Hi Kevin, here are the reports but I noted that FRST seemed to freeze as it produced the reports and needed CTRL/ALT/DEL to end the process (I ran it twice to be sure) the file displayed as being listed was called ~nsu.tmp. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-06-2014 Ran by Robert (administrator) on LAPTOP on 03-06-2014 00:21:00 Running from C:\Documents and Settings\Robert\Desktop Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe (Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe (Dell Inc) C:\Program Files\Dell\QuickSet\quickset.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe (artArmin) C:\Program Files\Vista Drive Icon\DrvIcon.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe (Microsoft Corporation) C:\WINDOWS\vVX3000.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.) C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Gteko Ltd.) C:\Program Files\DellSupport\DSAgnt.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgfws.exe (Creative Technology Ltd) C:\Program Files\Creative\MediaSource5\MtdAcqu.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe (BVRP Software) C:\Program Files\Digital Line Detect\DLG.exe (Panasonic Corporation) C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe (Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE (Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe () C:\Program Files\CDBurnerXP\NMSAccessU.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe (Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [67584 2005-09-29] (Microsoft Corporation) HKLM\...\Run: [NVHotkey] => C:\WINDOWS\system32\nvHotkey.dll [90112 2009-01-30] (NVIDIA Corporation) HKLM\...\Run: [Dell QuickSet] => C:\Program Files\Dell\QuickSet\quickset.exe [1036288 2006-09-08] (Dell Inc) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761947 2006-03-08] (Synaptics, Inc.) HKLM\...\Run: [iSUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation) HKLM\...\Run: [iSUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation) HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2007-05-02] (CyberLink Corp.) HKLM\...\Run: [smcService] => C:\Program Files\Sygate\SPF\Smc.exe [2532576 2004-08-13] (Sygate Technologies, Inc.) HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\WINDOWS\KHALMNPR.EXE [55824 2007-09-21] (Logitech, Inc.) HKLM\...\Run: [DrvIcon] => C:\Program Files\Vista Drive Icon\DrvIcon.exe [45056 2007-07-04] (artArmin) HKLM\...\Run: [intelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [995328 2007-10-08] (Intel Corporation) HKLM\...\Run: [intelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [1101824 2007-10-08] (Intel Corporation) HKLM\...\Run: [sigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.) HKLM\...\Run: [start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [93208 2007-09-25] (Logitech Inc.) HKLM\...\Run: [DellSupportCenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.) HKLM\...\Run: [bluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-03-12] (Microsoft Corporation) HKLM\...\Run: [VX3000] => C:\WINDOWS\vVX3000.exe [762736 2010-03-12] (Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2010-09-24] (Apple Inc.) HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2007-11-15] ( ) HKLM\...\Run: [nmctxth] => C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [647216 2009-07-07] (Cisco Systems, Inc.) HKLM\...\Run: [nmapp] => C:\Program Files\Pure Networks\Network Magic\nmapp.exe [472112 2009-07-08] (Cisco Systems, Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-31] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated) HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [13594624 2009-01-30] (NVIDIA Corporation) HKLM\...\Run: [nwiz] => nwiz.exe /installquiet HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMCTray.dll [86016 2009-01-30] (NVIDIA Corporation) HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.) HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\a-squared Anti-Malware <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-4019432250-2554700710-3371862737-1005\...\Run: [ModemOnHold] => C:\Program Files\NetWaiting\netWaiting.exe [20480 2003-09-10] () HKU\S-1-5-21-4019432250-2554700710-3371862737-1005\...\Run: [DellSupport] => C:\Program Files\DellSupport\DSAgnt.exe [460784 2007-03-15] (Gteko Ltd.) HKU\S-1-5-21-4019432250-2554700710-3371862737-1005\...\Run: [DellSupportCenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.) HKU\S-1-5-21-4019432250-2554700710-3371862737-1005\...\Run: [MtdAcqu] => C:\Program Files\Creative\MediaSource5\MtdAcqu.exe [278528 2006-03-08] (Creative Technology Ltd) HKU\S-1-5-21-4019432250-2554700710-3371862737-1005\...\Run: [CTSyncU.exe] => C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [868352 2007-07-17] () HKU\S-1-5-21-4019432250-2554700710-3371862737-1005\...\MountPoints2: {361ac05d-0e0d-11da-9aa9-806d6172696f} - E:\setup.exe Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HD Writer.lnk ShortcutTarget: HD Writer.lnk -> C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) Startup: C:\Documents and Settings\Robert\Start Menu\Programs\Startup\explorer.lnk ShortcutTarget: explorer.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\9F41D2~1\zsqmjir.cpp (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-usuk/en/side.html?channel=uk HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/hws/sb/dell-usuk/en/side.html?channel=uk SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={099FA2F5-3E20-4B4F-85D3-4ACFCF020153}&mid=6a3d6938c6adeff476f905ad02076ada-8257dde5713734d7a72b596e9dbb5e3624dc7f62〈=en&ds=AVG&pr=pr&d=2011-11-23 13:24:01&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKCU - {5CDDF215-D517-4439-A309-976BA113E827} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta= SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={099FA2F5-3E20-4B4F-85D3-4ACFCF020153}&mid=6a3d6938c6adeff476f905ad02076ada-8257dde5713734d7a72b596e9dbb5e3624dc7f62〈=en&ds=AVG&pr=pr&d=2011-11-23 13:24:01&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80132&lng=en BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll No File BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} https://register.btinternet.com/templates/btmailcontrol013.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} https://register.btinternet.com/templates/btwebcontrol028.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/softwareupdate/su/ocx/15102/CTPID.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 213.120.234.66 213.120.234.26 FireFox: ======== FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll No File FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-02-13] Chrome: ======= CHR StartupUrls: "https://www.google.co.uk/" CHR DefaultSearchKeyword: google.co.uk CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll No File CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Extension: (Google Docs) - C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-01] CHR Extension: (Google Drive) - C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-01] CHR Extension: (YouTube) - C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-01] CHR Extension: (Google Search) - C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-01] CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe [2013-07-01] CHR Extension: (CnC TA Script Collection) - C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmhpmdclklpgfcpoiomjofgfagenmgeo [2013-07-06] CHR Extension: (Google Wallet) - C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (Gmail) - C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-01] ========================== Services (Whitelisted) ================= S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-09-01] () R2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1432080 2013-10-23] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.) S3 bgsvcgen; C:\WINDOWS\system32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation) R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] () R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-05-04] (Sun Microsystems, Inc.) R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation) R2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [380928 2006-09-08] (Dell Inc.) R2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2008-06-15] () R2 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [647216 2012-08-31] (Cisco Systems, Inc.) R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [1183744 2007-10-08] (Intel Corporation ) S4 SmcService; C:\Program Files\Sygate\SPF\smc.exe [2532576 2004-08-13] (Sygate Technologies, Inc.) R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.) S3 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X] S2 winmgmt; C:\DOCUME~1\ALLUSE~1\APPLIC~1\9F41D2AFCA7D4B568B2345244A2975FD\zsqmjir.cpp [X] ==================== Drivers (Whitelisted) ==================== S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2007-12-24] (Cisco Systems, Inc.) R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [182072 2014-04-15] (AVG Technologies CZ, s.r.o.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R1 cdrbsdrv; C:\WINDOWS\system32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation) S3 ENTECH; C:\WINDOWS\system32\DRIVERS\ENTECH.sys [21664 2004-10-25] (EnTech Taiwan) R1 fanio; C:\WINDOWS\system32\drivers\fanio.sys [14464 2007-02-16] (Christian Diefer) R3 guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [61312 2007-01-28] (O2Micro) S3 hcw95bda; C:\WINDOWS\System32\Drivers\hcw95bda.sys [467456 2007-06-04] (Hauppauge Computer Works, Inc.) S3 hcw95rc; C:\WINDOWS\System32\DRIVERS\hcw95rc.sys [15488 2007-06-04] (Hauppauge Computer Works, Inc.) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2004-12-16] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-12-16] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-12-16] (HP) S3 Jukebox3; C:\WINDOWS\System32\DRIVERS\ctpdusb.sys [17280 2006-01-19] (Creative Technology Ltd.) R3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28432 2007-09-21] (Logitech, Inc.) S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 NETw3x32; C:\WINDOWS\System32\DRIVERS\NETw3x32.sys [1711104 2006-10-16] (Intel® Corporation) R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2236032 2007-09-26] (Intel Corporation) R2 pnarp; C:\WINDOWS\System32\DRIVERS\pnarp.sys [25392 2009-07-07] (Cisco Systems, Inc.) R1 PQNTDrv; C:\WINDOWS\system32\Drivers\PQNTDrv.sys [4228 2002-09-16] (PowerQuest Corporation) R2 purendis; C:\WINDOWS\System32\DRIVERS\purendis.sys [26672 2009-07-07] (Cisco Systems, Inc.) R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12288 2007-08-27] (Intel Corporation) R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.) R2 wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [14240 2004-08-10] (Sygate Technologies, Inc.) R2 wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [14240 2004-08-10] (Sygate Technologies, Inc.) R2 wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [14240 2004-08-10] (Sygate Technologies, Inc.) R2 wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [14240 2004-08-10] (Sygate Technologies, Inc.) R3 WmBEnum; C:\WINDOWS\System32\drivers\WmBEnum.sys [19352 2007-09-13] (Logitech Inc.) S3 WmFilter; C:\WINDOWS\System32\drivers\WmFilter.sys [29976 2007-09-13] (Logitech Inc.) S3 WmVirHid; C:\WINDOWS\System32\drivers\WmVirHid.sys [14744 2007-09-13] (Logitech Inc.) R3 WmXlCore; C:\WINDOWS\System32\drivers\WmXlCore.sys [51608 2007-09-13] (Logitech Inc.) S3 AFGMp50; System32\Drivers\AFGMp50.sys [X] S3 AFGSp50; System32\Drivers\AFGSp50.sys [X] U4 Avgfwdx; system32\DRIVERS\avgfwdx.sys [X] S3 motccgp; system32\DRIVERS\motccgp.sys [X] S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X] S3 MotDev; system32\DRIVERS\motodrv.sys [X] S1 OMCI; \??\C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S3 SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys [X] S3 sxuptp; system32\DRIVERS\sxuptp.sys [X] S0 Teefer; SYSTEM32\Drivers\Teefer.sys [X] S4 vsdatant; [X] S1 wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys [X] U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation) ==================== One Month Created Files and Folders ======== 2014-06-03 00:21 - 2014-06-03 00:21 - 00027975 _____ () C:\Documents and Settings\Robert\Desktop\FRST.txt 2014-06-03 00:16 - 2014-06-03 00:16 - 01059840 _____ (Farbar) C:\Documents and Settings\Robert\Desktop\FRST.exe 2014-06-03 00:11 - 2014-06-03 00:21 - 00000000 ____D () C:\FRST 2014-06-02 22:31 - 2014-06-02 22:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ParetoLogic 2014-06-02 22:13 - 2014-06-02 22:13 - 00000000 ____D () C:\AVGTemp 2014-06-02 19:07 - 2014-06-02 19:07 - 00000000 ____D () C:\WINDOWS\LastGood 2014-06-02 18:00 - 2014-06-02 18:00 - 00000000 ____D () C:\RegBackup 2014-06-02 17:58 - 2008-04-13 19:46 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\61883.sys 2014-06-02 17:58 - 2008-04-13 19:40 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\4mmdat.sys 2014-06-02 17:58 - 2004-08-03 22:32 - 00231552 _____ (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\ac97ali.sys 2014-06-02 17:58 - 2004-08-03 22:32 - 00084480 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\dllcache\ac97via.sys 2014-06-02 17:58 - 2001-08-17 22:36 - 00462848 _____ (Aureal Inc.) C:\WINDOWS\system32\dllcache\a3dapi.dll 2014-06-02 17:58 - 2001-08-17 22:36 - 00098304 _____ (Aureal Semiconductor) C:\WINDOWS\system32\dllcache\a3d.dll 2014-06-02 17:58 - 2001-08-17 22:36 - 00061440 _____ (Color Flatbed Scanner) C:\WINDOWS\system32\dllcache\acerscad.dll 2014-06-02 17:58 - 2001-08-17 14:55 - 00689216 _____ (3dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\3dfxvs.dll 2014-06-02 17:58 - 2001-08-17 14:55 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\8514a.dll 2014-06-02 17:58 - 2001-08-17 14:06 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\1394vdbg.sys 2014-06-02 17:58 - 2001-08-17 13:53 - 00007424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\adicvls.sys 2014-06-02 17:58 - 2001-08-17 13:28 - 00762780 _____ (3Com, Inc.) C:\WINDOWS\system32\dllcache\3cwmcru.sys 2014-06-02 17:58 - 2001-08-17 12:48 - 00148352 _____ (3dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\3dfxvsm.sys 2014-06-02 17:58 - 2001-08-17 12:20 - 00297728 _____ (Silicon Integrated Systems Corp.) C:\WINDOWS\system32\dllcache\ac97sis.sys 2014-06-02 17:58 - 2001-08-17 12:20 - 00096256 _____ (Intel Corporation) C:\WINDOWS\system32\dllcache\ac97intc.sys 2014-06-02 17:58 - 2001-08-17 12:11 - 00020160 _____ (ADMtek Incorporated) C:\WINDOWS\system32\dllcache\adm8511.sys 2014-06-02 17:54 - 2004-08-10 06:00 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iisui.dll 2014-06-02 17:54 - 2004-08-10 06:00 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetsloc.dll 2014-06-02 17:54 - 2004-08-10 06:00 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetmgr.exe 2014-06-02 17:54 - 2004-08-10 06:00 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wamregps.dll 2014-06-02 17:54 - 2001-08-17 14:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\s3legacy.dll 2014-06-02 17:53 - 2004-08-10 06:00 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\certmap.ocx 2014-06-02 17:53 - 2004-08-10 06:00 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iisreset.exe 2014-06-02 17:53 - 2004-08-10 06:00 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ftpsapi2.dll 2014-06-02 17:53 - 2004-08-10 06:00 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iisrstap.dll 2014-06-02 17:49 - 2014-06-02 18:14 - 00012295 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-3976-F.txt 2014-06-02 17:21 - 2014-06-02 17:21 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-06-02 17:21 - 2014-06-02 17:21 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-06-02 17:21 - 2014-06-02 17:21 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Malwarebytes 2014-06-02 17:21 - 2014-06-02 17:21 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2014-06-02 17:21 - 2014-06-02 17:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-06-02 17:21 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-06-02 17:14 - 2014-06-02 17:43 - 00011689 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-3232-F.txt 2014-06-02 16:54 - 2014-06-03 00:13 - 00000000 ____D () C:\Documents and Settings\Robert\Desktop\Repair Windows 2014-06-02 16:26 - 2014-06-02 16:26 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy 2014-06-02 16:03 - 2014-06-02 16:03 - 00000000 ____D () C:\Documents and Settings\Robert\Local Settings\Application Data\Avg2014 2014-06-02 15:58 - 2014-06-02 17:10 - 00035189 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-872-F.txt 2014-06-02 15:54 - 2014-06-02 15:55 - 00000623 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-3056-F.txt 2014-06-02 15:22 - 2014-06-02 19:07 - 00025794 _____ () C:\WINDOWS\setupapi.log 2014-06-02 03:45 - 2014-06-02 18:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\9F41D2AFCA7D4B568B2345244A2975FD 2014-05-29 21:28 - 2014-05-29 21:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG ==================== One Month Modified Files and Folders ======= 2014-06-03 00:21 - 2014-06-03 00:21 - 00027975 _____ () C:\Documents and Settings\Robert\Desktop\FRST.txt 2014-06-03 00:21 - 2014-06-03 00:11 - 00000000 ____D () C:\FRST 2014-06-03 00:21 - 2007-12-03 19:59 - 00000000 ____D () C:\Documents and Settings\Robert\Local Settings\Temp 2014-06-03 00:16 - 2014-06-03 00:16 - 01059840 _____ (Farbar) C:\Documents and Settings\Robert\Desktop\FRST.exe 2014-06-03 00:13 - 2014-06-02 16:54 - 00000000 ____D () C:\Documents and Settings\Robert\Desktop\Repair Windows 2014-06-03 00:08 - 2010-10-25 17:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData 2014-06-02 23:37 - 2012-12-22 18:42 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-02 23:37 - 2012-12-22 18:42 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-02 23:36 - 2005-08-16 05:40 - 01187460 _____ () C:\WINDOWS\WindowsUpdate.log 2014-06-02 22:35 - 2014-06-02 22:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ParetoLogic 2014-06-02 22:13 - 2014-06-02 22:13 - 00000000 ____D () C:\AVGTemp 2014-06-02 22:07 - 2012-07-14 01:13 - 00031966 _____ () C:\WINDOWS\system32\nvModes.001 2014-06-02 19:07 - 2014-06-02 19:07 - 00000000 ____D () C:\WINDOWS\LastGood 2014-06-02 19:07 - 2014-06-02 15:22 - 00025794 _____ () C:\WINDOWS\setupapi.log 2014-06-02 19:07 - 2007-11-29 11:17 - 00000000 ____D () C:\MDT 2014-06-02 19:07 - 2005-08-16 05:38 - 00000000 ____D () C:\WINDOWS\Registration 2014-06-02 19:06 - 2007-12-24 21:13 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-06-02 19:06 - 2007-12-24 21:13 - 00000048 _____ () C:\WINDOWS\wiaservc.log 2014-06-02 19:05 - 2014-03-12 21:26 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-06-02 19:05 - 2012-07-14 01:00 - 00194401 _____ () C:\WINDOWS\system32\nvapps.xml 2014-06-02 19:05 - 2005-08-16 05:49 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-06-02 19:04 - 2005-08-16 05:49 - 00032534 _____ () C:\WINDOWS\SchedLgU.Txt 2014-06-02 19:04 - 2005-08-16 05:22 - 00000000 ____D () C:\WINDOWS\security 2014-06-02 18:24 - 2007-12-03 19:59 - 00000178 ___SH () C:\Documents and Settings\Robert\ntuser.ini 2014-06-02 18:14 - 2014-06-02 17:49 - 00012295 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-3976-F.txt 2014-06-02 18:13 - 2014-06-02 03:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\9F41D2AFCA7D4B568B2345244A2975FD 2014-06-02 18:00 - 2014-06-02 18:00 - 00000000 ____D () C:\RegBackup 2014-06-02 17:43 - 2014-06-02 17:14 - 00011689 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-3232-F.txt 2014-06-02 17:21 - 2014-06-02 17:21 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-06-02 17:21 - 2014-06-02 17:21 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-06-02 17:21 - 2014-06-02 17:21 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Malwarebytes 2014-06-02 17:21 - 2014-06-02 17:21 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2014-06-02 17:21 - 2014-06-02 17:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-06-02 17:10 - 2014-06-02 15:58 - 00035189 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-872-F.txt 2014-06-02 16:26 - 2014-06-02 16:26 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy 2014-06-02 16:03 - 2014-06-02 16:03 - 00000000 ____D () C:\Documents and Settings\Robert\Local Settings\Application Data\Avg2014 2014-06-02 15:55 - 2014-06-02 15:54 - 00000623 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-3056-F.txt 2014-06-02 15:21 - 2011-02-16 18:10 - 00000000 ____D () C:\Documents and Settings\Robert\Desktop\MEDIA 2014-06-02 15:21 - 2011-02-16 18:07 - 00000000 ____D () C:\Documents and Settings\Robert\Desktop\TOOLS 2014-06-02 15:21 - 2007-12-04 23:22 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG Free Edition 2014-06-02 15:08 - 2009-06-25 18:51 - 00000000 ____D () C:\WINDOWS\Minidump 2014-05-29 21:28 - 2014-05-29 21:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2014-05-29 21:28 - 2013-01-29 13:34 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\Antivirus.lnk 2014-05-29 21:21 - 2005-08-16 05:18 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-05-22 22:40 - 2013-07-01 14:12 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2014-05-15 03:03 - 2013-07-11 23:10 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-05-15 03:00 - 2007-12-05 19:43 - 90547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-05-08 15:00 - 2014-03-12 21:26 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job Some content of TEMP: ==================== C:\Documents and Settings\Robert\Local Settings\Temp\mbam-setup.exe C:\Documents and Settings\Robert\Local Settings\Temp\UNINSTALL.EXE ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit Additional scan result of Farbar Recovery Scan Tool (x86) Version:02-06-2014 Ran by Robert at 2014-06-03 00:21:23 Running from C:\Documents and Settings\Robert\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ========================