Jump to content

Prowler690

Members
 View Profile  See their activity

  • Posts

    17

  • Joined

  • Last visited

 Content Type 

Everything posted by Prowler690

  1. Prowler690
    I have run Delfix and will keep the registry backup, also keeping MalwareBytes Anti-Malware on the system but will update it before using again but my first port of call if I have another issue will be here. Thank you for all the help Kevin we can close out and I will look into a donation.
  2. Prowler690
    Full scan carried out with AVG - no threats found
  3. Prowler690
    Top link has expired security cert and the other has no English version by the looks of it.
  4. Prowler690
    What will the reset system settings in Erunt do, that makes me a little nervous.
  5. Prowler690
    WIFI is also now working, damn that was a nasty piece of work that malware and I thought I was careful this being my first brush with anything that actually caused issues but lesson learned I assure you. I will await your advice on cleaning up the excellent tools we have been using and express my deepest thanks to you Kevin you have made a Geordie very happy.
  6. Prowler690
    Reinstalling AVG seems to have resolved it's problems, updated to latest database version fine and all protection is active, I think we have a heartbeat. Shall I uninstall all the programs we have used now? Then I guess I will confirm if my WIFI card has indeed gone pop and find out if it's cheaper to get a new laptop anyway after all this.
  7. Prowler690
    Will do, won't be long.
  8. Prowler690
    Avg is in the taskbar but still with it's alert for firewall reboot neeeded active, I tried to get it to update and it reports a fail due to corrupted installation. I think I should uninstall and reinstall (I have my product key) do you concur?
  9. Prowler690
    I'll do a restart and see if it settles, I'll report back in a few minutes.
  10. Prowler690
    Changed settings, updated and rerun scan :- Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.06.03.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Robert :: LAPTOP [administrator] 04/06/2014 00:05:58 mbam-log-2014-06-04 (00-05-58).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 309867 Time elapsed: 14 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  11. Prowler690
    Here is the latest fixlog and TDSKiller text document. AVG is asking for a restart for the firewall I did do this once but AVG still asks for a reboot, I'll keep postponing it till we have the all clear then remove and reinstall AVG if necessary. Fixlog.txt TDSSKiller.txt
  12. Prowler690
    RogueKiller still will not run without crashing the system it gets to it's splash screen and 2 sec later the system crashes. I have rerun the FRST scan again and here are the logs. FRST.txt Addition.txt
  13. Prowler690
    AVG returned to the task tray and asked for a restart related to firewall protection, I postponed it for now but on running RogueKiller the laptop bluescreened with the Windows stopped to prevent damage, performing physical dump of memory message. Here is the fixlog and I will try running RogueKiller again. Fixlog.txt
  14. Prowler690
    Couldnt edit sorry for double posting, the addition text file was created on the desktop, the last 4 lines of the report above are all it contained.
  15. Prowler690
    The folder is empty.
  16. Prowler690
    Hi Kevin, here are the reports but I noted that FRST seemed to freeze as it produced the reports and needed CTRL/ALT/DEL to end the process (I ran it twice to be sure) the file displayed as being listed was called ~nsu.tmp. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-06-2014 Ran by Robert (administrator) on LAPTOP on 03-06-2014 00:21:00 Running from C:\Documents and Settings\Robert\Desktop Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe (Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe (Dell Inc) C:\Program Files\Dell\QuickSet\quickset.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe (artArmin) C:\Program Files\Vista Drive Icon\DrvIcon.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe (Microsoft Corporation) C:\WINDOWS\vVX3000.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.) C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Gteko Ltd.) C:\Program Files\DellSupport\DSAgnt.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgfws.exe (Creative Technology Ltd) C:\Program Files\Creative\MediaSource5\MtdAcqu.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe (BVRP Software) C:\Program Files\Digital Line Detect\DLG.exe (Panasonic Corporation) C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe (Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE (Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe (Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe () C:\Program Files\CDBurnerXP\NMSAccessU.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe (Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe (Intel Corporation) C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [67584 2005-09-29] (Microsoft Corporation) HKLM\...\Run: [NVHotkey] => C:\WINDOWS\system32\nvHotkey.dll [90112 2009-01-30] (NVIDIA Corporation) HKLM\...\Run: [Dell QuickSet] => C:\Program Files\Dell\QuickSet\quickset.exe [1036288 2006-09-08] (Dell Inc) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761947 2006-03-08] (Synaptics, Inc.) HKLM\...\Run: [iSUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation) HKLM\...\Run: [iSUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation) HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2007-05-02] (CyberLink Corp.) HKLM\...\Run: [smcService] => C:\Program Files\Sygate\SPF\Smc.exe [2532576 2004-08-13] (Sygate Technologies, Inc.) HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\WINDOWS\KHALMNPR.EXE [55824 2007-09-21] (Logitech, Inc.) HKLM\...\Run: [DrvIcon] => C:\Program Files\Vista Drive Icon\DrvIcon.exe [45056 2007-07-04] (artArmin) HKLM\...\Run: [intelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [995328 2007-10-08] (Intel Corporation) HKLM\...\Run: [intelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [1101824 2007-10-08] (Intel Corporation) HKLM\...\Run: [sigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.) HKLM\...\Run: [start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [93208 2007-09-25] (Logitech Inc.) HKLM\...\Run: [DellSupportCenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.) HKLM\...\Run: [bluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-03-12] (Microsoft Corporation) HKLM\...\Run: [VX3000] => C:\WINDOWS\vVX3000.exe [762736 2010-03-12] (Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2010-09-24] (Apple Inc.) HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2007-11-15] ( ) HKLM\...\Run: [nmctxth] => C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [647216 2009-07-07] (Cisco Systems, Inc.) HKLM\...\Run: [nmapp] => C:\Program Files\Pure Networks\Network Magic\nmapp.exe [472112 2009-07-08] (Cisco Systems, Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-31] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated) HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [13594624 2009-01-30] (NVIDIA Corporation) HKLM\...\Run: [nwiz] => nwiz.exe /installquiet HKLM\...\Run: [NvMediaCenter] => C:\WINDOWS\system32\NvMCTray.dll [86016 2009-01-30] (NVIDIA Corporation) HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.) HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\a-squared Anti-Malware <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-4019432250-2554700710-3371862737-1005\...\Run: [ModemOnHold] => C:\Program Files\NetWaiting\netWaiting.exe [20480 2003-09-10] () HKU\S-1-5-21-4019432250-2554700710-3371862737-1005\...\Run: [DellSupport] => C:\Program Files\DellSupport\DSAgnt.exe [460784 2007-03-15] (Gteko Ltd.) HKU\S-1-5-21-4019432250-2554700710-3371862737-1005\...\Run: [DellSupportCenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.) HKU\S-1-5-21-4019432250-2554700710-3371862737-1005\...\Run: [MtdAcqu] => C:\Program Files\Creative\MediaSource5\MtdAcqu.exe [278528 2006-03-08] (Creative Technology Ltd) HKU\S-1-5-21-4019432250-2554700710-3371862737-1005\...\Run: [CTSyncU.exe] => C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [868352 2007-07-17] () HKU\S-1-5-21-4019432250-2554700710-3371862737-1005\...\MountPoints2: {361ac05d-0e0d-11da-9aa9-806d6172696f} - E:\setup.exe Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HD Writer.lnk ShortcutTarget: HD Writer.lnk -> C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) Startup: C:\Documents and Settings\Robert\Start Menu\Programs\Startup\explorer.lnk ShortcutTarget: explorer.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\9F41D2~1\zsqmjir.cpp (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-usuk/en/side.html?channel=uk HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/hws/sb/dell-usuk/en/side.html?channel=uk SearchScopes: HKLM - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={099FA2F5-3E20-4B4F-85D3-4ACFCF020153}&mid=6a3d6938c6adeff476f905ad02076ada-8257dde5713734d7a72b596e9dbb5e3624dc7f62〈=en&ds=AVG&pr=pr&d=2011-11-23 13:24:01&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKCU - {5CDDF215-D517-4439-A309-976BA113E827} URL = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta= SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={099FA2F5-3E20-4B4F-85D3-4ACFCF020153}&mid=6a3d6938c6adeff476f905ad02076ada-8257dde5713734d7a72b596e9dbb5e3624dc7f62〈=en&ds=AVG&pr=pr&d=2011-11-23 13:24:01&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms} SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80132&lng=en BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll No File BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab DPF: {71057C18-0507-4747-86BC-E11CE7512C5F} https://register.btinternet.com/templates/btmailcontrol013.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} https://register.btinternet.com/templates/btwebcontrol028.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/softwareupdate/su/ocx/15102/CTPID.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 213.120.234.66 213.120.234.26 FireFox: ======== FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll No File FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-02-13] Chrome: ======= CHR StartupUrls: "https://www.google.co.uk/" CHR DefaultSearchKeyword: google.co.uk CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll No File CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Extension: (Google Docs) - C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-01] CHR Extension: (Google Drive) - C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-01] CHR Extension: (YouTube) - C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-01] CHR Extension: (Google Search) - C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-01] CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe [2013-07-01] CHR Extension: (CnC TA Script Collection) - C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmhpmdclklpgfcpoiomjofgfagenmgeo [2013-07-06] CHR Extension: (Google Wallet) - C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21] CHR Extension: (Gmail) - C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-01] ========================== Services (Whitelisted) ================= S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-09-01] () R2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1432080 2013-10-23] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.) S3 bgsvcgen; C:\WINDOWS\system32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation) R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] () R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-05-04] (Sun Microsystems, Inc.) R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation) R2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [380928 2006-09-08] (Dell Inc.) R2 NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2008-06-15] () R2 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [647216 2012-08-31] (Cisco Systems, Inc.) R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [1183744 2007-10-08] (Intel Corporation ) S4 SmcService; C:\Program Files\Sygate\SPF\smc.exe [2532576 2004-08-13] (Sygate Technologies, Inc.) R2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.) S3 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X] S2 winmgmt; C:\DOCUME~1\ALLUSE~1\APPLIC~1\9F41D2AFCA7D4B568B2345244A2975FD\zsqmjir.cpp [X] ==================== Drivers (Whitelisted) ==================== S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2007-12-24] (Cisco Systems, Inc.) R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [182072 2014-04-15] (AVG Technologies CZ, s.r.o.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R1 cdrbsdrv; C:\WINDOWS\system32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation) S3 ENTECH; C:\WINDOWS\system32\DRIVERS\ENTECH.sys [21664 2004-10-25] (EnTech Taiwan) R1 fanio; C:\WINDOWS\system32\drivers\fanio.sys [14464 2007-02-16] (Christian Diefer) R3 guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [61312 2007-01-28] (O2Micro) S3 hcw95bda; C:\WINDOWS\System32\Drivers\hcw95bda.sys [467456 2007-06-04] (Hauppauge Computer Works, Inc.) S3 hcw95rc; C:\WINDOWS\System32\DRIVERS\hcw95rc.sys [15488 2007-06-04] (Hauppauge Computer Works, Inc.) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2004-12-16] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-12-16] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-12-16] (HP) S3 Jukebox3; C:\WINDOWS\System32\DRIVERS\ctpdusb.sys [17280 2006-01-19] (Creative Technology Ltd.) R3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28432 2007-09-21] (Logitech, Inc.) S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 NETw3x32; C:\WINDOWS\System32\DRIVERS\NETw3x32.sys [1711104 2006-10-16] (Intel® Corporation) R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2236032 2007-09-26] (Intel Corporation) R2 pnarp; C:\WINDOWS\System32\DRIVERS\pnarp.sys [25392 2009-07-07] (Cisco Systems, Inc.) R1 PQNTDrv; C:\WINDOWS\system32\Drivers\PQNTDrv.sys [4228 2002-09-16] (PowerQuest Corporation) R2 purendis; C:\WINDOWS\System32\DRIVERS\purendis.sys [26672 2009-07-07] (Cisco Systems, Inc.) R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12288 2007-08-27] (Intel Corporation) R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.) R2 wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [14240 2004-08-10] (Sygate Technologies, Inc.) R2 wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [14240 2004-08-10] (Sygate Technologies, Inc.) R2 wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [14240 2004-08-10] (Sygate Technologies, Inc.) R2 wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [14240 2004-08-10] (Sygate Technologies, Inc.) R3 WmBEnum; C:\WINDOWS\System32\drivers\WmBEnum.sys [19352 2007-09-13] (Logitech Inc.) S3 WmFilter; C:\WINDOWS\System32\drivers\WmFilter.sys [29976 2007-09-13] (Logitech Inc.) S3 WmVirHid; C:\WINDOWS\System32\drivers\WmVirHid.sys [14744 2007-09-13] (Logitech Inc.) R3 WmXlCore; C:\WINDOWS\System32\drivers\WmXlCore.sys [51608 2007-09-13] (Logitech Inc.) S3 AFGMp50; System32\Drivers\AFGMp50.sys [X] S3 AFGSp50; System32\Drivers\AFGSp50.sys [X] U4 Avgfwdx; system32\DRIVERS\avgfwdx.sys [X] S3 motccgp; system32\DRIVERS\motccgp.sys [X] S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X] S3 MotDev; system32\DRIVERS\motodrv.sys [X] S1 OMCI; \??\C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S3 SDDMI2; \??\C:\WINDOWS\system32\DDMI2.sys [X] S3 sxuptp; system32\DRIVERS\sxuptp.sys [X] S0 Teefer; SYSTEM32\Drivers\Teefer.sys [X] S4 vsdatant; [X] S1 wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys [X] U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation) ==================== One Month Created Files and Folders ======== 2014-06-03 00:21 - 2014-06-03 00:21 - 00027975 _____ () C:\Documents and Settings\Robert\Desktop\FRST.txt 2014-06-03 00:16 - 2014-06-03 00:16 - 01059840 _____ (Farbar) C:\Documents and Settings\Robert\Desktop\FRST.exe 2014-06-03 00:11 - 2014-06-03 00:21 - 00000000 ____D () C:\FRST 2014-06-02 22:31 - 2014-06-02 22:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ParetoLogic 2014-06-02 22:13 - 2014-06-02 22:13 - 00000000 ____D () C:\AVGTemp 2014-06-02 19:07 - 2014-06-02 19:07 - 00000000 ____D () C:\WINDOWS\LastGood 2014-06-02 18:00 - 2014-06-02 18:00 - 00000000 ____D () C:\RegBackup 2014-06-02 17:58 - 2008-04-13 19:46 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\61883.sys 2014-06-02 17:58 - 2008-04-13 19:40 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\4mmdat.sys 2014-06-02 17:58 - 2004-08-03 22:32 - 00231552 _____ (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\ac97ali.sys 2014-06-02 17:58 - 2004-08-03 22:32 - 00084480 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\dllcache\ac97via.sys 2014-06-02 17:58 - 2001-08-17 22:36 - 00462848 _____ (Aureal Inc.) C:\WINDOWS\system32\dllcache\a3dapi.dll 2014-06-02 17:58 - 2001-08-17 22:36 - 00098304 _____ (Aureal Semiconductor) C:\WINDOWS\system32\dllcache\a3d.dll 2014-06-02 17:58 - 2001-08-17 22:36 - 00061440 _____ (Color Flatbed Scanner) C:\WINDOWS\system32\dllcache\acerscad.dll 2014-06-02 17:58 - 2001-08-17 14:55 - 00689216 _____ (3dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\3dfxvs.dll 2014-06-02 17:58 - 2001-08-17 14:55 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\8514a.dll 2014-06-02 17:58 - 2001-08-17 14:06 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\1394vdbg.sys 2014-06-02 17:58 - 2001-08-17 13:53 - 00007424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\adicvls.sys 2014-06-02 17:58 - 2001-08-17 13:28 - 00762780 _____ (3Com, Inc.) C:\WINDOWS\system32\dllcache\3cwmcru.sys 2014-06-02 17:58 - 2001-08-17 12:48 - 00148352 _____ (3dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\3dfxvsm.sys 2014-06-02 17:58 - 2001-08-17 12:20 - 00297728 _____ (Silicon Integrated Systems Corp.) C:\WINDOWS\system32\dllcache\ac97sis.sys 2014-06-02 17:58 - 2001-08-17 12:20 - 00096256 _____ (Intel Corporation) C:\WINDOWS\system32\dllcache\ac97intc.sys 2014-06-02 17:58 - 2001-08-17 12:11 - 00020160 _____ (ADMtek Incorporated) C:\WINDOWS\system32\dllcache\adm8511.sys 2014-06-02 17:54 - 2004-08-10 06:00 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iisui.dll 2014-06-02 17:54 - 2004-08-10 06:00 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetsloc.dll 2014-06-02 17:54 - 2004-08-10 06:00 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetmgr.exe 2014-06-02 17:54 - 2004-08-10 06:00 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wamregps.dll 2014-06-02 17:54 - 2001-08-17 14:56 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\s3legacy.dll 2014-06-02 17:53 - 2004-08-10 06:00 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\certmap.ocx 2014-06-02 17:53 - 2004-08-10 06:00 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iisreset.exe 2014-06-02 17:53 - 2004-08-10 06:00 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ftpsapi2.dll 2014-06-02 17:53 - 2004-08-10 06:00 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iisrstap.dll 2014-06-02 17:49 - 2014-06-02 18:14 - 00012295 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-3976-F.txt 2014-06-02 17:21 - 2014-06-02 17:21 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-06-02 17:21 - 2014-06-02 17:21 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-06-02 17:21 - 2014-06-02 17:21 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Malwarebytes 2014-06-02 17:21 - 2014-06-02 17:21 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2014-06-02 17:21 - 2014-06-02 17:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-06-02 17:21 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-06-02 17:14 - 2014-06-02 17:43 - 00011689 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-3232-F.txt 2014-06-02 16:54 - 2014-06-03 00:13 - 00000000 ____D () C:\Documents and Settings\Robert\Desktop\Repair Windows 2014-06-02 16:26 - 2014-06-02 16:26 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy 2014-06-02 16:03 - 2014-06-02 16:03 - 00000000 ____D () C:\Documents and Settings\Robert\Local Settings\Application Data\Avg2014 2014-06-02 15:58 - 2014-06-02 17:10 - 00035189 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-872-F.txt 2014-06-02 15:54 - 2014-06-02 15:55 - 00000623 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-3056-F.txt 2014-06-02 15:22 - 2014-06-02 19:07 - 00025794 _____ () C:\WINDOWS\setupapi.log 2014-06-02 03:45 - 2014-06-02 18:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\9F41D2AFCA7D4B568B2345244A2975FD 2014-05-29 21:28 - 2014-05-29 21:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG ==================== One Month Modified Files and Folders ======= 2014-06-03 00:21 - 2014-06-03 00:21 - 00027975 _____ () C:\Documents and Settings\Robert\Desktop\FRST.txt 2014-06-03 00:21 - 2014-06-03 00:11 - 00000000 ____D () C:\FRST 2014-06-03 00:21 - 2007-12-03 19:59 - 00000000 ____D () C:\Documents and Settings\Robert\Local Settings\Temp 2014-06-03 00:16 - 2014-06-03 00:16 - 01059840 _____ (Farbar) C:\Documents and Settings\Robert\Desktop\FRST.exe 2014-06-03 00:13 - 2014-06-02 16:54 - 00000000 ____D () C:\Documents and Settings\Robert\Desktop\Repair Windows 2014-06-03 00:08 - 2010-10-25 17:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData 2014-06-02 23:37 - 2012-12-22 18:42 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-02 23:37 - 2012-12-22 18:42 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-02 23:36 - 2005-08-16 05:40 - 01187460 _____ () C:\WINDOWS\WindowsUpdate.log 2014-06-02 22:35 - 2014-06-02 22:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ParetoLogic 2014-06-02 22:13 - 2014-06-02 22:13 - 00000000 ____D () C:\AVGTemp 2014-06-02 22:07 - 2012-07-14 01:13 - 00031966 _____ () C:\WINDOWS\system32\nvModes.001 2014-06-02 19:07 - 2014-06-02 19:07 - 00000000 ____D () C:\WINDOWS\LastGood 2014-06-02 19:07 - 2014-06-02 15:22 - 00025794 _____ () C:\WINDOWS\setupapi.log 2014-06-02 19:07 - 2007-11-29 11:17 - 00000000 ____D () C:\MDT 2014-06-02 19:07 - 2005-08-16 05:38 - 00000000 ____D () C:\WINDOWS\Registration 2014-06-02 19:06 - 2007-12-24 21:13 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-06-02 19:06 - 2007-12-24 21:13 - 00000048 _____ () C:\WINDOWS\wiaservc.log 2014-06-02 19:05 - 2014-03-12 21:26 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-06-02 19:05 - 2012-07-14 01:00 - 00194401 _____ () C:\WINDOWS\system32\nvapps.xml 2014-06-02 19:05 - 2005-08-16 05:49 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-06-02 19:04 - 2005-08-16 05:49 - 00032534 _____ () C:\WINDOWS\SchedLgU.Txt 2014-06-02 19:04 - 2005-08-16 05:22 - 00000000 ____D () C:\WINDOWS\security 2014-06-02 18:24 - 2007-12-03 19:59 - 00000178 ___SH () C:\Documents and Settings\Robert\ntuser.ini 2014-06-02 18:14 - 2014-06-02 17:49 - 00012295 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-3976-F.txt 2014-06-02 18:13 - 2014-06-02 03:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\9F41D2AFCA7D4B568B2345244A2975FD 2014-06-02 18:00 - 2014-06-02 18:00 - 00000000 ____D () C:\RegBackup 2014-06-02 17:43 - 2014-06-02 17:14 - 00011689 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-3232-F.txt 2014-06-02 17:21 - 2014-06-02 17:21 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-06-02 17:21 - 2014-06-02 17:21 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2014-06-02 17:21 - 2014-06-02 17:21 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Malwarebytes 2014-06-02 17:21 - 2014-06-02 17:21 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware 2014-06-02 17:21 - 2014-06-02 17:21 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-06-02 17:10 - 2014-06-02 15:58 - 00035189 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-872-F.txt 2014-06-02 16:26 - 2014-06-02 16:26 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy 2014-06-02 16:03 - 2014-06-02 16:03 - 00000000 ____D () C:\Documents and Settings\Robert\Local Settings\Application Data\Avg2014 2014-06-02 15:55 - 2014-06-02 15:54 - 00000623 _____ () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-3056-F.txt 2014-06-02 15:21 - 2011-02-16 18:10 - 00000000 ____D () C:\Documents and Settings\Robert\Desktop\MEDIA 2014-06-02 15:21 - 2011-02-16 18:07 - 00000000 ____D () C:\Documents and Settings\Robert\Desktop\TOOLS 2014-06-02 15:21 - 2007-12-04 23:22 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG Free Edition 2014-06-02 15:08 - 2009-06-25 18:51 - 00000000 ____D () C:\WINDOWS\Minidump 2014-05-29 21:28 - 2014-05-29 21:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2014-05-29 21:28 - 2013-01-29 13:34 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\Antivirus.lnk 2014-05-29 21:21 - 2005-08-16 05:18 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-05-22 22:40 - 2013-07-01 14:12 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2014-05-15 03:03 - 2013-07-11 23:10 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-05-15 03:00 - 2007-12-05 19:43 - 90547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-05-08 15:00 - 2014-03-12 21:26 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job Some content of TEMP: ==================== C:\Documents and Settings\Robert\Local Settings\Temp\mbam-setup.exe C:\Documents and Settings\Robert\Local Settings\Temp\UNINSTALL.EXE ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit Additional scan result of Farbar Recovery Scan Tool (x86) Version:02-06-2014 Ran by Robert at 2014-06-03 00:21:23 Running from C:\Documents and Settings\Robert\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ========================
  17. Prowler690
    I think I have been infected by Malware, my WIFI card may have concidentally failed and during testing I removed and redetected it. At that point AVG 14 (Paid for version) popped up with a threat warning and as normal I clicked remove threat. The AVG icon vanished from the taskbar and now I cannot restart it from the shortcut nor uninstall the program as control panel cannot find the uninstaller but services still shows AVG present. Attempting to reinstall the program from the downloaded .exe fails as it reports already installed. Please help me remove this horrible infection.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.