Jump to content

Sluggish, slow laptop


Recommended Posts

hi all,

I'm infected! i'm not quite sure what has happened honestly, i haven't downloaded anything unusual. yesterday and today i started to notice that chrome was running slowly ... and then everything else - from itunes to 'my computer' to any other program - took a couple minutes to load. it's sluggish as all heck.

 

i have an old school dell inspiron 1520 running on Windows XP; we've had our ups and downs, but it's always been reliable and good to me.

happy to have found this, look forward to some help. enclosed please find the FRST.txt and Addition.txt logs. I await further instruction.

thanks!
Anastasia

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello Anastasia! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
P2P/Piracy Warning:

If you're using Peer 2 Peer software such as µTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

When you are done, please generate a new fresh FRST log file.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01

Ran by Natalia (administrator) on D56S2NG1 on 17-08-2014 17:32:07

Running from C:\Documents and Settings\Natalia\Desktop

Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)

Internet Explorer Version 8

Boot Mode: Normal

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

() C:\WINDOWS\system32\WLTRYSVC.EXE

(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE

() C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

() C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

(Roxio) C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe

(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe

() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

(Amazon.com) C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

() C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe

(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe

(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe

(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE

() C:\Program Files\Unlocker\UnlockerAssistant.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe

(SillySot Software) C:\Program Files\Iconoid\iconoid.exe

(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe

(Google) C:\Program Files\Google\Drive\googledrivesync.exe

(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe

(Zhorn Software) C:\Program Files\Stickies\stickies.exe

(Google) C:\Program Files\Google\Drive\googledrivesync.exe

(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Apple Inc.) C:\Program Files\iTunes\iTunes.exe

(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Spotify Ltd) C:\Documents and Settings\Natalia\Application Data\Spotify\spotify.exe

(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

(Microsoft Corporation) C:\WINDOWS\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.179.3058.0.exe

(Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

HKLM\...\Policies\Explorer: [NoCDBurning] 0

HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)

HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [iconoid] => C:\Program Files\Iconoid\iconoid.exe [274432 2007-02-03] (SillySot Software)

HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [Google Update] => C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-06-07] (Google Inc.)

HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [MusicManager] => C:\Documents and Settings\Natalia\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)

HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)

HKU\S-1-5-21-809295428-1601180853-2587088129-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iconoid] => C:\Program Files\Iconoid\iconoid.exe [274432 2007-02-03] (SillySot Software)

HKU\S-1-5-21-809295428-1601180853-2587088129-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-06-07] (Google Inc.)

HKU\S-1-5-21-809295428-1601180853-2587088129-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MusicManager] => C:\Documents and Settings\Natalia\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-05-15] (Google Inc.)

HKU\S-1-5-21-809295428-1601180853-2587088129-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)

HKU\S-1-5-21-809295428-1601180853-2587088129-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)

HKU\S-1-5-21-809295428-1601180853-2587088129-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {599be100-e233-11e0-a665-001fe16fe0eb} - F:\setup.exe -a

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk

ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)

Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk

ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)

Startup: C:\Documents and Settings\Natalia\Start Menu\Programs\Startup\Stickies.lnk

ShortcutTarget: Stickies.lnk -> C:\Program Files\Stickies\stickies.exe (Zhorn Software)

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

BootExecute: autocheck autochk /r \??\C:autocheck autochk * 

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {2A696BCE-44CF-45a4-B905-59CDFA08531A} URL = http://del.icio.us/search/?fr=del_icio_us&p={searchTerms}&type=all

SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-linksys

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: CDelHotkeys Object -> {78875F5C-A685-4405-8DC5-D48DC65452B0} -> C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)

BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\LastPass_2025502219\LPToolbar.dll (LastPass)

BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)

Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\LastPass_2025502219\LPToolbar.dll (LastPass)

Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)

Toolbar: HKCU - Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll


DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab




DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} 

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Documents and Settings\Natalia\Application Data\Mozilla\Firefox\Profiles\jbvd64q4.default-1358785706187

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()

FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=1.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Natalia\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Natalia\Application Data\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=8 -> C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Natalia\Application Data\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Natalia\Application Data\mozilla\plugins\npo1d.dll (Google)

FF Extension: LastPass - C:\Documents and Settings\Natalia\Application Data\Mozilla\Firefox\Profiles\jbvd64q4.default-1358785706187\Extensions\support@lastpass.com [2014-08-13]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-17]

FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff

FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2012-12-10]

FF StartMenuInternet: FIREFOX.EXE - C:\Mozilla Firefox\firefox.exe

 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR StartupUrls: "hxxp://www.google.com/"

CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}

CHR Extension: (Google Drive) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-21]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-03]

CHR Extension: (Turn Off the Lights) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-08-01]

CHR Extension: (Search by Image (by Google)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-08-01]

CHR Extension: (Email this page (by Google)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2014-08-01]

CHR Extension: (Rather) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkigkllnlkoblfbgfnfngfcnhmndonjm [2014-08-01]

CHR Extension: (Facebook Disconnect) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2014-08-01]

CHR Extension: (Google Play Music) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-08-01]

CHR Extension: (PicMonkey) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2014-08-01]

CHR Extension: (AdBlock) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-01]

CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2014-07-06]

CHR Extension: (LastPass: Free Password Manager) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-08-01]

CHR Extension: (Disconnect Search) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2014-08-01]

CHR Extension: (Larry Filter for Twitter) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifgdeokhnfkbgdocafpokgdnnfbnbbok [2014-08-01]

CHR Extension: (Disconnect) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-08-01]

CHR Extension: (StayFocusd) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2014-08-01]

CHR Extension: (Save to Pocket) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-08-01]

CHR Extension: (Google Wallet) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]

CHR Extension: (Personal Blocklist (by Google)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2014-08-01]

CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\13.2.0.5\avg.crx [2014-08-01]

CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\Natalia\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-13]

CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-12-10]

CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()

R2 ADVService; C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2010-09-13] (Amazon.com) [File not signed]

S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-06-23] (Macrovision Europe Ltd.) [File not signed]

S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-10] (Google)

S2 gupdate1c9951982642bf6; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-22] (Google Inc.)

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170408 2012-12-18] (Oracle Corporation)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-23] ()

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)

R2 RoxioNow Service; C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe [400368 2010-10-20] (Roxio)

R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-14] (SupportSoft, Inc.)

R2 vToolbarUpdater13.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] ()

R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1921024 2008-05-15] (Dell Inc.) [File not signed]

S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)

R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]

R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [26984 2012-11-08] (AVG Technologies)

R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1123328 2008-05-15] (Broadcom Corp.)

S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)

R3 DXEC02; C:\WINDOWS\System32\drivers\dxec02.sys [103168 2006-11-02] (Knowles Acoustics) [File not signed]

R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211200 2007-12-02] (Conexant Systems, Inc.)

R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989952 2007-12-02] (Conexant Systems, Inc.)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-15] (Malwarebytes Corporation)

R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)

S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)

R3 OEM02Afx; C:\WINDOWS\system32\Drivers\OEM02Afx.sys [141376 2007-08-28] (Creative Technology Ltd.)

S3 QV2KUX; C:\WINDOWS\System32\DRIVERS\qv2kux.sys [3328 2001-08-17] (Microsoft Corporation)

R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2008-03-30] (SigmaTel, Inc.)

S1 mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [X]

S3 motmodem; system32\DRIVERS\motmodem.sys [X]

S3 RimUsb; System32\Drivers\RimUsb.sys [X]

U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

U3 TlntSvr; 

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-17 17:32 - 2014-08-17 17:34 - 00027795 _____ () C:\Documents and Settings\Natalia\Desktop\FRST.txt

2014-08-17 17:31 - 2014-08-17 17:31 - 00000000 ____D () C:\Documents and Settings\Natalia\Desktop\FRST-OlderVersion

2014-08-13 02:59 - 2014-08-17 17:32 - 00000000 ____D () C:\FRST

2014-08-13 02:58 - 2014-08-13 02:58 - 00000668 _____ () C:\Documents and Settings\Natalia\Desktop\Shortcut to Downloads.lnk

2014-08-13 02:51 - 2014-08-17 17:31 - 01093632 _____ (Farbar) C:\Documents and Settings\Natalia\Desktop\FRST.exe

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-17 17:34 - 2014-08-17 17:32 - 00027795 _____ () C:\Documents and Settings\Natalia\Desktop\FRST.txt

2014-08-17 17:34 - 2008-07-27 17:56 - 00000000 ____D () C:\Documents and Settings\Natalia\Local Settings\Temp

2014-08-17 17:32 - 2014-08-13 02:59 - 00000000 ____D () C:\FRST

2014-08-17 17:31 - 2014-08-17 17:31 - 00000000 ____D () C:\Documents and Settings\Natalia\Desktop\FRST-OlderVersion

2014-08-17 17:31 - 2014-08-13 02:51 - 01093632 _____ (Farbar) C:\Documents and Settings\Natalia\Desktop\FRST.exe

2014-08-17 17:31 - 2014-04-02 18:26 - 00000000 ____D () C:\Documents and Settings\Natalia\Desktop\2014

2014-08-17 17:31 - 2011-12-20 18:53 - 00000000 ____D () C:\Documents and Settings\Natalia\Application Data\Spotify

2014-08-17 17:31 - 2004-08-10 14:02 - 02090609 _____ () C:\WINDOWS\WindowsUpdate.log

2014-08-17 17:20 - 2010-02-24 21:25 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-809295428-1601180853-2587088129-1006UA.job

2014-08-17 17:18 - 2013-01-10 23:24 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-08-16 15:46 - 2004-08-10 13:59 - 00000211 _____ () C:\WINDOWS\wiadebug.log

2014-08-16 15:12 - 2009-06-29 23:03 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-08-16 12:52 - 2008-06-23 00:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help

2014-08-16 12:49 - 2009-02-22 14:11 - 00000868 _____ () C:\WINDOWS\Tasks\Google Software Updater.job

2014-08-16 12:32 - 2004-08-10 14:08 - 00032428 _____ () C:\WINDOWS\SchedLgU.Txt

2014-08-16 12:25 - 2013-01-06 19:03 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp

2014-08-16 12:19 - 2010-02-24 21:25 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-809295428-1601180853-2587088129-1006Core.job

2014-08-16 12:12 - 2013-07-20 10:21 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-08-16 12:12 - 2009-06-29 23:03 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-08-16 12:12 - 2008-08-09 09:27 - 96303304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-08-15 01:48 - 2011-12-20 18:53 - 00000000 ____D () C:\Documents and Settings\Natalia\Local Settings\Application Data\Spotify

2014-08-15 00:33 - 2014-07-04 12:13 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-08-13 03:07 - 2014-07-04 11:21 - 00000000 ____D () C:\Mozilla Firefox

2014-08-13 02:58 - 2014-08-13 02:58 - 00000668 _____ () C:\Documents and Settings\Natalia\Desktop\Shortcut to Downloads.lnk

2014-08-13 02:37 - 2014-04-07 11:33 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job

2014-08-13 02:30 - 2014-04-13 23:41 - 00000000 ___RD () C:\Documents and Settings\Natalia\My Documents\Google Drive

2014-08-13 02:28 - 2008-07-27 22:06 - 00000000 ____D () C:\Temp

2014-08-13 02:27 - 2004-08-10 14:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-08-13 02:27 - 2004-08-10 13:59 - 00000049 _____ () C:\WINDOWS\wiaservc.log

2014-08-02 14:39 - 2014-06-17 02:14 - 00000000 ____D () C:\Documents and Settings\Natalia\Desktop\files

2014-08-02 14:38 - 2013-12-31 22:07 - 00000000 ____D () C:\Documents and Settings\Natalia\Application Data\vlc

2014-08-02 14:36 - 2008-07-28 13:33 - 00216064 _____ () C:\Documents and Settings\Natalia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-08-01 15:52 - 2012-05-10 16:23 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-08-01 14:28 - 2008-08-29 01:13 - 00000000 ____D () C:\Documents and Settings\Natalia\Application Data\stickies

2014-08-01 14:03 - 2011-08-30 20:59 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-08-01 14:03 - 2004-08-10 13:51 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl

2014-08-01 14:02 - 2013-12-28 17:21 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$

2014-07-29 22:32 - 2008-07-27 17:56 - 00000178 ___SH () C:\Documents and Settings\Natalia\ntuser.ini

2014-07-29 22:32 - 2008-07-27 17:56 - 00000000 ____D () C:\Documents and Settings\Natalia

2014-07-28 18:51 - 2011-08-30 20:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight

2014-07-24 20:17 - 2014-07-04 12:12 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-24 20:17 - 2014-07-04 12:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-07-20 19:19 - 2013-01-10 23:24 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe

2014-07-20 19:19 - 2013-01-10 23:24 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2014-07-20 19:15 - 2014-04-13 23:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive

 

Some content of TEMP:

====================

C:\Documents and Settings\Natalia\Local Settings\Temp\1_Offer_5.exe

C:\Documents and Settings\Natalia\Local Settings\Temp\1_Offer_7.exe

C:\Documents and Settings\Natalia\Local Settings\Temp\6_Offer_15.exe

C:\Documents and Settings\Natalia\Local Settings\Temp\gkc.exe

C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a96e236d.exe

C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-c6c93e88.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

==================== End Of Log ============================

Link to post
Share on other sites

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Threat Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.
Link to post
Share on other sites

I hope this is what you are looking for?

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/19/2014
Scan Time: 2:26:07 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.19.09
Rootkit Database: v2014.08.16.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Natalia
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 320918
Time Elapsed: 1 hr, 27 min, 24 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:26-08-2014

Ran by Natalia at 2014-08-27 13:12:34 Run:1

Running from C:\Documents and Settings\Natalia\Desktop

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

Start

C:\Documents and Settings\Natalia\Local Settings\Temp\1_Offer_5.exe

C:\Documents and Settings\Natalia\Local Settings\Temp\1_Offer_7.exe

C:\Documents and Settings\Natalia\Local Settings\Temp\6_Offer_15.exe

C:\Documents and Settings\Natalia\Local Settings\Temp\gkc.exe

C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a96e236d.exe

C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-c6c93e88.exe

End

 

*****************

 

C:\Documents and Settings\Natalia\Local Settings\Temp\1_Offer_5.exe => Moved successfully.

C:\Documents and Settings\Natalia\Local Settings\Temp\1_Offer_7.exe => Moved successfully.

C:\Documents and Settings\Natalia\Local Settings\Temp\6_Offer_15.exe => Moved successfully.

C:\Documents and Settings\Natalia\Local Settings\Temp\gkc.exe => Moved successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-a96e236d.exe => Moved successfully.

C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-c6c93e88.exe => Moved successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

  • 3 weeks later...
  • 2 weeks later...
  • Root Admin

Sorry for the lapse here... Let me have you run the following and let's see what we can do to help you out.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.


 

Link to post
Share on other sites

Many thanks for your help!

Here is the FRST.txt log. There is no Addition.txt log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-09-2014
Ran by Natalia (administrator) on D56S2NG1 on 30-09-2014 22:51:40
Running from C:\Documents and Settings\Natalia\Desktop
Loaded Profile: Natalia (Available profiles: Natalia & John)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
() C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Roxio) C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
(Amazon.com) C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(SillySot Software) C:\Program Files\Iconoid\iconoid.exe
(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Zhorn Software) C:\Program Files\Stickies\stickies.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Mozilla Corporation) C:\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [851968 2007-07-09] (Synaptics, Inc.)
HKLM\...\Run: [broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [2183168 2008-05-15] (Dell Inc.)
HKLM\...\Run: [unlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [15872 2008-05-02] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [404712 2013-01-04] (BillP Studios)
HKLM\...\Run: [Dell QuickSet] => C:\Program Files\Dell\QuickSet\Quickset.exe [1245184 2008-02-22] (Dell Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [iconoid] => C:\Program Files\Iconoid\iconoid.exe [274432 2007-02-03] (SillySot Software)
HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [Google Update] => C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-06-07] (Google Inc.)
HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [MusicManager] => C:\Documents and Settings\Natalia\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-07-22] (Google Inc.)
HKU\S-1-5-21-809295428-1601180853-2587088129-1006\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Documents and Settings\Natalia\Start Menu\Programs\Startup\Stickies.lnk
ShortcutTarget: Stickies.lnk -> C:\Program Files\Stickies\stickies.exe (Zhorn Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Natalia\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [Offline Files] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} => C:\WINDOWS\System32\cscui.dll (Microsoft Corporation)
BootExecute: autocheck autochk /r \??\C:autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {2A696BCE-44CF-45a4-B905-59CDFA08531A} URL = http://del.icio.us/search/?fr=del_icio_us&p={searchTerms}&type=all
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-linksys
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CDelHotkeys Object -> {78875F5C-A685-4405-8DC5-D48DC65452B0} -> C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\LastPass_2025502219\LPToolbar.dll (LastPass)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\LastPass_2025502219\LPToolbar.dll (LastPass)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Natalia\Application Data\Mozilla\Firefox\Profiles\jbvd64q4.default-1358785706187
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=1.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Natalia\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Natalia\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=8 -> C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Natalia\Application Data\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Natalia\Application Data\mozilla\plugins\npo1d.dll (Google)
FF Extension: LastPass - C:\Documents and Settings\Natalia\Application Data\Mozilla\Firefox\Profiles\jbvd64q4.default-1358785706187\Extensions\support@lastpass.com [2014-08-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-17]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2012-12-10]
FF StartMenuInternet: FIREFOX.EXE - C:\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR CustomProfile: C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-03]
CHR Extension: (Show the YouTube Channel bar or the name.) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-08-01]
CHR Extension: (Search by Image (by Google)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2014-08-01]
CHR Extension: (Email this page (by Google)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai [2014-08-01]
CHR Extension: (Rather) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkigkllnlkoblfbgfnfngfcnhmndonjm [2014-08-01]
CHR Extension: (Facebook Disconnect) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2014-08-01]
CHR Extension: (Google Play Music) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-08-01]
CHR Extension: (PicMonkey) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2014-08-01]
CHR Extension: (AdBlock) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-01]
CHR Extension: (AmazonSmile 1Button for Chrome) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2014-07-06]
CHR Extension: (LastPass: Free Password Manager) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-08-01]
CHR Extension: (Disconnect Search) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2014-08-01]
CHR Extension: (Larry Filter for Twitter) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifgdeokhnfkbgdocafpokgdnnfbnbbok [2014-08-01]
CHR Extension: (Disconnect) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-08-01]
CHR Extension: (StayFocusd) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2014-08-01]
CHR Extension: (Save to Pocket) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-08-01]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Personal Blocklist (by Google)) - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2014-08-01]
CHR CustomProfile: C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Profile 1
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\13.2.0.5\avg.crx []
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\Natalia\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-13]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-12-10]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 ADVService; C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2010-09-13] (Amazon.com) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2008-06-23] (Macrovision Europe Ltd.) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-10] (Google)
S2 gupdate1c9951982642bf6; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-22] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170408 2012-12-18] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-23] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 RoxioNow Service; C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe [400368 2010-10-20] (Roxio)
R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-14] (SupportSoft, Inc.)
R2 vToolbarUpdater13.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] ()
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1921024 2008-05-15] (Dell Inc.) [File not signed]
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [26984 2012-11-08] (AVG Technologies)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1123328 2008-05-15] (Broadcom Corp.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 DXEC02; C:\WINDOWS\System32\drivers\dxec02.sys [103168 2006-11-02] (Knowles Acoustics) [File not signed]
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211200 2007-12-02] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989952 2007-12-02] (Conexant Systems, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-30] (Malwarebytes Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 OEM02Afx; C:\WINDOWS\system32\Drivers\OEM02Afx.sys [141376 2007-08-28] (Creative Technology Ltd.)
S3 QV2KUX; C:\WINDOWS\System32\DRIVERS\qv2kux.sys [3328 2001-08-17] (Microsoft Corporation)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2008-03-30] (SigmaTel, Inc.)
S1 mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-30 22:51 - 2014-09-30 22:52 - 00025610 _____ () C:\Documents and Settings\Natalia\Desktop\FRST.txt
2014-09-30 22:49 - 2014-09-30 22:49 - 01100288 _____ (Farbar) C:\Documents and Settings\Natalia\Desktop\FRST.exe
2014-09-11 10:18 - 2014-09-11 10:18 - 17903792 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-30 22:52 - 2008-07-27 17:56 - 00000000 ____D () C:\Documents and Settings\Natalia\Local Settings\Temp
2014-09-30 22:51 - 2014-08-13 02:59 - 00000000 ____D () C:\FRST
2014-09-30 22:49 - 2014-08-13 03:04 - 00000000 ____D () C:\Mozilla Firefox
2014-09-30 22:46 - 2014-04-07 11:33 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-09-30 22:40 - 2014-04-13 23:41 - 00000000 ___RD () C:\Documents and Settings\Natalia\My Documents\Google Drive
2014-09-30 22:39 - 2014-07-04 12:13 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-30 22:39 - 2008-08-29 01:13 - 00000000 ____D () C:\Documents and Settings\Natalia\Application Data\stickies
2014-09-30 22:39 - 2004-08-10 14:02 - 01818696 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-30 22:38 - 2009-06-29 23:03 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-30 22:36 - 2004-08-10 14:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-30 22:36 - 2004-08-10 13:59 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-30 22:36 - 2004-08-10 13:59 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-09-30 22:34 - 2008-07-27 17:56 - 00000178 ___SH () C:\Documents and Settings\Natalia\ntuser.ini
2014-09-30 22:34 - 2004-08-10 14:08 - 00032492 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-30 22:21 - 2010-02-24 21:25 - 00000986 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-809295428-1601180853-2587088129-1006UA.job
2014-09-30 22:19 - 2008-07-27 22:06 - 00000000 ____D () C:\Temp
2014-09-30 22:18 - 2013-01-10 23:24 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-29 21:55 - 2008-07-27 17:56 - 00000000 ____D () C:\Documents and Settings\Natalia
2014-09-29 21:12 - 2009-06-29 23:03 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-29 20:43 - 2013-01-06 19:03 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-09-29 20:18 - 2004-08-10 13:51 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-29 20:17 - 2012-05-10 16:23 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-22 02:41 - 2013-01-11 21:24 - 00231568 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-09-19 12:49 - 2009-02-22 14:11 - 00000868 _____ () C:\WINDOWS\Tasks\Google Software Updater.job
2014-09-19 12:30 - 2009-10-06 17:53 - 00000000 ____D () C:\Documents and Settings\Natalia\My Documents\City Council Policy and Projects
2014-09-19 12:19 - 2010-02-24 21:25 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-809295428-1601180853-2587088129-1006Core.job
2014-09-17 19:41 - 2008-07-28 13:33 - 00221184 _____ () C:\Documents and Settings\Natalia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-15 09:10 - 2010-01-10 17:58 - 00000000 ____D () C:\Documents and Settings\Natalia\My Documents\City Council Speeches
2014-09-15 09:02 - 2013-07-20 10:21 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-15 09:01 - 2008-08-09 09:27 - 98758480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-11 10:19 - 2013-01-10 23:24 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-11 10:19 - 2013-01-10 23:24 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-08-31 19:59 - 2013-08-14 18:02 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

A little bit of junk and perhaps too many programs starting at startup that don't really need to. Let's do a little cleaning and go from there.

Please go ahead and run through the following steps and post back the logs when ready.

STEP 04

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus
STEP 05

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
STEP 06

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 07

button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
STEP 08

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites

  • 3 weeks later...

Hi there,

I am having a major problem.

I do not recall what step I was on, but something has happened where I can no longer access my profile on my computer.

Allow me to explain. I have two profiles on my laptop computer, one that is password protected and another that is not password protected. When my computer starts up, I am taken to the welcome screen with the two profiles. I have been downloading these applications and going through the steps on my protected profile, which is the one I use the vast majority of the time. But now, every time I enter my password for my protected profile, I am taken to a screen with my desktop wallpaper, but my profile never completely loads. I am simply stuck with a screen of my desktop wallpaper and an arrow that i can roll around the screen, but nothing happens. I have tried to log into my profile about a dozen times, and each time I get stuck. The only way I can leave the screen is by pressing CTRL+ALT+DELETE, logging off, and logging onto the other profile, from which I am writing now.

I can enter the non-password protected profile with no problem.

Can you help me? Do I need to go into the computer on safe mode or something? I am very concerned. All of my files are located on the password protected profile I cannot access.

Link to post
Share on other sites

  • Root Admin

Please log onto the other profile or safe mode and see if you can find the log from the last step you did before this happened and post back.

 

Is the other account a limited user account?

 

If you logon to your normal account can your press CTRL-SHIFT-ESC keys for task manager and then click on the menu and try to run EXPLORER.EXE   - does it load then?

 

Are you using the paid version of MBAM with the Protection Modules enabled? If so try to disable load with Windows for it

Link to post
Share on other sites

Hi,

 

I logged onto my password-protected account, and I got stuck on the wallpaper screen again - the only way I can access any files at all whatever is by going to Task Explorer and go to Applications - File - Run. I was able to open my desktop and find the last file that I ran, it is the AdwCleaner file.

I'm going to try the MBAM thing now.


# AdwCleaner v3.311 - Report created 02/10/2014 at 05:34:05
# Updated 30/09/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Natalia - D56S2NG1
# Running from : C:\Documents and Settings\Natalia\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
[!] Folder Deleted : C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm
[!] Folder Deleted : C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\SimplyGen

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\4aarq8xi.default\prefs.js ]


[ File : C:\Documents and Settings\Natalia\Application Data\Mozilla\Firefox\Profiles\jbvd64q4.default-1358785706187\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\Natalia\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=410&sr=0&q={searchTerms}
Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2608 octets] - [01/10/2014 23:46:25]
AdwCleaner[s0].txt - [2573 octets] - [02/10/2014 05:34:05]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2633 octets] ##########


 

Link to post
Share on other sites

  • Root Admin

Please do the following.

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.