Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need Malware removed from computer [Solved]


  • This topic is locked This topic is locked

#16
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Try VRT one more time if it fails then come back here and I'll prepare another step for you. I'll be with you all the way until we solve this. Don't worry.
  • 0

Advertisements


#17
Beshoff

Beshoff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
This scan has been running 3 days - I managed to get another 2 part reports before my computer shutdown completely - I dont know how far the can got before doing so but I dont think it finished completely.

Part 2

Status: Deleted (events: 15)
17/01/2013 06:32:47 Deleted Trojan program Backdoor.Win32.ZAccess.mbt C:\Qoobox\Quarantine\C\Windows\Installer\{1e52d328-0a59-e7e0-c310-445c04e55c20}\U\[email protected] High
17/01/2013 06:33:13 Deleted Trojan program Backdoor.Win32.ZAccess.mbs C:\Qoobox\Quarantine\C\Windows\Installer\{1e52d328-0a59-e7e0-c310-445c04e55c20}\U\[email protected] High
17/01/2013 06:33:16 Deleted Trojan program Trojan-Dropper.Win32.Miner.i C:\Qoobox\Quarantine\C\Windows\Installer\{1e52d328-0a59-e7e0-c310-445c04e55c20}\U\[email protected] High
17/01/2013 06:33:52 Deleted Trojan program Trojan.Win32.Small.cot C:\Qoobox\Quarantine\C\Windows\Installer\{1e52d328-0a59-e7e0-c310-445c04e55c20}\U\[email protected] High
17/01/2013 06:35:29 Deleted Trojan program Backdoor.Win32.ZAccess.amcs C:\Qoobox\Quarantine\C\Windows\Installer\{1e52d328-0a59-e7e0-c310-445c04e55c20}\U\[email protected] High
17/01/2013 07:00:38 Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1187ad0c-59b05bc1 High
17/01/2013 07:00:43 Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\64b7d75d-4eada9f7 High
17/01/2013 07:01:25 Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\669c2aad-5ea389c4 High
17/01/2013 07:01:27 Deleted Trojan program Trojan-Downloader.Java.Agent.rn C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\30845171-2086246c/t6a/t6d.class High
17/01/2013 07:01:27 Deleted Trojan program Trojan-Downloader.Java.Agent.rn C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\30845171-2086246c/t6a/t6a.class High
17/01/2013 07:01:30 Deleted Trojan program HEUR:Exploit.Java.CVE-2012-1723.gen C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\30845171-2086246c High
17/01/2013 08:03:52 Deleted Trojan program Trojan-Ransom.MSIL.FakeInstaller.a C:\Users\Naz\Documents\My Music\MP3s\mediaplayer_setup.exe High
17/01/2013 08:04:41 Deleted Trojan program Trojan-Ransom.MSIL.FakeInstaller.a C:\Users\Naz\Documents\My Music\MP3s\mediaplayer_setup_1.exe High
17/01/2013 08:19:17 Deleted Trojan program Trojan-Downloader.WMA.FakeDRM.bj C:\Users\Naz\Documents\My Music\zzzzMaster Copy\Whats it gonna be.mp3 High
17/01/2013 21:25:26 Deleted Trojan program Exploit.JS.Retkid.a C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6VX8CWNP\hdrk[1].htm High
Status: Disinfected (events: 20)
17/01/2013 06:59:54 Disinfected Trojan program Exploit.Java.CVE-2012-0507.kb C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\60509819-47f0f93e/js_pa/js_pb.class High
17/01/2013 06:59:54 Disinfected Trojan program Exploit.Java.CVE-2012-0507.kb C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\60509819-47f0f93e High
17/01/2013 07:01:11 Disinfected Trojan program Exploit.Java.CVE-2012-0507.hl C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\5a11636b-4161c9ca/ta/ta.class High
17/01/2013 07:01:11 Disinfected Trojan program Exploit.Java.CVE-2012-0507.gk C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\5a11636b-4161c9ca/ta/er.class High
17/01/2013 07:01:11 Disinfected Trojan program Exploit.Java.CVE-2012-0507.gk C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\5a11636b-4161c9ca High
17/01/2013 07:01:15 Disinfected Trojan program Exploit.Java.CVE-2012-0507.hl C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\742eb6ab-7f0acd1a/ta/ta.class High
17/01/2013 07:01:15 Disinfected Trojan program Exploit.Java.CVE-2012-0507.gk C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\742eb6ab-7f0acd1a/ta/er.class High
17/01/2013 07:01:15 Disinfected Trojan program Exploit.Java.CVE-2012-0507.gk C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\742eb6ab-7f0acd1a High
17/01/2013 07:01:27 Disinfected Trojan program Exploit.Java.CVE-2012-0507.hl C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\1a4e0ef2-3bd2f85f/ta/ta.class High
17/01/2013 07:01:27 Disinfected Trojan program Exploit.Java.CVE-2012-0507.gk C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\1a4e0ef2-3bd2f85f/ta/er.class High
17/01/2013 07:01:27 Disinfected Trojan program Exploit.Java.CVE-2012-0507.gk C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\1a4e0ef2-3bd2f85f High
17/01/2013 07:01:31 Disinfected Trojan program Exploit.Java.CVE-2012-1723.hc C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\68a3cba-7ce37a45/NkeGa/NkeGd.class High
17/01/2013 07:01:31 Disinfected Trojan program Exploit.Java.CVE-2012-1723.hq C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\68a3cba-7ce37a45/NkeGa/NkeGe.class High
17/01/2013 07:01:31 Disinfected Trojan program Exploit.Java.CVE-2012-1723.gs C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\68a3cba-7ce37a45/NkeGa/NkeGb.class High
17/01/2013 07:01:31 Disinfected Trojan program Exploit.Java.CVE-2012-1723.gu C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\68a3cba-7ce37a45/NkeGa/NkeGc.class High
17/01/2013 07:01:31 Disinfected Trojan program Exploit.Java.CVE-2012-1723.gx C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\68a3cba-7ce37a45/NkeGa/NkeGa.class High
17/01/2013 07:01:31 Disinfected Trojan program HEUR:Exploit.Java.CVE-2012-1723.gen C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\68a3cba-7ce37a45 High
17/01/2013 07:01:36 Disinfected Trojan program Exploit.Java.CVE-2012-0507.hl C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\7195f7e-4c252966/ta/ta.class High
17/01/2013 07:01:36 Disinfected Trojan program Exploit.Java.CVE-2012-0507.gk C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\7195f7e-4c252966/ta/er.class High
17/01/2013 07:01:36 Disinfected Trojan program Exploit.Java.CVE-2012-0507.gk C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\7195f7e-4c252966 High


Part 3
Status: Deleted (events: 18)
17/01/2013 06:32:47 Deleted Trojan program Backdoor.Win32.ZAccess.mbt C:\Qoobox\Quarantine\C\Windows\Installer\{1e52d328-0a59-e7e0-c310-445c04e55c20}\U\[email protected] High
17/01/2013 06:33:13 Deleted Trojan program Backdoor.Win32.ZAccess.mbs C:\Qoobox\Quarantine\C\Windows\Installer\{1e52d328-0a59-e7e0-c310-445c04e55c20}\U\[email protected] High
17/01/2013 06:33:16 Deleted Trojan program Trojan-Dropper.Win32.Miner.i C:\Qoobox\Quarantine\C\Windows\Installer\{1e52d328-0a59-e7e0-c310-445c04e55c20}\U\[email protected] High
17/01/2013 06:33:52 Deleted Trojan program Trojan.Win32.Small.cot C:\Qoobox\Quarantine\C\Windows\Installer\{1e52d328-0a59-e7e0-c310-445c04e55c20}\U\[email protected] High
17/01/2013 06:35:29 Deleted Trojan program Backdoor.Win32.ZAccess.amcs C:\Qoobox\Quarantine\C\Windows\Installer\{1e52d328-0a59-e7e0-c310-445c04e55c20}\U\[email protected] High
17/01/2013 07:00:38 Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1187ad0c-59b05bc1 High
17/01/2013 07:00:43 Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\64b7d75d-4eada9f7 High
17/01/2013 07:01:25 Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\669c2aad-5ea389c4 High
17/01/2013 07:01:27 Deleted Trojan program Trojan-Downloader.Java.Agent.rn C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\30845171-2086246c/t6a/t6d.class High
17/01/2013 07:01:27 Deleted Trojan program Trojan-Downloader.Java.Agent.rn C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\30845171-2086246c/t6a/t6a.class High
17/01/2013 07:01:30 Deleted Trojan program HEUR:Exploit.Java.CVE-2012-1723.gen C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\30845171-2086246c High
17/01/2013 08:03:52 Deleted Trojan program Trojan-Ransom.MSIL.FakeInstaller.a C:\Users\Naz\Documents\My Music\MP3s\mediaplayer_setup.exe High
17/01/2013 08:04:41 Deleted Trojan program Trojan-Ransom.MSIL.FakeInstaller.a C:\Users\Naz\Documents\My Music\MP3s\mediaplayer_setup_1.exe High
17/01/2013 08:19:17 Deleted Trojan program Trojan-Downloader.WMA.FakeDRM.bj C:\Users\Naz\Documents\My Music\zzzzMaster Copy\Whats it gonna be.mp3 High
17/01/2013 21:25:26 Deleted Trojan program Exploit.JS.Retkid.a C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6VX8CWNP\hdrk[1].htm High
18/01/2013 15:07:01 Deleted Trojan program Exploit.JS.Retkid.a C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QPDEIF43\hscw[1].htm High
19/01/2013 01:06:07 Deleted Trojan program Backdoor.Win32.ZAccess.amcs C:\_OTL\MovedFiles\01072013_220307\C_Windows\Installer\{1e52d328-0a59-e7e0-c310-445c04e55c20}\U\[email protected] High
19/01/2013 11:39:48 Deleted adware not-a-virus:HEUR:AdWare.Win32.iBryte.heur c:\Users\Naz\Downloads\Setup.exe Medium
Status: Disinfected (events: 20)
17/01/2013 06:59:54 Disinfected Trojan program Exploit.Java.CVE-2012-0507.kb C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\60509819-47f0f93e/js_pa/js_pb.class High
17/01/2013 06:59:54 Disinfected Trojan program Exploit.Java.CVE-2012-0507.kb C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\60509819-47f0f93e High
17/01/2013 07:01:11 Disinfected Trojan program Exploit.Java.CVE-2012-0507.hl C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\5a11636b-4161c9ca/ta/ta.class High
17/01/2013 07:01:11 Disinfected Trojan program Exploit.Java.CVE-2012-0507.gk C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\5a11636b-4161c9ca/ta/er.class High
17/01/2013 07:01:11 Disinfected Trojan program Exploit.Java.CVE-2012-0507.gk C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\5a11636b-4161c9ca High
17/01/2013 07:01:15 Disinfected Trojan program Exploit.Java.CVE-2012-0507.hl C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\742eb6ab-7f0acd1a/ta/ta.class High
17/01/2013 07:01:15 Disinfected Trojan program Exploit.Java.CVE-2012-0507.gk C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\742eb6ab-7f0acd1a/ta/er.class High
17/01/2013 07:01:15 Disinfected Trojan program Exploit.Java.CVE-2012-0507.gk C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\742eb6ab-7f0acd1a High
17/01/2013 07:01:27 Disinfected Trojan program Exploit.Java.CVE-2012-0507.hl C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\1a4e0ef2-3bd2f85f/ta/ta.class High
17/01/2013 07:01:27 Disinfected Trojan program Exploit.Java.CVE-2012-0507.gk C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\1a4e0ef2-3bd2f85f/ta/er.class High
17/01/2013 07:01:27 Disinfected Trojan program Exploit.Java.CVE-2012-0507.gk C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\1a4e0ef2-3bd2f85f High
17/01/2013 07:01:31 Disinfected Trojan program Exploit.Java.CVE-2012-1723.hc C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\68a3cba-7ce37a45/NkeGa/NkeGd.class High
17/01/2013 07:01:31 Disinfected Trojan program Exploit.Java.CVE-2012-1723.hq C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\68a3cba-7ce37a45/NkeGa/NkeGe.class High
17/01/2013 07:01:31 Disinfected Trojan program Exploit.Java.CVE-2012-1723.gs C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\68a3cba-7ce37a45/NkeGa/NkeGb.class High
17/01/2013 07:01:31 Disinfected Trojan program Exploit.Java.CVE-2012-1723.gu C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\68a3cba-7ce37a45/NkeGa/NkeGc.class High
17/01/2013 07:01:31 Disinfected Trojan program Exploit.Java.CVE-2012-1723.gx C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\68a3cba-7ce37a45/NkeGa/NkeGa.class High
17/01/2013 07:01:31 Disinfected Trojan program HEUR:Exploit.Java.CVE-2012-1723.gen C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\68a3cba-7ce37a45 High
17/01/2013 07:01:36 Disinfected Trojan program Exploit.Java.CVE-2012-0507.hl C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\7195f7e-4c252966/ta/ta.class High
17/01/2013 07:01:36 Disinfected Trojan program Exploit.Java.CVE-2012-0507.gk C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\7195f7e-4c252966/ta/er.class High
17/01/2013 07:01:36 Disinfected Trojan program Exploit.Java.CVE-2012-0507.gk C:\Users\Naz\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\7195f7e-4c252966 High

Does this helpin anyway or do I need to start again from the start - or is there something else we can try
  • 0

#18
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Beshoff,

You did good job. Can you try to run Combofix now after VRT scan and hopefully we will get log this time.
  • 0

#19
Beshoff

Beshoff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Ran Combofix again twice - but same as before does a load of extracting - runs for about a minute - last thing states is the output folder then closes. Again i searched for a Combofix.txt file but nothing related to Combofix except the .exe files can be found.
  • 0

#20
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's install the free Avast:

AVAST Free

Once you have it installed and it has updated, right click on it and select Open Avast! User Interface then click on Scan Computer, then on
Boot-Time Scan then Schedule Now.

Reboot and let it run a scan. It will take many hours (like overnight) and unfortunately you may need to check back with it once in a while to see if it needs an input from you. If the scan hangs that may indicate a hardware problem.
  • 0

#21
Beshoff

Beshoff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Scan completed after 26 hours and removed 100 high threats were js:scriptPE mainly. I have a scan log saved but dont know how to copy onto here as its not in text format but also you have not specifically asked me to do so. So what is next?
  • 0

#22
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Avast did good job then. Let's do new OTL scan so I can see where we stand now.

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

  • 0

#23
Beshoff

Beshoff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Avast has done a fantastic job laptop feels much better already. OTL scan attached below - thanks very much.


OTL logfile created on: 23/01/2013 19:12:36 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Naz\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.71 Gb Available Physical Memory | 35.54% Memory free
4.18 Gb Paging File | 2.83 Gb Available in Paging File | 67.70% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.46 Gb Total Space | 1.03 Gb Free Space | 0.75% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.71 Gb Free Space | 57.14% Space Free | Partition Type: NTFS
Drive E: | 3.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CHOCO | User Name: Naz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/23 19:12:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Naz\Downloads\OTL(1).exe
PRC - [2013/01/23 19:09:08 | 000,320,000 | ---- | M] () -- C:\32788R22FWJFW\cmd.3XE
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/10/30 22:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/04 16:34:36 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
PRC - [2012/09/05 15:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
PRC - [2011/06/26 06:45:56 | 000,256,000 | ---- | M] () -- C:\32788R22FWJFW\pev.3XE
PRC - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/25 00:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/01/09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/12/08 04:35:02 | 000,471,040 | ---- | M] () -- C:\Program Files\MouseDriver\OfficeMouse.exe
PRC - [2007/11/12 11:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 11:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/11/01 15:39:28 | 000,189,736 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/09/07 16:27:08 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/09/07 06:50:02 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/07 06:49:56 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/07 06:49:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/08/28 05:51:42 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/08/24 04:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2007/08/15 12:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/08/03 22:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/07/25 01:41:52 | 000,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2007/07/24 12:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007/07/13 14:14:56 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcuimgr.exe
PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/03/06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2007/01/15 12:23:48 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2006/11/05 11:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 10:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/23 19:09:08 | 000,320,000 | ---- | M] () -- C:\32788R22FWJFW\cmd.3XE
MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/26 06:45:56 | 000,256,000 | ---- | M] () -- C:\32788R22FWJFW\pev.3XE
MOD - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2008/03/29 15:42:30 | 000,536,576 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\Haali\splitter.ax
MOD - [2008/03/29 15:41:52 | 000,079,360 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkzlib.dll
MOD - [2008/03/29 15:41:52 | 000,023,552 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\Haali\mkunicode.dll
MOD - [2008/01/13 18:37:40 | 000,315,392 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\mmmpcdmx.ax
MOD - [2007/12/15 03:54:06 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007/12/08 04:35:02 | 000,471,040 | ---- | M] () -- C:\Program Files\MouseDriver\OfficeMouse.exe
MOD - [2007/11/22 01:37:24 | 000,073,728 | ---- | M] () -- C:\Program Files\MouseDriver\dllset.dll
MOD - [2006/11/05 10:58:44 | 000,516,096 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006/11/05 10:28:18 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
MOD - [2006/07/07 22:04:40 | 000,049,152 | ---- | M] () -- C:\Program Files\LitexMedia\Fast Audio Converter\FastACShellExt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2013/01/21 19:58:05 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/08 20:33:28 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/09/05 15:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/07/13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/09/08 07:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/26 18:34:38 | 000,265,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/25 00:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/01/09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/11/12 11:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 11:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/08/24 04:00:40 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\msksrver.exe -- (MSK80Service)
SRV - [2007/08/15 12:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/07/25 03:16:16 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/07/25 01:41:52 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/07/24 12:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/03/06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\snp2sxp.sys -- (SNP2STD)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Naz\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/01/07 20:26:13 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/10/30 22:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 22:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 22:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 22:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/30 22:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 22:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/02/22 10:34:36 | 000,022,400 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012/01/11 06:11:20 | 000,032,000 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2009/10/07 08:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2009/10/07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/06/06 09:24:44 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/07 07:38:36 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/05/07 07:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/07 07:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/12/15 03:54:26 | 000,111,104 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2007/11/12 11:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/09/07 06:49:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/06 16:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 16:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 16:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/28 05:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/07/24 12:02:36 | 000,033,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/24 07:40:36 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/07/21 09:08:24 | 000,201,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/07/21 09:08:24 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/07/21 09:08:24 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/07/13 09:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2006/11/02 09:15:23 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2006/11/02 08:55:05 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2006/11/02 07:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 07:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/08/05 00:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUK

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7DKUK_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Naz\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/01/21 22:20:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/21 19:58:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/21 19:57:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/03/24 17:36:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2008/03/24 14:17:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Naz\Program Files\DNA [2013/01/23 18:47:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8590193E-106F-4FFF-9510-9D8E4C6A8BCF}: C:\Users\Naz\AppData\Local\{8590193E-106F-4FFF-9510-9D8E4C6A8BCF} [2010/10/10 21:06:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{461B109D-01C7-11E2-8271-B8AC6F996F26}: C:\Users\Naz\AppData\Local\{461B109D-01C7-11E2-8271-B8AC6F996F26}\ [2012/09/18 19:30:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/21 19:58:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/21 19:57:46 | 000,000,000 | ---D | M]

[2010/12/13 12:19:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Naz\AppData\Roaming\Mozilla\Extensions
[2010/12/13 12:19:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Naz\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/01/21 19:57:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/21 19:58:06 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/29 09:43:49 | 000,001,738 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/11/29 09:43:49 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/29 09:43:49 | 000,001,148 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/11/29 09:43:49 | 000,001,379 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/11/29 09:43:49 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/11/29 09:43:49 | 000,001,334 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Ask Toolbar = C:\Users\Naz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaodnbkkemkkaekocofmphoadofkdh\7.15.4.0_0\
CHR - Extension: avast! WebRep = C:\Users\Naz\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

O1 HOSTS File: ([2013/01/21 17:44:33 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\McApBHO.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iWareV3] C:\Program Files\MouseDriver\OfficeMouse.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Naz\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Naz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O4 - Startup: C:\Users\Naz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_82414533.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: barclays.co.uk ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: barclaysstockbrokers.co.uk ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([en-gb] https in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: hmv.co.uk ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: hmv.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: hmv.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: isvinternet.com ([fastpath] http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{188A94CA-A483-4C5F-B246-DEB4B9BB4137}: NameServer = 149.254.230.7 149.254.192.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB3A0FEB-D7F8-4FF8-9BC4-53068FF3D69A}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E57CB14D-F012-403B-9D0C-65FE823ADBEC}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\inspiron_NB_1280x864_01.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\inspiron_NB_1280x864_01.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/21 22:23:01 | 000,361,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/01/21 22:23:01 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/01/21 22:23:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/01/21 22:22:58 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/01/21 22:22:58 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013/01/21 22:22:54 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/01/21 22:22:50 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/01/21 22:20:13 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/01/21 22:20:12 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/01/21 22:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/01/21 22:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/01/21 19:57:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/21 16:19:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/21 16:12:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/21 16:12:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/21 16:12:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/21 16:12:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2013/01/21 16:12:07 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/01/21 14:29:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/01/19 16:08:26 | 000,000,000 | ---D | C] -- C:\Users\Naz\Tracing
[2013/01/19 16:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2013/01/19 16:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2013/01/19 16:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\sweetpacks bundle uninstaller
[2013/01/19 16:07:11 | 000,000,000 | ---D | C] -- C:\Users\Naz\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q
[2013/01/17 00:33:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/01/16 23:42:29 | 000,000,000 | ---D | C] -- C:\Users\Naz\AppData\Roaming\Windows Live Writer
[2013/01/16 23:42:29 | 000,000,000 | ---D | C] -- C:\Users\Naz\AppData\Local\Windows Live Writer
[2013/01/11 18:11:57 | 000,000,000 | ---D | C] -- C:\Users\Naz\Desktop\Old Firefox Data-1
[2013/01/11 17:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/01/08 18:12:33 | 000,000,000 | ---D | C] -- C:\Users\Naz\AppData\Roaming\JGoodies
[2013/01/08 18:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\JGoodies
[2013/01/08 18:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/01/08 18:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/01/07 22:58:14 | 000,000,000 | -HSD | C] -- C:\found.002
[2013/01/07 22:03:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/07 17:50:46 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/01/04 00:04:18 | 000,000,000 | ---D | C] -- C:\Users\Naz\AppData\Local\Macromedia
[2013/01/04 00:03:21 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013/01/04 00:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2013/01/02 01:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/01/02 01:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/01/02 01:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/01/02 01:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/01/01 23:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/12/30 20:56:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012/12/30 11:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/12/30 11:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/12/29 00:43:05 | 000,000,000 | ---D | C] -- C:\Users\Naz\AppData\Roaming\JAM Software
[2012/12/28 22:19:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/28 22:18:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/12/28 22:18:40 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/12/27 18:16:43 | 000,000,000 | ---D | C] -- C:\Users\Naz\Desktop\Old Firefox Data
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/23 19:27:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/23 19:06:11 | 000,000,861 | ---- | M] () -- C:\Users\Naz\Desktop\ComboFix(1).exe - Shortcut.lnk
[2013/01/23 18:51:45 | 000,038,719 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2013/01/23 18:48:26 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/23 18:47:07 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/23 18:47:06 | 000,003,856 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/23 18:47:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/23 06:43:45 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/01/23 06:33:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/21 22:23:02 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/01/21 22:22:50 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/01/21 20:09:29 | 000,000,663 | ---- | M] () -- C:\Users\Naz\Desktop\Job hunting - Shortcut.lnk
[2013/01/21 17:44:33 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/01/21 14:29:28 | 000,000,872 | ---- | M] () -- C:\Users\Naz\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/21 14:29:28 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/01/19 11:39:48 | 000,000,082 | -HS- | M] () -- C:\Windows\2485645drv.spi
[2013/01/17 00:41:31 | 000,000,840 | ---- | M] () -- C:\Users\Naz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_82414533.lnk
[2013/01/17 00:13:33 | 000,001,092 | ---- | M] () -- C:\Users\Naz\Desktop\setup_11.0.0.1245.x01_2013_01_17_01_43.exe - Shortcut.lnk
[2013/01/11 17:01:28 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/01/11 17:01:28 | 000,001,913 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/01/08 18:12:04 | 000,001,651 | ---- | M] () -- C:\Users\Naz\Desktop\JDiskReport.lnk
[2013/01/07 20:59:23 | 284,417,234 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/01/07 20:26:13 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/01/07 17:50:37 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/05 14:25:02 | 000,000,577 | ---- | M] () -- C:\Users\Naz\Desktop\Poker 2013 - Shortcut.lnk
[2013/01/05 14:24:43 | 000,000,577 | ---- | M] () -- C:\Users\Naz\Documents\Poker 2013 - Shortcut.lnk
[2013/01/02 01:39:46 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/30 15:50:34 | 000,631,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/30 15:50:34 | 000,111,820 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/30 11:07:17 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/12/30 11:06:13 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2012/12/28 23:51:31 | 000,001,944 | ---- | M] () -- C:\Users\Naz\Desktop\HiJackThis.lnk
[2012/12/27 17:20:59 | 000,006,324 | ---- | M] () -- C:\Users\Naz\AppData\Local\d3d9caps.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/23 19:06:11 | 000,000,861 | ---- | C] () -- C:\Users\Naz\Desktop\ComboFix(1).exe - Shortcut.lnk
[2013/01/21 22:23:02 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/01/21 20:09:29 | 000,000,663 | ---- | C] () -- C:\Users\Naz\Desktop\Job hunting - Shortcut.lnk
[2013/01/21 16:12:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/21 16:12:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/21 16:12:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/21 16:12:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/21 16:12:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/21 14:29:28 | 000,000,872 | ---- | C] () -- C:\Users\Naz\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/21 14:29:28 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/01/21 14:29:28 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/01/19 11:39:48 | 000,000,082 | -HS- | C] () -- C:\Windows\2485645drv.spi
[2013/01/17 00:41:31 | 000,000,840 | ---- | C] () -- C:\Users\Naz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_82414533.lnk
[2013/01/17 00:13:33 | 000,001,092 | ---- | C] () -- C:\Users\Naz\Desktop\setup_11.0.0.1245.x01_2013_01_17_01_43.exe - Shortcut.lnk
[2013/01/11 17:01:28 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/01/08 18:12:04 | 000,001,651 | ---- | C] () -- C:\Users\Naz\Desktop\JDiskReport.lnk
[2013/01/07 18:09:26 | 284,417,234 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/01/05 14:25:02 | 000,000,577 | ---- | C] () -- C:\Users\Naz\Desktop\Poker 2013 - Shortcut.lnk
[2013/01/05 14:24:43 | 000,000,577 | ---- | C] () -- C:\Users\Naz\Documents\Poker 2013 - Shortcut.lnk
[2013/01/04 00:03:18 | 000,001,913 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/01/04 00:03:12 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/02 01:39:46 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/30 11:07:17 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/12/28 23:51:31 | 000,001,944 | ---- | C] () -- C:\Users\Naz\Desktop\HiJackThis.lnk
[2012/10/15 21:06:40 | 000,347,417 | ---- | C] () -- C:\Users\Naz\AppData\Local\census.cache
[2012/10/15 21:06:10 | 000,278,091 | ---- | C] () -- C:\Users\Naz\AppData\Local\ars.cache
[2012/10/15 20:45:36 | 000,000,036 | ---- | C] () -- C:\Users\Naz\AppData\Local\housecall.guid.cache
[2011/11/15 20:03:16 | 000,002,194 | ---- | C] () -- C:\ProgramData\QuickSet.xml
[2011/08/26 11:50:34 | 000,000,000 | -H-- | C] () -- C:\Users\Naz\AppData\Local\{2AA2560F-14B8-4C68-8B39-9ADF37C26CEA}
[2011/06/23 13:53:29 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\Converter_sysquict.dat
[2011/06/23 13:52:47 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2011/03/29 21:24:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/07 22:50:06 | 000,000,000 | -H-- | C] () -- C:\Users\Naz\AppData\Local\Usawipenoxoke.bin
[2010/10/07 22:50:05 | 000,000,120 | -H-- | C] () -- C:\Users\Naz\AppData\Local\Xgawapu.dat
[2010/08/20 15:39:31 | 000,000,154 | ---- | C] () -- C:\Users\Naz\AppData\Roaming\wklnhst.dat
[2008/02/17 19:50:55 | 000,006,324 | ---- | C] () -- C:\Users\Naz\AppData\Local\d3d9caps.dat
[2008/02/01 19:08:03 | 000,176,128 | -H-- | C] () -- C:\Users\Naz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008/11/06 12:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 04:16:12 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 09:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/19 16:07:11 | 000,000,000 | ---D | M] -- C:\Users\Naz\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q
[2009/05/26 12:25:34 | 000,000,000 | ---D | M] -- C:\Users\Naz\AppData\Roaming\Amazon
[2013/01/22 03:49:54 | 000,000,000 | ---D | M] -- C:\Users\Naz\AppData\Roaming\AnVi
[2012/02/03 17:33:39 | 000,000,000 | ---D | M] -- C:\Users\Naz\AppData\Roaming\Babylon
[2012/02/03 17:30:43 | 000,000,000 | ---D | M] -- C:\Users\Naz\AppData\Roaming\BitTorrent
[2012/02/17 10:33:10 | 000,000,000 | ---D | M] -- C:\Users\Naz\AppData\Roaming\com.orbis.air.SkyPoker.7C82499D7E4526CADD9D1D1B010AFE250A7BEC27.1
[2013/01/23 18:58:00 | 000,000,000 | ---D | M] -- C:\Users\Naz\AppData\Roaming\DNA
[2010/11/10 16:40:02 | 000,000,000 | ---D | M] -- C:\Users\Naz\AppData\Roaming\Egxyu
[2010/11/02 22:37:35 | 000,000,000 | ---D | M] -- C:\Users\Naz\AppData\Roaming\Esopfo
[2008/09/15 12:28:23 | 000,000,000 | ---D | M] -- C:\Users\Naz\AppData\Roaming\HiYo
[2012/12/29 00:43:05 | 000,000,000 | ---D | M] -- C:\Users\Naz\AppData\Roaming\JAM Software
[2013/01/08 18:12:33 | 000,000,000 | ---D | M] -- C:\Users\Naz\AppData\Roaming\JGoodies
[2008/12/15 02:05:47 | 000,000,000 | ---D | M] -- C:\Users\Naz\AppData\Roaming\Nokia
[2008/12/16 00:22:51 | 000,000,000 | ---D | M] -- C:\Users\Naz\AppData\Roaming\Nseries
[2008/12/16 00:25:28 | 000,000,000 | ---D | M] -- C:\Users\Naz\AppData\Roaming\PC Suite
[2008/12/06 22:50:27 | 000,000,000 | ---D | M] -- C:\Users\Naz\AppData\Roaming\PeerNetworking
[2008/02/08 21:53:45 | 000,000,000 | ---D | M] -- C:\Users\Naz\AppData\Roaming\SpeedBit
[2009/12/28 10:21:33 | 000,000,000 | ---D | M] -- C:\Users\Naz\AppData\Roaming\Spotify
[2011/08/30 18:08:49 | 000,000,000 | ---D | M] -- C:\Users\Naz\AppData\Roaming\T-Mobile
[2012/07/12 21:49:30 | 000,000,000 | ---D | M] -- C:\Users\Naz\AppData\Roaming\T-Mobile Internet Manager
[2010/08/20 15:39:40 | 000,000,000 | ---D | M] -- C:\Users\Naz\AppData\Roaming\Template
[2010/12/13 12:19:14 | 000,000,000 | ---D | M] -- C:\Users\Naz\AppData\Roaming\Thunderbird
[2008/09/08 17:31:59 | 000,000,000 | ---D | M] -- C:\Users\Naz\AppData\Roaming\tmp
[2008/05/05 16:36:13 | 000,000,000 | ---D | M] -- C:\Users\Naz\AppData\Roaming\Ulead Systems
[2013/01/16 23:42:29 | 000,000,000 | ---D | M] -- C:\Users\Naz\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Naz\Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Naz\Documents\My Documents:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Naz\Documents\My Completed Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Naz\Documents\My Chat Logs:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Naz\Documents\Housing Forms:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Naz\Documents\Dell Webcam Center:Roxio EMC Stream
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0F8F5844
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:CD060F93

< End of report >
  • 0

#24
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please tell me how is your system now? Any problems that you can see.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :processes
    PRC - [2013/01/23 19:09:08 | 000,320,000 | ---- | M] () -- C:\32788R22FWJFW\cmd.3XE
    PRC - [2011/06/26 06:45:56 | 000,256,000 | ---- | M] () -- C:\32788R22FWJFW\pev.3XE

    :OTL

    :Files

    :Commands

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Now try to run Combofix one more time.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#25
Beshoff

Beshoff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Computer is running better than it has been in a long while - Avast did a very good job. Some processes that had stopped running are now active again, and the laptop also had a tendency to overheat and seemed to be straining - now is a lot quieter and fan does not kick into action as much.

Notmuch of a log below but I guess this is a good result.

========== PROCESSES ==========
No active process named cmd.3XE was found!
No active process named pev.3XE was found!
========== OTL ==========
========== FILES ==========
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 01242013_143701
  • 0

Advertisements


#26
Beshoff

Beshoff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Combofix does not seem to create a text file anywhere...could you send me another download link. I will delete the previous installation and start again to see if that cures the problem
  • 0

#27
Beshoff

Beshoff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
This popped up on my computer about 4 hours after running Combofix - is this what you are after?


ComboFix 13-01-23.01 - Naz 24/01/2013 16:00:40.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2037.905 [GMT 0:00]
Running from: c:\users\Naz\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\go_0molg.pad
c:\users\Naz\AppData\Local\chromeupdate.crx
c:\users\Naz\AppData\Local\Microsoft\Windows\Temporary Internet Files\705XPP3O.jpg
c:\users\Naz\AppData\Local\Microsoft\Windows\Temporary Internet Files\m33jK.jpg
c:\users\Naz\AppData\Local\Microsoft\Windows\Temporary Internet Files\N6Ja11.jpg
c:\users\Naz\AppData\Local\Microsoft\Windows\Temporary Internet Files\XA7l0.jpg
c:\users\Naz\AppData\Roaming\pnmfzy.dat
c:\users\Naz\GoToAssistDownloadHelper.exe
c:\windows\Installer\{1e52d328-0a59-e7e0-c310-445c04e55c20}\@
c:\windows\Installer\{1e52d328-0a59-e7e0-c310-445c04e55c20}\L\[email protected]
c:\windows\Installer\{1e52d328-0a59-e7e0-c310-445c04e55c20}\L\201d3dde
c:\windows\Installer\{1e52d328-0a59-e7e0-c310-445c04e55c20}\L\4cce1f70
c:\windows\Installer\{1e52d328-0a59-e7e0-c310-445c04e55c20}\L\76603ac3
c:\windows\Installer\{1e52d328-0a59-e7e0-c310-445c04e55c20}\U\[email protected]
c:\windows\Installer\{1e52d328-0a59-e7e0-c310-445c04e55c20}\U\[email protected]
c:\windows\Installer\{1e52d328-0a59-e7e0-c310-445c04e55c20}\U\[email protected]
c:\windows\Installer\{1e52d328-0a59-e7e0-c310-445c04e55c20}\U\[email protected]
c:\windows\Installer\{1e52d328-0a59-e7e0-c310-445c04e55c20}\U\[email protected]
c:\windows\jestertb.dll
c:\windows\TEMP\logishrd\LVPrcInj04.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-12-24 to 2013-01-24 )))))))))))))))))))))))))))))))
.
.
2013-01-24 17:13 . 2013-01-24 17:14 -------- d-----w- c:\users\Naz\AppData\Local\temp
2013-01-24 17:13 . 2013-01-24 17:13 -------- d-----w- c:\users\Tina\AppData\Local\temp
2013-01-24 17:13 . 2013-01-24 17:13 -------- d-----w- c:\users\Everybody\AppData\Local\temp
2013-01-24 17:13 . 2013-01-24 17:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-23 04:23 . 2013-01-15 02:49 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{05B9D5BE-F19C-4CE5-9686-1AFA6B2789E9}\mpengine.dll
2013-01-21 22:23 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-21 22:23 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-21 22:22 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-21 22:22 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-01-21 22:22 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-21 22:22 . 2012-10-30 22:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-01-21 22:20 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-21 22:20 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-21 22:19 . 2013-01-21 22:19 -------- d-----w- c:\programdata\AVAST Software
2013-01-21 22:19 . 2013-01-21 22:19 -------- d-----w- c:\program files\AVAST Software
2013-01-21 14:29 . 2013-01-23 04:04 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-01-19 16:08 . 2013-01-19 16:08 -------- d-----w- c:\users\Naz\Tracing
2013-01-19 16:07 . 2013-01-19 16:07 -------- d-----w- c:\programdata\SweetIM
2013-01-19 16:07 . 2013-01-19 16:07 -------- d-----w- c:\program files\SweetIM
2013-01-19 16:07 . 2013-01-19 16:07 -------- d-----w- c:\program files\sweetpacks bundle uninstaller
2013-01-19 16:07 . 2013-01-19 16:07 -------- d-----w- c:\users\Naz\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q
2013-01-17 00:33 . 2013-01-17 00:33 -------- d-----w- c:\programdata\Kaspersky Lab
2013-01-16 23:42 . 2013-01-16 23:42 -------- d-----w- c:\users\Naz\AppData\Local\Windows Live Writer
2013-01-16 23:42 . 2013-01-16 23:42 -------- d-----w- c:\users\Naz\AppData\Roaming\Windows Live Writer
2013-01-08 18:12 . 2013-01-08 18:12 -------- d-----w- c:\users\Naz\AppData\Roaming\JGoodies
2013-01-08 18:12 . 2013-01-08 18:12 -------- d-----w- c:\program files\JGoodies
2013-01-08 18:07 . 2013-01-08 18:07 -------- d-----w- c:\program files\7-Zip
2013-01-07 22:58 . 2013-01-07 22:58 -------- d-----w- C:\found.002
2013-01-07 22:03 . 2013-01-07 22:03 -------- d-----w- C:\_OTL
2013-01-07 17:50 . 2013-01-07 20:26 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-04 00:04 . 2013-01-04 00:04 -------- d-----w- c:\users\Naz\AppData\Local\Macromedia
2013-01-04 00:03 . 2013-01-04 00:03 -------- d-----w- c:\programdata\McAfee Security Scan
2013-01-04 00:03 . 2013-01-11 17:00 -------- d-----w- c:\program files\McAfee Security Scan
2013-01-02 01:37 . 2013-01-02 01:37 -------- d-----w- c:\program files\iPod
2013-01-02 01:37 . 2013-01-02 01:39 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-02 01:37 . 2013-01-02 01:39 -------- d-----w- c:\program files\iTunes
2013-01-01 23:32 . 2012-08-21 13:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-01 23:22 . 2013-01-01 23:22 -------- d-----w- c:\program files\Bonjour
2012-12-30 11:07 . 2012-12-30 11:07 -------- d-----w- c:\program files\Common Files\Skype
2012-12-29 00:43 . 2012-12-29 00:43 -------- d-----w- c:\users\Naz\AppData\Roaming\JAM Software
2012-12-28 23:51 . 2012-12-28 23:51 388096 ----a-r- c:\users\Naz\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 20:33 . 2012-08-07 17:25 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-08 20:33 . 2011-06-10 11:35 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-07 00:49 . 2006-11-02 08:35 279552 ----a-w- c:\windows\system32\services.exe
2012-12-14 16:49 . 2011-11-17 23:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-21 19:58 . 2013-01-21 19:57 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"BitTorrent DNA"="c:\users\Naz\Program Files\DNA\btdna.exe" [2009-11-12 323392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-09 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-15 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-15 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-15 133656]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-11-01 189736]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"iWareV3"="c:\program files\MouseDriver\OfficeMouse.exe" [2007-12-08 471040]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-12-14 824232]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\users\Naz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-5-10 344064]
_uninst_82414533.lnk - c:\users\Naz\AppData\Local\Temp\_uninst_82414533.bat [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-1-26 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nokia Ovi Suite.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Nokia Ovi Suite.lnk
backup=c:\windows\pss\Nokia Ovi Suite.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2012-06-06 20:33 1564872 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-09 02:42 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-12 10:21 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-07 20:33]
.
2013-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-26 17:39]
.
2013-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-26 17:39]
.
2012-06-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-26 12:32]
.
2012-03-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-26 12:32]
.
2010-02-17 c:\windows\Tasks\NSSstub.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2009-12-30 22:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: barclays.co.uk\www
Trusted Zone: barclaysstockbrokers.co.uk\www
Trusted Zone: facebook.com\en-gb
Trusted Zone: facebook.com\www
Trusted Zone: hmv.co.uk
Trusted Zone: hmv.com
Trusted Zone: isvinternet.com\fastpath
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{188A94CA-A483-4C5F-B246-DEB4B9BB4137}: NameServer = 149.254.230.7 149.254.192.126
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\DAP\dapie.dll
FF - ProfilePath - c:\users\Everybody\AppData\Roaming\Mozilla\Firefox\Profiles\7uzszbit.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-23555449.sys
SafeBoot-57321169.sys
SafeBoot-Wdf01000.sys
MSConfigStartUp-HW_OPENEYE_OUC_T-Mobile Internet Manager - c:\program files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe
MSConfigStartUp-TrojanScanner - c:\program files\Trojan Remover\Trjscan.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-24 17:13
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Naz\AppData\Local\Temp\catchme.dll 53248 bytes executable
C:\avast! sandbox
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-865006835-1768486914-3136622015-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*?*J*,%\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-865006835-1768486914-3136622015-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i%p*q*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-865006835-1768486914-3136622015-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i%p*q*\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-01-24 17:19:31
ComboFix-quarantined-files.txt 2013-01-24 17:19
.
Pre-Run: 2,300,358,656 bytes free
Post-Run: 2,153,156,608 bytes free
.
- - End Of File - - 259F1C926E02D39318A72DBCABE87150
  • 0

#28
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Good work. How is your system now? Any problems?
  • 0

#29
Beshoff

Beshoff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Seems fine to me and I also have about 2GB of space that has returned. Excellent job are we done..
  • 0

#30
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Beshoff,

Glad to hear that. Your logs and system are clean now. I'm glad we fix up your computer.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Step 2

We need to clean up your PC from programs we used.

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.

In case that any of the software we used in this fix still remains on your system please delete it manually (Right click on it and select Delete).

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Something to read

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

2. Make Backups of Important Files

Please read this article Home Computer Data Backup.

3. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP