 23:37]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = *.localIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?72e21d2efef84384b10840286289d8aaIE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?72e21d2efef84384b10840286289d8aaIE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: DhcpNameServer = 192.168.0.1FF - ProfilePath - c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\FF - prefs.js: browser.search.selectedEngine - AVG Secure SearchFF - prefs.js: browser.startup.homepage - www.google.comFF - ExtSQL: 2013-09-25 00:55; feca4b87-3be4-43da-a1b1-137c24220968@jetpack; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpiFF - ExtSQL: 2013-09-25 00:58; jid0-SQnwtgW1b8BsMB5PLV5WScEDWOw@jetpack; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOw@jetpack.xpiFF - ExtSQL: 2013-09-25 01:06; YoutubeDownloader@huangho.net76.net; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\YoutubeDownloader@huangho.net76.net.xpiFF - ExtSQL: 2013-09-25 01:54; jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack; c:\documents and settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpiFF - ExtSQL: !HIDDEN! 2009-11-16 03:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service.- - - - ORPHANS REMOVED - - - -.HKLM-Run-MBkLogOnHook - c:\program files\McAfee\MBK\LogOnHook.exeAddRemove-Registrar Registry Manager 5.62 (Lite Edition) - c:\program files\Registrar Registry Manager\unwise.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-11-06 22:47Windows 5.1.2600 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(3672)c:\progra~1\BeInSync\MSVCR71.dllc:\progra~1\BeInSync\DPzlib1.dllc:\progra~1\BeInSync\log4cpp.dllc:\windows\system32\btmmhook.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\btncopy.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exec:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exec:\program files\Java\jre7\bin\jqs.exec:\program files\Common Files\LightScribe\LSSrvc.exec:\windows\system32\nvsvc32.exec:\oracle10gexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXEc:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exec:\windows\system32\SearchIndexer.exec:\windows\system32\wscntfy.exec:\windows\TEMP\CMC_DRAGON\restart_helper.exec:\windows\stsystra.exec:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exec:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exec:\program files\Windows Desktop Search\WindowsSearch.exec:\program files\Common Files\Ahead\Lib\NMIndexingService.exec:\windows\system32\SearchProtocolHost.exec:\windows\system32\SearchFilterHost.exe.**************************************************************************.Completion time: 2013-11-06 22:59:45 - machine was rebootedComboFix-quarantined-files.txt 2013-11-06 22:59.Pre-Run: 8,768,249,856 bytes freePost-Run: 8,585,031,680 bytes free.- - End Of File - - B2C254DBFEC0081E857425B1FA4A6F675CB90281D1A59B251F6603134774EEC3
  6. OK I decided to go ahead and follow the instructions as best I could I turned off AVG, Firewall and MWB I ran the ComboFix It installed Windows recovery Console Completed Stage 1 to 50 Then it deleted 6 TMP files and seemed to get stuck I waited about 20 min Rebooted and found no log file. Not sure what to do. Can I turn on my FW and AVG?
  7. Sorry actually its windows firewall on my box (see above)
  8. Do I need to de-active MWB or Comodo firewall also? I take it I can turn off my internet while I do this?
  9. Hmm funnily enough after a further reboot I managed to run my first successful express scan for days It found 2 items: PUP.Optional.ExpressInstall.A See log file below I didnt try to use MWB quarantine etc> Thought it best to wait for further instructions. Also the delayed shutdown problem also seems to be fixed! Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org Database version: v2013.11.05.07 Windows XP Service Pack 2 x86 NTFSInternet Explorer 6.0.2900.2180aisha :: DELLXP [administrator] Protection: Enabled 06/11/2013 02:39:38MBAM-log-2013-11-06 (02-58-28).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 244856Time elapsed: 17 minute(s), 11 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 1HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE () -> No action taken. Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 1C:\Documents and Settings\aisha\My Documents\Downloads\Setup.exe (PUP.Optional.ExpressInstall.A) -> No action taken. (end)
  10. Hi there I went through the destructions all went according to your suggestion EXCEPT - when I came to re-run the scan I had exactly the same results it froze before 3 min, had to crash the machine So same results as before, couldnt run a full scan.........
  11. Oops sorry, my bad, dont know why I didnt see it. BTW I do use Ccleaner regularly, not used it since yesterday, I noticed your site says not to use when trying to fix so I havent. Hopefully that hasnt deleted anything useful....! Will do that and come back to you
  12. Hi Kevin Sorry Im a bit confused by your instructions let me check I understood a You tell me to download mbamclean b Then deisntall mwb in CP c Reboot d Then download from the link and reinstall from that etc... Your instructions didnt tell em to run mbamclean, i thought it was for use later on but nothing later on pointed me to it Or perhaps you did want me to tun it.? Sorry if Im being a bit dim Id rather check than do it wrong and create confusion SP3 may not be installed on this box. I have an nearly identical PC (def with SP3) which got screwed running some Comodo sw. I got this older box out of the loft, it probably didnt get updated The box had been running fine for over a year without it though, this problem only occurred very recently Thanks
  13. Hey there Its genuine ;-) Diagnostic Report (1.9.0027.0):-----------------------------------------Windows Validation Data-->Validation Status: GenuineValidation Code: 0Cached Validation Code: N/AWindows Product Key: *****-*****-GD6GR-K6DP3-4C8MTWindows Product Key Hash: s2kt66ZJWfV4nS1wFD5F9bxTSDw=Windows Product ID: 76477-OEM-2111907-00102Windows Product ID Type: 2Windows License Type: OEM SLPWindows OS version: 5.1.2600.2.00010300.2.0.homID: {59F5F760-AB9D-40D2-B136-435F575AC6F5}(1)Is Admin: YesTestCab: 0x0LegitcheckControl ActiveX: Registered, 1.5.540.0Signed By: MicrosoftProduct Name: N/AArchitecture: N/ABuild lab: N/ATTS Error: N/AValidation Diagnostic: 025D1FF3-230-1Resolution Status: N/A Vista WgaER Data-->ThreatID(s): N/AVersion: N/A Windows XP Notifications Data-->Cached Result: 0File Exists: YesVersion: 1.5.540.0WgaTray.exe Signed By: MicrosoftWgaLogon.dll Signed By: Microsoft OGA Notifications Data-->Cached Result: N/A, hr = 0x80070002Version: N/A, hr = 0x80070002OGAExec.exe Signed By: N/A, hr = 0x80070002OGAAddin.dll Signed By: N/A, hr = 0x80070002 OGA Data-->Office Status: 100 GenuineMicrosoft Visio Professional 2002 SR-1 [English] - 100 GenuineMicrosoft Office Enterprise 2007 - 100 GenuineOGA Version: N/A, 0x80070002Signed By: N/A, hr = 0x80070002Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005 Browser Data-->Proxy settings: N/AUser Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)Default Browser: C:\Program Files\Mozilla Firefox\firefox.exeDownload signed ActiveX controls: PromptDownload unsigned ActiveX controls: DisabledRun ActiveX controls and plug-ins: AllowedInitialize and script ActiveX controls not marked as safe: DisabledAllow scripting of Internet Explorer Webbrowser control: DisabledActive scripting: AllowedScript ActiveX controls marked as safe for scripting: Allowed File Scan Data--> Other data-->Office Details: <GenuineResults><MachineData><UGUID>{59F5F760-AB9D-40D2-B136-435F575AC6F5}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4C8MT</PKey><PID>76477-OEM-2111907-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-1724573143-1416609827-1520951156</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dell DXP051 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>A04</Version><SMBIOSVersion major="2" minor="3"/><Date>20060419000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>2A173F3701846077</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Dell Dimension DXPO51</name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.5.540.0"/><File Name="WgaLogon.dll" Version="1.5.540.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90510409-6D54-11D4-BEE3-00C04F990354}"><LegitResult>100</LegitResult><Name>Microsoft Visio Professional 2002 SR-1 [English]</Name><Ver>10</Ver><Val>B07727A4C4B404C</Val><Hash>g7TU5cpk8XGUieJuay8QbOa4AXk=</Hash><Pid>54079-640-0000383-16068</Pid><PidType>14</PidType></Product><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>1DF4684CEE8B586</Val><Hash>0COS5gAhhspDMqHrtHQP/35EAvU=</Hash><Pid>89388-707-8049205-65831</Pid><PidType>14</PidType></Product></Products><Applications><App Id="51" Version="10" Result="100"/><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> Licensing Data-->N/A Windows Activation Technologies-->N/A HWID Data-->N/A OEM Activation 1.0 Data-->BIOS string matches: yesMarker string from BIOS: 1ABD7:Dell Inc|1ABD7:Microsoft CorporationMarker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System OEM Activation 2.0 Data-->N/A
  14. You asked me to copy and paste FRST and ATTACH the addition file Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013Ran by aisha (administrator) on DELLXP on 05-11-2013 20:33:20Running from C:\Documents and Settings\aisha\Desktop\MWBMicrosoft Windows XP Home Edition Service Pack 2 (X86) OS Language: English(US)Internet Explorer Version 6Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe() C:\Program Files\Dell\Media Experience\DMXLauncher.exe(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe(Sonic Solutions) C:\WINDOWS\System32\DLA\DLACTRLW.EXE(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE() C:\Program Files\Comodo\Dragon\dragon_updater.exe() C:\Program Files\DivX\DivX Update\DivXUpdate.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Gteko Ltd.) C:\Program Files\Dell Support\DSAgnt.exe(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe() C:\Program Files\Comodo\IceDragon\icedragon_updater.exe(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe(Oracle Corporation) c:\oracle10gexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXE() C:\Oracle10GExpress\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe(Microsoft Corporation) C:\WINDOWS\hh.exe(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe(Comodo) C:\Program Files\Comodo\Dragon\dragon.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupHKLM\...\Run: [sigmatelSysTrayApp] - C:\WINDOWS\stsystra.exe [339968 2005-03-22] (SigmaTel, Inc.)HKLM\...\Run: [iAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [139264 2005-06-17] (Intel Corporation)HKLM\...\Run: [DMXLauncher] - C:\Program Files\Dell\Media Experience\DMXLauncher.exe [94208 2005-10-05] ()HKLM\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-06-10] (InstallShield Software Corporation)HKLM\...\Run: [iSUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-06-10] (InstallShield Software Corporation)HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [413696 2008-05-27] (Apple Inc.)HKLM\...\Run: [DLA] - C:\WINDOWS\system32\DLA\DLACTRLW.EXE [122940 2005-09-08] (Sonic Solutions)HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation)HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-01-11] (Adobe Systems Inc.)HKLM\...\Run: [] - [x]HKLM\...\Run: [MBkLogOnHook] - C:\Program Files\McAfee\MBK\LogOnHook.exeHKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [116040 2008-07-22] (Apple Inc.)HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM\...\Run: [EPSON Stylus Photo R300 Series] - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE [99840 2003-06-04] (SEIKO EPSON CORPORATION)HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263512 2012-11-30] ()HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)HKLM\...\Policies\Explorer: [NoCDBurning] 0HKCU\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [306688 2004-07-19] (Gteko Ltd.)HKCU\...\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [143360 2006-12-23] (Nero AG)HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-07-30] (Hewlett-Packard Company)HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2007-06-09] (Google Inc.)MountPoints2: {1d4a2752-ae09-11de-b4e9-0013721a5dff} - J:\AutoRun.exeHKU\Default User\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [ 2004-07-19] (Gteko Ltd.)HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2006-12-23] (Nero AG)HKU\Guest\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [ 2004-07-19] (Gteko Ltd.)HKU\Guest\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2004-10-13] (Microsoft Corporation)HKU\Guest\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2006-12-23] (Nero AG)AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL [ 2009-10-30] (Google)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnkShortcutTarget: Windows Desktop Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ieHKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=genHKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=genSearchScopes: HKLM - DefaultScope {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=Jp4cI419vYr3XvBidpQ7pOTFycc?q={searchTerms}SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll No FileBHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)BHO: BeInSync Toolbar Helper - {BB544049-306F-45B5-B719-CF9AB5A05B8E} - C:\Program Files\BeInSync Toolbar\v3.2.0.0\BeInSync_Toolbar.dll No FileBHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)Toolbar: HKLM - BeInSync Toolbar - {1AC85D88-F777-471B-B541-48450C23F34D} - C:\Program Files\BeInSync Toolbar\v3.2.0.0\BeInSync_Toolbar.dll No FileToolbar: HKLM - BeInSync - {4F2530BA-8C1D-4A6A-8BA0-74E93ADC9B12} - C:\Program Files\BeInSync\BISShellEx.dll (BeInSync)Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No FileToolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No FileToolbar: HKCU - No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No FileToolbar: HKCU - BeInSync Toolbar - {1AC85D88-F777-471B-B541-48450C23F34D} - C:\Program Files\BeInSync Toolbar\v3.2.0.0\BeInSync_Toolbar.dll No FileToolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No FileToolbar: HKCU - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cabDPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159278959265DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabHandler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [294400 2007-02-05] (Microsoft Corporation)ShellExecuteHooks: DPDblHook Class - {561F5138-43B1-45D9-AEC9-478C51C1BD09} - C:\PROGRA~1\BeInSync\BISShellEx.dll [138240 2007-06-04] (BeInSync)Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox:========FF ProfilePath: C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.defaultFF user.js: detected! => C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\user.jsFF DefaultSearchEngine: AVG Secure SearchFF SelectedSearchEngine: AVG Secure SearchFF Homepage: www.google.comFF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @pack.google.com/Google Updater;version=13 - C:\Program Files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll (Google)FF Plugin: @real.com/nppl3260;version=6.0.12.46 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprjplug;version=1.0.3.46 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)FF Plugin: @real.com/nprpjplug;version=6.0.12.46 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()FF Plugin: @zylom.com/ZylomGamesPlayer - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\aisha\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)FF SearchPlugin: C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\searchplugins\amazonbooksuk.xmlFF SearchPlugin: C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\searchplugins\dictionary.xmlFF SearchPlugin: C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\searchplugins\freedictmedical.xmlFF SearchPlugin: C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\searchplugins\searchplugins-backupFF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xmlFF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xmlFF Extension: British English Dictionary - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\en-GB@dictionaries.addons.mozilla.orgFF Extension: United States English Spellchecker - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\en-US@dictionaries.addons.mozilla.orgFF Extension: Google Toolbar for Firefox - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}FF Extension: ColorZilla - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}FF Extension: azan-times - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\azan-times@hamid.net.xpiFF Extension: feca4b87-3be4-43da-a1b1-137c24220968 - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpiFF Extension: izer - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\izer@camelcamelcamel.com.xpiFF Extension: jid0-irAmugmQgdURBSCIFZAcjR8ZQMg - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpiFF Extension: jid0-SQnwtgW1b8BsMB5PLV5WScEDWOw - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOw@jetpack.xpiFF Extension: YoutubeDownloader - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\YoutubeDownloader@huangho.net76.net.xpiFF Extension: aios - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpiFF Extension: defaults - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpiFF Extension: preferences - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpiFF Extension: Adblock Plus - C:\Documents and Settings\aisha\Application Data\Mozilla\Firefox\Profiles\ng62q18b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpiFF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Program Files\Real\RealPlayer\browserrecordFF Extension: RealPlayer Browser Record Plugin - C:\Program Files\Real\RealPlayer\browserrecordFF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5FF HKCU\...\Firefox\Extensions: [{57E72829-C158-4341-BBED-58F0AD1740FD}] - C:\Program Files\Google\Google Photos Screensaver\FF_extFF Extension: Google Photos Screensaver - C:\Program Files\Google\Google Photos Screensaver\FF_ext ========================== Services (Whitelisted) ================= R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [116040 2008-07-22] (Apple Inc.)R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)R2 DragonUpdater; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2104968 2013-10-09] ()S3 GoogleDesktopManager-093009-130223; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2009-10-30] (Google)S2 gupdate1c8c8d8c2edac0a; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2008-08-28] (Google Inc.)R2 IceDragonUpdater; C:\Program Files\Comodo\IceDragon\icedragon_updater.exe [1821384 2013-07-14] ()R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation)S4 OracleJobSchedulerXE; c:\oracle10gexpress\app\oracle\product\10.2.0\server\Bin\extjob.exe [102400 2006-02-02] ()S3 OracleMTSRecoveryService; C:\Oracle10GExpress\app\oracle\product\10.2.0\server\BIN\omtsreco.exe [57616 2006-02-02] (Oracle Corporation)R2 OracleServiceXE; c:\oracle10gexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXE [59064320 2006-02-02] (Oracle Corporation)S3 OracleXEClrAgent; C:\Oracle10GExpress\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe [45056 2006-02-02] ()R2 OracleXETNSListener; C:\Oracle10GExpress\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [204800 2006-02-02] ()S3 wampapache; c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [24635 2008-01-18] (Apache Software Foundation)S3 wampmysqld; c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe [5750784 2008-04-17] ()R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" ==================== Drivers (Whitelisted) ==================== S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120632 2013-09-25] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209208 2013-09-02] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [145720 2013-09-02] (AVG Technologies CZ, s.r.o.)R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-10] (AVG Technologies CZ, s.r.o.)R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-09-02] (AVG Technologies CZ, s.r.o.)R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102200 2013-08-20] (AVG Technologies CZ, s.r.o.)R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-08] (AVG Technologies CZ, s.r.o.)R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)S3 btaudio; C:\Windows\System32\drivers\btaudio.sys [534440 2008-04-15] (Broadcom Corporation.)R3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [37160 2008-02-04] (Broadcom Corporation.)R3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [990632 2008-04-15] (Broadcom Corporation.)S3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [156392 2007-09-20] (Broadcom Corporation.)S3 btwhid; C:\Windows\System32\DRIVERS\btwhid.sys [57384 2008-03-10] (Broadcom Corporation.)S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [47272 2008-03-27] (Broadcom Corporation.)R2 DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [25628 2005-09-08] (Sonic Solutions)R1 DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [5628 2005-08-25] (Sonic Solutions)R2 DLADResN; C:\Windows\System32\DLA\DLADResN.SYS [2496 2005-09-08] (Sonic Solutions)R2 DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [86524 2005-09-08] (Sonic Solutions)R2 DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [14684 2005-09-08] (Sonic Solutions)R2 DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [6364 2005-09-08] (Sonic Solutions)R1 DLARTL_N; C:\Windows\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions)R2 DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [94332 2005-09-08] (Sonic Solutions)R2 DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [87036 2005-09-08] (Sonic Solutions)S3 DNINDIS5; C:\WINDOWS\system32\DNINDIS5.SYS [17149 2003-07-24] (Printing Communications Assoc., Inc. (PCAUSA))S3 Dot4Scan; C:\Windows\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation)R2 DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions)S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI)S3 k750mdfl; C:\Windows\System32\DRIVERS\k750mdfl.sys [6576 2005-02-11] (MCCI)S3 k750mdm; C:\Windows\System32\DRIVERS\k750mdm.sys [89872 2005-02-11] (MCCI)S3 k750mgmt; C:\Windows\System32\DRIVERS\k750mgmt.sys [81728 2005-02-11] (MCCI)S3 k750obex; C:\Windows\System32\DRIVERS\k750obex.sys [79488 2005-02-11] (MCCI)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)R2 MDC8021X; C:\Windows\System32\DRIVERS\mdc8021x.sys [15890 2007-02-04] (Meetinghouse Data Communications)R1 PQNTDrv; C:\Windows\System32\Drivers\PQNTDrv.sys [4228 2003-03-14] (PowerQuest Corporation)R1 RapportCerberus_59849; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-10-28] ()R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [157264 2013-10-17] (Trusteer Ltd.)R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [230448 2013-10-17] (Trusteer Ltd.)R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1047816 2005-11-16] (SigmaTel, Inc.)S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [12416 2007-07-11] (LG Electronics Inc.)S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19840 2007-07-11] (LG Electronics Inc.)S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [21632 2007-07-11] (LG Electronics Inc.)S3 AR5523; system32\DRIVERS\wg11tnd5.sys [x]S3 ATHFMWDL; System32\Drivers\ATHFMWDL.sys [x]S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]S3 wanatw; system32\DRIVERS\wanatw4.sys [x]U3 mbr; \??\C:\DOCUME~1\aisha\LOCALS~1\Temp\mbr.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-05 20:32 - 2013-11-05 20:32 - 00000000 ____D C:\FRST2013-11-05 17:40 - 2013-11-05 20:32 - 00000000 ____D C:\Documents and Settings\aisha\Desktop\MWB2013-11-05 17:37 - 2013-11-05 17:37 - 00024373 _____ C:\Documents and Settings\aisha\Desktop\dds.txt2013-11-05 17:37 - 2013-11-05 17:37 - 00020818 _____ C:\Documents and Settings\aisha\Desktop\attach.txt2013-10-30 21:00 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll2013-10-30 21:00 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll2013-10-30 21:00 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll2013-10-30 21:00 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll2013-10-30 21:00 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll2013-10-30 21:00 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll2013-10-30 21:00 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll2013-10-30 21:00 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll2013-10-30 21:00 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll2013-10-30 21:00 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll2013-10-30 21:00 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll2013-10-30 21:00 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll2013-10-30 21:00 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll2013-10-30 21:00 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll2013-10-30 21:00 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll2013-10-30 21:00 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll2013-10-30 21:00 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll2013-10-30 21:00 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll2013-10-30 21:00 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll2013-10-30 21:00 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll2013-10-30 21:00 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll2013-10-30 21:00 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll2013-10-30 21:00 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll2013-10-30 21:00 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll2013-10-30 21:00 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll2013-10-30 21:00 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll2013-10-30 21:00 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll2013-10-30 21:00 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll2013-10-30 21:00 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll2013-10-30 21:00 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll2013-10-30 21:00 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll2013-10-30 21:00 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll2013-10-30 21:00 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll2013-10-30 21:00 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll2013-10-30 21:00 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll2013-10-30 21:00 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll2013-10-30 21:00 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll2013-10-30 21:00 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll2013-10-30 21:00 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll2013-10-30 21:00 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll2013-10-30 21:00 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll2013-10-30 21:00 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll2013-10-30 21:00 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll2013-10-30 20:59 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll2013-10-30 20:59 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll2013-10-30 20:59 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll2013-10-30 20:59 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll2013-10-30 20:59 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll2013-10-30 20:59 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll2013-10-30 20:59 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll2013-10-30 20:59 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll2013-10-30 20:59 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll2013-10-30 20:59 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll2013-10-30 20:59 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll2013-10-30 20:59 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll2013-10-30 20:59 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll2013-10-30 20:59 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll2013-10-30 20:59 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll2013-10-30 20:59 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll2013-10-30 20:59 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll2013-10-30 20:59 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll2013-10-30 20:59 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll2013-10-30 20:59 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll2013-10-30 20:59 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll2013-10-30 20:59 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll2013-10-30 20:59 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll2013-10-30 20:59 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll2013-10-30 20:59 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll2013-10-30 20:59 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll2013-10-30 20:59 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll2013-10-30 20:59 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll2013-10-30 20:59 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll2013-10-30 20:59 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll2013-10-30 20:59 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll2013-10-30 20:59 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll2013-10-30 20:59 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll2013-10-30 20:59 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll2013-10-30 20:59 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll2013-10-30 20:59 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll2013-10-30 20:59 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll2013-10-30 20:59 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll2013-10-30 20:59 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll2013-10-30 20:59 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll2013-10-30 20:59 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll2013-10-30 20:59 - 2005-12-05 18:07 - 00061136 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput9_1_0.dll2013-10-30 20:59 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll2013-10-30 20:59 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll2013-10-30 20:59 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll2013-10-30 20:59 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll2013-10-21 00:39 - 2013-10-21 00:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO2013-10-20 13:19 - 2013-11-05 20:14 - 00955932 _____ C:\WINDOWS\WindowsUpdate.log2013-10-18 02:16 - 2013-10-18 02:16 - 04369632 _____ (Piriform Ltd) C:\Documents and Settings\aisha\Desktop\ccsetup406.exe2013-10-17 21:46 - 2013-10-17 21:46 - 00000000 ____D C:\Program Files\Common Files\Skype2013-10-17 21:46 - 2013-10-17 21:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype2013-10-17 19:20 - 2013-10-17 19:20 - 00048392 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll2013-10-17 15:04 - 2013-10-17 15:04 - 00108816 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys2013-10-10 12:07 - 2013-10-10 12:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG ==================== One Month Modified Files and Folders ======= 2013-11-05 20:32 - 2013-11-05 20:32 - 00000000 ____D C:\FRST2013-11-05 20:32 - 2013-11-05 17:40 - 00000000 ____D C:\Documents and Settings\aisha\Desktop\MWB2013-11-05 20:29 - 2009-09-30 21:40 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2013-11-05 20:14 - 2013-10-20 13:19 - 00955932 _____ C:\WINDOWS\WindowsUpdate.log2013-11-05 19:55 - 2012-12-19 21:36 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2013-11-05 18:08 - 2012-12-19 20:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData2013-11-05 17:37 - 2013-11-05 17:37 - 00024373 _____ C:\Documents and Settings\aisha\Desktop\dds.txt2013-11-05 17:37 - 2013-11-05 17:37 - 00020818 _____ C:\Documents and Settings\aisha\Desktop\attach.txt2013-11-05 17:31 - 2013-07-28 21:40 - 00000868 _____ C:\WINDOWS\Tasks\Google Software Updater.job2013-11-05 15:23 - 2006-06-09 11:34 - 00000000 ____D C:\Documents and Settings\aisha\Local Settings\Application Data\Google2013-11-05 14:31 - 2013-04-14 16:10 - 00000000 ____D C:\Documents and Settings\aisha\My Documents\My Kindle Content2013-11-05 11:34 - 2004-08-10 11:51 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl2013-11-05 11:31 - 2004-08-10 11:59 - 00000236 _____ C:\WINDOWS\wiadebug.log2013-11-05 11:31 - 2004-08-10 11:59 - 00000049 _____ C:\WINDOWS\wiaservc.log2013-11-05 11:30 - 2009-09-30 21:40 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2013-11-05 11:30 - 2006-05-31 16:58 - 00050257 _____ C:\WINDOWS\system32\nvapps.xml2013-11-05 11:30 - 2004-08-10 12:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2013-11-05 02:10 - 2004-08-10 12:08 - 00032496 _____ C:\WINDOWS\SchedLgU.Txt2013-11-05 02:07 - 2006-06-09 11:34 - 00000178 ___SH C:\Documents and Settings\aisha\ntuser.ini2013-11-05 02:07 - 2006-06-09 11:34 - 00000000 ____D C:\Documents and Settings\aisha2013-11-04 21:35 - 2007-12-10 21:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Google Updater2013-11-04 21:20 - 2012-12-19 20:30 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk2013-11-04 21:20 - 2012-12-19 20:30 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware2013-11-04 21:20 - 2012-12-19 20:30 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware2013-11-04 10:42 - 2012-12-19 19:17 - 00000000 ____D C:\Documents and Settings\aisha\My Documents\20122013-11-03 02:20 - 2006-07-28 19:26 - 00000000 ____D C:\Documents and Settings\aisha\Application Data\Skype2013-11-02 16:25 - 2013-01-23 01:53 - 00013967 _____ C:\Documents and Settings\aisha\Desktop\HALIFAX.odt2013-10-30 21:00 - 2004-08-10 12:02 - 00000000 ____D C:\WINDOWS\system32\DirectX2013-10-30 20:58 - 2004-08-10 12:09 - 00000000 ____D C:\WINDOWS\Microsoft.NET2013-10-28 12:52 - 2013-09-26 22:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection2013-10-27 11:14 - 2004-08-10 11:57 - 00557242 _____ C:\WINDOWS\system32\PerfStringBackup.INI2013-10-24 17:30 - 2006-08-02 20:57 - 00046592 ____C C:\Documents and Settings\aisha\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-10-21 00:39 - 2013-10-21 00:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\COMODO2013-10-18 23:39 - 2013-04-02 12:25 - 00000000 ____D C:\Documents and Settings\aisha\Desktop\ESA2013-10-18 02:25 - 2012-12-19 19:21 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service2013-10-18 02:17 - 2012-12-19 20:40 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk2013-10-18 02:17 - 2012-12-19 20:40 - 00000000 ____D C:\Program Files\CCleaner2013-10-18 02:16 - 2013-10-18 02:16 - 04369632 _____ (Piriform Ltd) C:\Documents and Settings\aisha\Desktop\ccsetup406.exe2013-10-18 02:14 - 2013-10-03 18:00 - 00000000 ____D C:\Program Files\Mozilla Firefox2013-10-17 21:46 - 2013-10-17 21:46 - 00000000 ____D C:\Program Files\Common Files\Skype2013-10-17 21:46 - 2013-10-17 21:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype2013-10-17 21:46 - 2007-03-15 22:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype2013-10-17 21:46 - 2006-07-28 19:26 - 00000000 ___RD C:\Program Files\Skype2013-10-17 19:25 - 2012-12-20 01:33 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO2013-10-17 19:20 - 2013-10-17 19:20 - 00048392 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll2013-10-17 19:20 - 2012-12-19 21:25 - 00000000 ____D C:\Documents and Settings\aisha\Local Settings\Application Data\COMODO2013-10-17 19:19 - 2012-12-19 21:24 - 00000000 ____D C:\Program Files\Comodo2013-10-17 15:04 - 2013-10-17 15:04 - 00108816 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys2013-10-10 12:07 - 2013-10-10 12:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG2013-10-10 12:07 - 2013-09-27 17:12 - 00000702 _____ C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk2013-10-10 12:06 - 2012-12-19 20:24 - 00000000 ___HD C:\$AVG2013-10-09 00:55 - 2012-12-19 21:36 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe2013-10-09 00:55 - 2012-12-19 21:36 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe[2004-08-10 11:51] - [2007-06-13 10:23] - 1033216 ____A (Microsoft Corporation) 97bd6515465659ff8f3b7be375b2ea87 C:\Windows\System32\winlogon.exe[2004-08-10 11:51] - [2004-08-04 04:00] - 0502272 ____A (Microsoft Corporation) 01c3346c241652f43aed8e2149881bfe C:\Windows\System32\svchost.exe[2004-08-10 11:51] - [2004-08-04 04:00] - 0014336 ____A (Microsoft Corporation) 8f078ae4ed187aaabc0a305146de6716 C:\Windows\System32\services.exe[2004-08-10 11:51] - [2009-02-06 10:22] - 0110592 ____A (Microsoft Corporation) 4712531ab7a01b7ee059853ca17d39bd C:\Windows\System32\User32.dll[2004-08-10 11:51] - [2007-03-08 15:36] - 0577536 ____A (Microsoft Corporation) b409909f6e2e8a7067076ed748abf1e7 C:\Windows\System32\userinit.exe[2004-08-10 11:51] - [2004-08-04 04:00] - 0024576 ____A (Microsoft Corporation) 39b1ffb03c2296323832acbae50d2aff C:\Windows\System32\Drivers\volsnap.sys[2004-08-10 11:51] - [2004-08-04 04:00] - 0052352 ____A (Microsoft Corporation) ee4660083deba849ff6c485d944b379b ==================== End Of Log ============================attach.txt
  15. Hi Kevin I just wanted to say the freeze occurs when I MWB scan, I think what I wrote didnt make that clear Pls let me know if I should do something other than your suggestion. Thanks
  16. Hi lovely peeps I say this as the msg said you guys are volunteers so Ill start by saying thanks for being there. I hope someone can help I posted: the following in your general help section>> Hi there guys Im running win XP, running latest MWB with latest definitions. Recently I find it hangs and then I have to force shutdown my machine to regain control. Cringe - really dont like doing that I dont have any other problems on my machine, it runs an AVG scan from start to end no problem. Today (now yesterday) I saw it found 2 infections, but I had to shutdown mid scan as it really seemed stuck...when I rebooted and looked in quarantine it was empty Tried re-scanning but again it got stuck again. Any suggestions would be gratefully accepted. thanks : Firefox replied by suggesting I was infected and I should run DDS Im attaching the output below. Its and old machine but its been running ok generally im not getting any other symptoms of infection other than after I tell it to shutdown it takes a while before the shutdown box opens Hope you guys can help Thanks attach.txt dds.txt
  17. Hi there guys Im running win XP, running latest MWB with latest definitions. Recently I find it hangs and then I have to force shutdown my machine to regain control. Cringe - really dont like doing that I dont have any other problems on my machine, runs an AVG scan from start to end no problem. Today I saw it found 2 infections, had to shutdown mid scan as it really seemed stuck...when I looked in quarantine it was empty Tried re-scanning but again it got stuck. Any suggestions would be gratefully accepted. thanks :
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.