Jump to content

Possible infection--zero access.TH


retxab
 Share

Recommended Posts

AVG scans indicate I have zero access.TH rootkit in the following file c:\windows\system32\drivers\netbt.sys

 

I need help removing it. The computer cannot access the internet. Attached are the two dds logs.

 

 

 DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.40.2
Run by Barbara at 23:13:09 on 2013-09-20
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2037.1390 [GMT -4:00]
.
AV: AVG update module *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Connection Wizard,ShellNext = iexplore
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.5.0.2\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.5.0.2\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\barbara\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{36193578-B3BB-4AE5-8CE5-BE932DF3AD81} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.5.0\ViProtocol.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\barbara\application data\mozilla\firefox\profiles\jo5flxg6.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\barbara\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\barbara\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\barbara\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\barbara\local settings\application data\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\15.5.0\npsitesafety.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\2.0.31005.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 246072]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-3 37664]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-7-23 283136]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesService32.exe [2013-9-9 1740088]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.5.0\ToolbarUpdater.exe [2013-8-14 1643184]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesDriver32.sys [2013-8-21 12320]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]
S2 gupdate1c9e3ab5e358b90;Google Update Service (gupdate1c9e3ab5e358b90);c:\program files\google\update\GoogleUpdate.exe [2009-6-2 133104]
S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [2011-10-23 11264]
S3 MFE_RR;MFE_RR;\??\c:\docume~1\barbara\locals~1\temp\mfe_rr.sys --> c:\docume~1\barbara\locals~1\temp\mfe_rr.sys [?]
.
=============== Created Last 30 ================
.
2013-09-20 23:41:23 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-20 23:41:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-20 19:34:11 -------- d---a-w- C:\temp
2013-09-12 00:22:26 -------- d-----w- c:\program files\iPod
2013-09-12 00:22:24 -------- d-----w- c:\program files\iTunes
2013-09-12 00:22:24 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-12 00:18:44 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2013-09-12 00:18:44 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2013-09-12 00:18:44 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2013-09-12 00:18:44 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2013-09-12 00:18:44 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2013-09-12 00:18:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-09-12 00:18:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-09-12 00:18:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-09-12 00:18:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-09-12 00:18:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-09-11 15:12:13 -------- d-----w- c:\documents and settings\all users\application data\Nero
2013-09-11 14:34:44 -------- d-----w- c:\documents and settings\barbara\application data\licenses
2013-09-11 14:34:43 -------- d-----w- c:\documents and settings\barbara\application data\PCMM2009
2013-09-11 14:34:39 -------- d-----w- c:\documents and settings\barbara\application data\PCMM2013
2013-09-11 14:34:33 -------- d-----w- c:\documents and settings\barbara\local settings\application data\PC MightyMax 2013
2013-09-11 12:50:22 35640 ----a-w- c:\windows\system32\uxtuneup.dll
2013-09-11 12:49:26 36152 ----a-w- c:\windows\system32\TURegOpt.exe
2013-09-11 12:46:44 -------- d-sh--w- c:\documents and settings\all users\application data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-09-11 12:36:34 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-09-11 12:36:24 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M  ====================
.
2013-09-13 14:43:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-13 14:43:20 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-11 12:36:12 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-11 12:36:12 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-10 05:34:48 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-05 05:43:42 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-08-14 21:13:59 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05:59 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05:59 43520 ------w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05:59 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05:58 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 01:27:48 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 00:02:34 385024 ------w- c:\windows\system32\html.iec
2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 18:18:38 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-20 05:51:00 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-20 05:50:56 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-20 05:50:56 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 05:50:50 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 23:13:52.39 ===============
 
 
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/28/2009 5:08:26 PM
System Uptime: 9/20/2013 11:10:26 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0RY007
Processor: Intel® Core2 Duo CPU     E7400  @ 2.80GHz | Socket 775 | 2792/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 269.528 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1292: 6/23/2013 12:32:56 PM - System Checkpoint
RP1293: 6/25/2013 9:51:40 AM - System Checkpoint
RP1294: 6/26/2013 11:12:56 AM - System Checkpoint
RP1295: 6/27/2013 2:21:23 PM - System Checkpoint
RP1296: 7/2/2013 6:41:30 AM - System Checkpoint
RP1297: 7/3/2013 6:19:51 PM - System Checkpoint
RP1298: 7/4/2013 7:46:02 PM - System Checkpoint
RP1299: 7/6/2013 12:31:53 PM - System Checkpoint
RP1300: 7/7/2013 5:34:56 PM - System Checkpoint
RP1301: 7/8/2013 8:26:04 PM - System Checkpoint
RP1302: 7/10/2013 6:37:07 AM - System Checkpoint
RP1303: 7/11/2013 7:24:34 AM - Software Distribution Service 3.0
RP1304: 7/12/2013 5:43:11 PM - System Checkpoint
RP1305: 7/13/2013 10:39:27 PM - System Checkpoint
RP1306: 7/14/2013 7:20:14 AM - Software Distribution Service 3.0
RP1307: 7/15/2013 9:43:11 AM - System Checkpoint
RP1308: 7/16/2013 11:09:35 PM - System Checkpoint
RP1309: 7/18/2013 12:02:07 PM - System Checkpoint
RP1310: 7/19/2013 1:49:51 PM - System Checkpoint
RP1311: 7/20/2013 6:22:42 PM - System Checkpoint
RP1312: 7/21/2013 7:46:46 PM - System Checkpoint
RP1313: 7/22/2013 7:59:19 PM - System Checkpoint
RP1314: 7/24/2013 12:16:22 AM - System Checkpoint
RP1315: 7/25/2013 1:15:36 PM - System Checkpoint
RP1316: 7/26/2013 3:07:19 PM - System Checkpoint
RP1317: 7/28/2013 12:21:41 AM - System Checkpoint
RP1318: 7/29/2013 7:30:09 AM - System Checkpoint
RP1319: 7/31/2013 10:07:16 AM - System Checkpoint
RP1320: 8/2/2013 6:45:50 AM - System Checkpoint
RP1321: 8/5/2013 11:43:45 AM - System Checkpoint
RP1322: 8/7/2013 7:52:46 PM - System Checkpoint
RP1323: 8/9/2013 10:06:38 PM - System Checkpoint
RP1324: 8/11/2013 10:06:21 AM - System Checkpoint
RP1325: 8/12/2013 2:32:47 PM - System Checkpoint
RP1326: 8/13/2013 3:34:13 PM - System Checkpoint
RP1327: 8/14/2013 5:20:58 PM - System Checkpoint
RP1328: 8/15/2013 7:05:30 AM - Software Distribution Service 3.0
RP1329: 8/16/2013 12:41:25 PM - System Checkpoint
RP1330: 8/19/2013 10:33:47 PM - System Checkpoint
RP1331: 8/22/2013 9:36:57 AM - System Checkpoint
RP1332: 8/23/2013 12:03:58 PM - System Checkpoint
RP1333: 8/24/2013 4:38:11 PM - System Checkpoint
RP1334: 8/26/2013 12:28:10 PM - System Checkpoint
RP1335: 8/27/2013 4:06:39 PM - System Checkpoint
RP1336: 8/28/2013 11:42:51 PM - System Checkpoint
RP1337: 8/29/2013 6:43:12 AM - Software Distribution Service 3.0
RP1338: 8/30/2013 2:14:59 PM - System Checkpoint
RP1339: 9/2/2013 1:50:57 PM - System Checkpoint
RP1340: 9/3/2013 9:57:17 PM - System Checkpoint
RP1341: 9/5/2013 12:52:00 AM - System Checkpoint
RP1342: 9/6/2013 2:19:12 PM - System Checkpoint
RP1343: 9/8/2013 11:46:34 AM - System Checkpoint
RP1344: 9/9/2013 4:43:41 PM - System Checkpoint
RP1345: 9/10/2013 7:00:38 PM - System Checkpoint
RP1346: 9/11/2013 8:35:48 AM - Removed Java 7 Update 4
RP1347: 9/11/2013 8:36:09 AM - Installed Java 7 Update 40
RP1348: 9/11/2013 8:47:26 AM - Installed AVG PC TuneUp 2014
RP1349: 9/11/2013 11:02:07 AM - Removed WinZip 17.5
RP1350: 9/11/2013 11:08:33 AM - Installed Windows XP KB942288-v3.
RP1351: 9/11/2013 11:12:12 AM - Installed Nero BurningROM 12.
RP1352: 9/11/2013 11:22:42 AM - Removed Nero BurningROM 12.
RP1353: 9/11/2013 7:19:20 PM - Software Distribution Service 3.0
RP1354: 9/13/2013 11:17:27 AM - System Checkpoint
RP1355: 9/15/2013 12:49:11 PM - System Checkpoint
RP1356: 9/16/2013 2:09:42 PM - System Checkpoint
RP1357: 9/18/2013 6:40:35 AM - System Checkpoint
RP1358: 9/19/2013 11:40:18 AM - System Checkpoint
RP1359: 9/20/2013 12:24:27 PM - System Checkpoint
RP1360: 9/20/2013 5:48:13 PM - Restore Operation
RP1361: 9/20/2013 5:50:00 PM - Restore Operation
RP1362: 9/20/2013 5:51:50 PM - Restore Operation
RP1363: 9/20/2013 5:53:55 PM - Restore Operation
.
==== Installed Programs ======================
.
7-Zip 9.20
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2013
AVG PC TuneUp 2014
AVG PC TuneUp 2014 (en-US)
AVG PC TuneUp Language Pack (en-US)
AVG Security Toolbar
Bonjour
Canon Easy-PhotoPrint EX
Canon MP Navigator EX 5.1
Canon MX430 series MP Drivers
Canon MX430 series On-screen Manual
Canon MX430 series User Registration
Canon My Printer
Canon Solution Menu EX
Choice Guard
Dell DataSafe Online
Dell Driver Reset Tool
Dell Support Center (Support Software)
Digital Voice Editor 3
FamilySearch Indexing
FamilySearch Indexing 3.13.1
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
iTunes
Java 7 Update 40
Java Auto Updater
JavaFX 2.1.0
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 17.0.8 (x86 en-US)
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
PokerStars
QuickTime
Realtek High Definition Audio Driver
RootsMagic 5.0.4.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB960714)
Segoe UI
Uninstall FamilySearch Indexing
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB951978)
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
9/20/2013 7:40:25 PM, error: Service Control Manager [7034]  - The AVG PC TuneUp Service service terminated unexpectedly.  It has done this 1 time(s).
9/20/2013 4:35:52 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  MRxSmb
9/20/2013 4:35:52 PM, error: Service Control Manager [7024]  - The Workstation service terminated with service-specific error 2250 (0x8CA).
9/20/2013 4:35:52 PM, error: Service Control Manager [7003]  - The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT
9/20/2013 4:35:52 PM, error: Service Control Manager [7003]  - The DHCP Client service depends on the following nonexistent service: NetBT
9/20/2013 4:35:52 PM, error: Service Control Manager [7001]  - The Computer Browser service depends on the Workstation service which failed to start because of the following error:  The service has returned a service-specific error code.
9/20/2013 4:34:14 PM, error: Workstation [5727]  - Could not load RDR device driver.
9/20/2013 4:34:14 PM, error: Workstation [5727]  - Could not load MRxSmb device driver.
.
==== End Of File ===========================
 
Link to post
Share on other sites

  • Replies 62
  • Created
  • Last Reply

Top Posters In This Topic

  • Staff

Hello retxab

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites

Attached are the logs.

 

After following your directions, I rebooted again and reconnected the network cable. In the system tray, the network icon appeared--but with the message as before (your help): acquring network address. I did not attempt to open any browser.

 

 

# AdwCleaner v3.004 - Report created 21/09/2013 at 03:35:59

# Updated 15/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Barbara - D32K5JC1
# Running from : C:\temp\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Barbara\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Barbara\Application Data\AVG Secure Search
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v17.0.8 (en-US)
 
[ File : C:\Documents and Settings\Barbara\Application Data\Mozilla\Firefox\Profiles\jo5flxg6.default\prefs.js ]
 
Line Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AVG Secure Search\\FireFoxExt\\14.2.0.1");
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
 
*************************
 
AdwCleaner[R0].txt - [6703 octets] - [21/09/2013 02:09:01]
AdwCleaner[R1].txt - [6763 octets] - [21/09/2013 03:30:26]
AdwCleaner[s0].txt - [6830 octets] - [21/09/2013 03:35:59]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6890 octets] ##########
 
 

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Microsoft Windows XP x86
Ran by Barbara on Sat 09/21/2013 at  3:40:46.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Documents and Settings\Barbara\Local Settings\Application Data\{19BBD522-AC5D-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul [Trojan:JS/Medfos.A]
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Documents and Settings\Barbara\Local Settings\Application Data\{19BBD522-AC5D-11E1-8270-B8AC6F996F26} [Trojan:JS/Medfos.A]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/21/2013 at  3:43:30.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Link to post
Share on other sites

  • Staff

Hello retxab

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
Link to post
Share on other sites

Progress this time--I was able to connect to the internet and install windows recovery console. Below is the combofix log

 

ComboFix 13-09-19.01 - Barbara 09/21/2013  18:56:19.2.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2037.1267 [GMT -4:00]
Running from: c:\temp\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB4472$\1847445595
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\$NtUninstallKB4472$
c:\windows\$NtUninstallKB4472$\2069129772\Desktop.ini
c:\windows\system32\Cache
c:\windows\system32\Cache\110f40f862409c7a.fb
c:\windows\system32\Cache\14ea5003fe3f2f64.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\2cc63273e092f98e.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3385e2fe6db84b70.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\3cc0294aff4913c8.fb
c:\windows\system32\Cache\40ede52260b62523.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\80f02f9ce2668a57.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\a397c11fdb035ed2.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\aa1267ce3d4870f9.fb
c:\windows\system32\Cache\accbf802bd40fe95.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c0a67f9347df43cc.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d1e12124bb5df8fc.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\dedb527b98bcdf8d.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\drivers\etc\hosts.txt
.
-- Previous Run --
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
--------
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-21 to 2013-09-21  )))))))))))))))))))))))))))))))
.
.
2013-09-21 07:40 . 2013-09-21 07:40 -------- d-----w- c:\windows\ERUNT
2013-09-21 06:08 . 2013-09-21 07:39 -------- d-----w- C:\AdwCleaner
2013-09-21 01:28 . 2013-09-21 01:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Avg2013
2013-09-20 23:41 . 2013-09-20 23:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-20 23:41 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-20 19:34 . 2013-09-21 14:08 -------- d---a-w- C:\temp
2013-09-19 18:47 . 2013-09-19 18:47 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2013-09-12 00:22 . 2013-09-12 00:22 -------- d-----w- c:\program files\iPod
2013-09-12 00:22 . 2013-09-12 00:22 -------- d-----w- c:\program files\iTunes
2013-09-12 00:22 . 2013-09-12 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-12 00:18 . 2013-09-12 00:18 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2013-09-12 00:18 . 2013-09-12 00:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-09-12 00:18 . 2013-09-12 00:18 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2013-09-12 00:18 . 2013-09-12 00:18 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2013-09-12 00:18 . 2013-09-12 00:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-09-12 00:18 . 2013-09-12 00:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-09-12 00:18 . 2013-09-12 00:18 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2013-09-12 00:18 . 2013-09-12 00:18 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2013-09-12 00:18 . 2013-09-12 00:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-09-12 00:18 . 2013-09-12 00:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-09-12 00:18 . 2013-09-12 00:18 -------- d-----w- c:\program files\QuickTime
2013-09-11 15:17 . 2013-09-11 15:17 -------- d-----w- c:\documents and settings\Barbara\Application Data\Nero
2013-09-11 15:12 . 2013-09-11 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2013-09-11 14:48 . 2013-09-11 14:48 -------- d-----w- c:\documents and settings\Barbara\Application Data\Roxio
2013-09-11 14:34 . 2013-09-11 14:34 -------- d-----w- c:\documents and settings\Barbara\Application Data\licenses
2013-09-11 14:34 . 2013-09-11 14:35 -------- d-----w- c:\documents and settings\Barbara\Application Data\PCMM2009
2013-09-11 14:34 . 2013-09-11 14:34 -------- d-----w- c:\documents and settings\Barbara\Application Data\PCMM2013
2013-09-11 14:34 . 2013-09-11 14:36 -------- d-----w- c:\documents and settings\Barbara\Local Settings\Application Data\PC MightyMax 2013
2013-09-11 12:50 . 2013-09-09 13:40 35640 ----a-w- c:\windows\system32\uxtuneup.dll
2013-09-11 12:49 . 2013-09-09 13:40 36152 ----a-w- c:\windows\system32\TURegOpt.exe
2013-09-11 12:46 . 2013-09-11 12:53 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-09-11 12:36 . 2013-09-11 12:36 -------- d-----w- c:\program files\Common Files\Java
2013-09-11 12:36 . 2013-09-11 12:36 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-09-11 12:36 . 2013-09-11 12:36 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-13 14:43 . 2012-04-10 20:36 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-13 14:43 . 2011-06-04 02:41 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-11 12:36 . 2012-06-08 06:45 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-11 12:36 . 2010-05-25 23:06 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-10 05:34 . 2011-12-23 17:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-05 05:43 . 2011-09-13 11:30 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-08-14 21:13 . 2012-09-03 11:58 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-08-09 01:56 . 2008-04-25 16:16 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05 . 2008-04-25 16:16 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2008-04-25 16:16 43520 ------w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2008-04-25 16:16 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 01:27 . 2008-04-25 16:16 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 00:02 . 2008-04-25 16:16 385024 ------w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2008-04-25 16:16 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 18:18 . 2006-10-19 01:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-20 05:51 . 2012-08-09 17:56 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-20 05:50 . 2012-04-19 08:50 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-20 05:50 . 2011-12-23 17:32 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 05:50 . 2011-10-07 11:23 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-10 10:37 . 2008-04-25 16:16 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03 . 2008-04-25 16:16 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2008-04-14 00:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-01 05:45 . 2011-08-08 11:08 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-08-10 00:54 . 2013-08-10 00:54 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 18:01 . 2013-08-10 00:54 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-17 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-17 138008]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2567272]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-08-16 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-02-20 13:01 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [8/9/2012 1:56 PM 246072]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 7:30 AM 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 7:23 AM 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 2:14 AM 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/3/2012 7:58 AM 37664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [7/4/2013 3:53 PM 4939312]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [7/23/2013 7:09 PM 283136]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [9/9/2013 9:40 AM 1740088]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [8/21/2013 7:53 PM 12320]
S2 gupdate1c9e3ab5e358b90;Google Update Service (gupdate1c9e3ab5e358b90);c:\program files\Google\Update\GoogleUpdate.exe [6/2/2009 1:55 PM 133104]
S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [?]
S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [10/23/2011 8:20 AM 11264]
S3 MFE_RR;MFE_RR;\??\c:\docume~1\Barbara\LOCALS~1\Temp\mfe_rr.sys --> c:\docume~1\Barbara\LOCALS~1\Temp\mfe_rr.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 14:43]
.
2013-09-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-09-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-02 12:18]
.
2013-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 17:55]
.
2013-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 17:55]
.
2013-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2821682522-1311732649-3067762728-1005Core.job
- c:\documents and settings\Barbara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-12-22 17:22]
.
2013-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2821682522-1311732649-3067762728-1005UA.job
- c:\documents and settings\Barbara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-12-22 17:22]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Barbara\Application Data\Mozilla\Firefox\Profiles\jo5flxg6.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-21 19:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(740)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(388)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Dell Support Center\gs_agent\dsc.exe
c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2013-09-21  19:05:31 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-21 23:05
.
Pre-Run: 290,131,705,856 bytes free
Post-Run: 290,081,300,480 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - 0298C69A76B4B3B6569E2F0907240741
CDB4DE4BBD714F152979DA2DCBEF57EB
Link to post
Share on other sites

  • Staff

Hello retxab

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
Link to post
Share on other sites

Attached are the logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-09-2013

Ran by Barbara (administrator) on D32K5JC1 on 22-09-2013 00:05:43
Running from C:\temp\farbar
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
() C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\gs_agent\dsc.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [16132608 2007-07-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Dell DataSafe Online] - C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()
HKLM\...\Run: [dellsupportcenter] - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2567272 2011-07-19] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\WgaLogon: C:\Windows\system32\WgaLogon.dll (Microsoft Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Policies\Explorer: [NoDrives] 0
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {B1705111-8241-4C98-8AEF-4F3091A46404} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {CA3F1276-B632-4BA7-881F-BCF6411AC373} URL = http://www.bing.com/search?q={searchTerms}&form=B8DFDF&pc=B8DF&src=IE-SearchBox
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Barbara\Application Data\Mozilla\Firefox\Profiles\jo5flxg6.default
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Documents and Settings\Barbara\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Documents and Settings\Barbara\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Documents and Settings\Barbara\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKCU\...\Firefox\Extensions: [{19BBD522-AC5D-11E1-8270-B8AC6F996F26}] - C:\Documents and Settings\Barbara\Local Settings\Application Data\{19BBD522-AC5D-11E1-8270-B8AC6F996F26}\
 
========================== Services (Whitelisted) =================
 
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S2 gupdate1c9e3ab5e358b90; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-06-02] (Google Inc.)
S3 ICDSPTSV; C:\WINDOWS\system32\IcdSptSv.exe [99688 2009-10-14] (Sony Corporation)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1740088 2013-09-09] (AVG)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [35640 2013-09-09] (AVG)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S2 vToolbarUpdater15.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-08-14] (AVG Technologies)
S3 ICDUSB3; C:\Windows\System32\Drivers\ICDUSB3.sys [11264 2008-08-18] (Sony Corporation)
R1 NetBT; C:\Windows\System32\drivers\netbt.sys [162816 2008-04-14] ()
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [12320 2013-08-21] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 MFE_RR; \??\C:\DOCUME~1\Barbara\LOCALS~1\Temp\mfe_rr.sys [x]
S1 MRxSmb; system32\DRIVERS\mrxsmb.sys [x]
U5 MSIServer; C:\Windows\System32\msiexec.exe [95744 2008-05-19] (Microsoft Corporation)
U0 Partizan; system32\drivers\Partizan.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-21 23:59 - 2013-09-21 23:59 - 00000000 ____D C:\FRST
2013-09-21 19:05 - 2013-09-21 19:05 - 00017978 _____ C:\ComboFix.txt
2013-09-21 18:52 - 2013-09-21 18:52 - 00000000 _RSHD C:\cmdcons
2013-09-21 18:52 - 2012-06-07 10:21 - 00000245 _____ C:\Boot.bak
2013-09-21 18:52 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-09-21 18:51 - 2011-06-26 02:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-09-21 18:51 - 2010-11-07 13:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-09-21 18:51 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-09-21 18:51 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-09-21 18:51 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-09-21 18:51 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-09-21 18:51 - 2000-08-30 20:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-09-21 18:51 - 2000-08-30 20:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-09-21 18:51 - 2000-08-30 20:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-09-21 14:21 - 2013-09-21 19:05 - 00000000 ____D C:\Qoobox
2013-09-21 14:21 - 2013-09-21 19:04 - 00000000 ____D C:\WINDOWS\erdnt
2013-09-21 14:17 - 2013-09-21 14:17 - 00000205 _____ C:\WINDOWS\WINNT32.LOG
2013-09-21 14:17 - 2013-09-21 14:17 - 00000178 _____ C:\WINDOWS\DHCPUPG.LOG
2013-09-21 03:43 - 2013-09-21 03:43 - 00001106 _____ C:\Documents and Settings\Barbara\Desktop\JRT.txt
2013-09-21 03:40 - 2013-09-21 03:40 - 00000000 ____D C:\WINDOWS\ERUNT
2013-09-21 02:08 - 2013-09-21 03:39 - 00000000 ____D C:\AdwCleaner
2013-09-20 23:13 - 2013-09-20 23:13 - 00014214 _____ C:\Documents and Settings\Barbara\Desktop\dds.txt
2013-09-20 23:13 - 2013-09-20 23:13 - 00013997 _____ C:\Documents and Settings\Barbara\Desktop\attach.txt
2013-09-20 21:28 - 2013-09-20 21:28 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Avg2013
2013-09-20 19:41 - 2013-09-20 19:41 - 00000786 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-20 19:41 - 2013-09-20 19:41 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-20 19:41 - 2013-09-20 19:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-09-20 19:41 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-09-19 14:47 - 2013-09-19 14:47 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Apple Computer
2013-09-13 09:50 - 2013-09-20 21:24 - 00019595 _____ C:\WINDOWS\setupapi.log
2013-09-13 09:50 - 2013-09-13 09:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2013-09-12 14:08 - 2013-09-12 14:08 - 00000000 ____D C:\Documents and Settings\Barbara\Desktop\Jobs
2013-09-11 20:22 - 2013-09-11 20:22 - 00001544 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2013-09-11 20:22 - 2013-09-11 20:22 - 00000000 ____D C:\Program Files\iTunes
2013-09-11 20:22 - 2013-09-11 20:22 - 00000000 ____D C:\Program Files\iPod
2013-09-11 20:22 - 2013-09-11 20:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2013-09-11 20:22 - 2013-09-11 20:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-11 20:18 - 2013-09-11 20:18 - 00001606 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2013-09-11 20:18 - 2013-09-11 20:18 - 00000000 ____D C:\Program Files\QuickTime
2013-09-11 20:18 - 2013-09-11 20:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2013-09-11 19:22 - 2013-09-11 19:22 - 00016583 _____ C:\WINDOWS\KB2870699-IE8.log
2013-09-11 19:21 - 2013-09-11 19:22 - 00004966 _____ C:\WINDOWS\updspapi.log
2013-09-11 19:21 - 2013-09-11 19:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$
2013-09-11 19:21 - 2013-09-11 19:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-09-11 19:21 - 2013-09-11 19:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-09-11 13:41 - 2013-09-11 19:22 - 00014781 _____ C:\WINDOWS\KB2876315.log
2013-09-11 13:41 - 2013-09-11 19:21 - 00013808 _____ C:\WINDOWS\KB2876217.log
2013-09-11 13:41 - 2013-09-11 19:21 - 00013674 _____ C:\WINDOWS\KB2864063.log
2013-09-11 11:17 - 2013-09-11 11:17 - 00000000 ____D C:\Documents and Settings\Barbara\Application Data\Nero
2013-09-11 11:12 - 2013-09-11 11:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Nero
2013-09-11 11:08 - 2013-09-21 14:14 - 00040175 _____ C:\WINDOWS\iis6.log
2013-09-11 11:08 - 2013-09-21 14:14 - 00038499 _____ C:\WINDOWS\FaxSetup.log
2013-09-11 11:08 - 2013-09-21 14:14 - 00020596 _____ C:\WINDOWS\ocgen.log
2013-09-11 11:08 - 2013-09-21 14:14 - 00018697 _____ C:\WINDOWS\tsoc.log
2013-09-11 11:08 - 2013-09-21 14:14 - 00012771 _____ C:\WINDOWS\comsetup.log
2013-09-11 11:08 - 2013-09-21 14:14 - 00008021 _____ C:\WINDOWS\ntdtcsetup.log
2013-09-11 11:08 - 2013-09-21 14:14 - 00007007 _____ C:\WINDOWS\netfxocm.log
2013-09-11 11:08 - 2013-09-21 14:14 - 00002844 _____ C:\WINDOWS\MedCtrOC.log
2013-09-11 11:08 - 2013-09-21 14:14 - 00002179 _____ C:\WINDOWS\ocmsn.log
2013-09-11 11:08 - 2013-09-21 14:14 - 00002024 _____ C:\WINDOWS\msgsocm.log
2013-09-11 11:08 - 2013-09-21 14:14 - 00001917 _____ C:\WINDOWS\imsins.log
2013-09-11 11:08 - 2013-09-21 14:14 - 00001866 _____ C:\WINDOWS\tabletoc.log
2013-09-11 11:08 - 2013-09-21 14:13 - 00011352 _____ C:\WINDOWS\msmqinst.log
2013-09-11 11:08 - 2013-09-11 19:22 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-09-11 11:08 - 2013-09-11 11:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB942288-v3$
2013-09-11 11:07 - 2013-09-11 11:08 - 00012766 _____ C:\WINDOWS\KB942288-v3.log
2013-09-11 11:02 - 2013-09-11 11:02 - 00000000 ____D C:\Documents and Settings\Barbara\My Documents\Add-in Express
2013-09-11 10:48 - 2013-09-11 10:48 - 00000000 ____D C:\Documents and Settings\Barbara\Application Data\Roxio
2013-09-11 10:34 - 2013-09-11 10:36 - 00000000 ____D C:\Documents and Settings\Barbara\Local Settings\Application Data\PC MightyMax 2013
2013-09-11 10:34 - 2013-09-11 10:35 - 00000000 ____D C:\Documents and Settings\Barbara\Application Data\PCMM2009
2013-09-11 10:34 - 2013-09-11 10:34 - 00000000 ____D C:\Documents and Settings\Barbara\Application Data\PCMM2013
2013-09-11 10:34 - 2013-09-11 10:34 - 00000000 ____D C:\Documents and Settings\Barbara\Application Data\licenses
2013-09-11 09:11 - 2013-09-21 14:17 - 00000341 _____ C:\WINDOWS\setupact.log
2013-09-11 09:11 - 2013-09-11 09:11 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-09-11 09:09 - 2013-09-21 23:58 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-09-11 08:50 - 2013-09-09 09:40 - 00035640 _____ (AVG) C:\WINDOWS\system32\uxtuneup.dll
2013-09-11 08:49 - 2013-09-11 08:49 - 00001747 _____ C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2013-09-11 08:49 - 2013-09-11 08:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014
2013-09-11 08:49 - 2013-09-09 09:40 - 00036152 _____ (AVG) C:\WINDOWS\system32\TURegOpt.exe
2013-09-11 08:46 - 2013-09-11 08:53 - 00000000 __SHD C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-09-11 08:36 - 2013-09-11 08:36 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-09-11 08:36 - 2013-09-11 08:36 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-09-11 08:36 - 2013-09-11 08:36 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-09-11 08:36 - 2013-09-11 08:36 - 00144896 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-09-11 08:36 - 2013-09-11 08:36 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-09-11 08:36 - 2013-09-11 08:36 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-11 08:36 - 2013-09-11 08:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-09-10 13:41 - 2013-09-10 13:41 - 00000738 _____ C:\Documents and Settings\Barbara\Start Menu\PokerStars.lnk
2013-09-10 13:41 - 2013-09-10 13:41 - 00000000 ____D C:\Documents and Settings\Barbara\Start Menu\Programs\PokerStars
2013-08-29 06:43 - 2013-08-29 06:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
 
==================== One Month Modified Files and Folders =======
 
2013-09-21 23:59 - 2013-09-21 23:59 - 00000000 ____D C:\FRST
2013-09-21 23:59 - 2008-04-25 17:28 - 01843121 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-21 23:58 - 2013-09-11 09:09 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-09-21 23:58 - 2009-06-29 23:12 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-21 23:58 - 2008-04-25 17:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-21 23:58 - 2008-04-25 12:16 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-09-21 23:58 - 2008-04-25 05:25 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-09-21 19:06 - 2013-02-10 09:07 - 00065536 _____ C:\WINDOWS\system32\config\TuneUp.evt
2013-09-21 19:06 - 2012-01-28 15:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-09-21 19:06 - 2009-02-28 18:08 - 00000178 ___SH C:\Documents and Settings\Barbara\ntuser.ini
2013-09-21 19:06 - 2008-04-25 17:32 - 00032530 _____ C:\WINDOWS\SchedLgU.Txt
2013-09-21 19:05 - 2013-09-21 19:05 - 00017978 _____ C:\ComboFix.txt
2013-09-21 19:05 - 2013-09-21 14:21 - 00000000 ____D C:\Qoobox
2013-09-21 19:04 - 2013-09-21 14:21 - 00000000 ____D C:\WINDOWS\erdnt
2013-09-21 19:01 - 2008-04-25 12:16 - 00000227 _____ C:\WINDOWS\system.ini
2013-09-21 18:59 - 2009-02-28 18:08 - 00000000 ____D C:\Documents and Settings\Barbara
2013-09-21 18:52 - 2013-09-21 18:52 - 00000000 _RSHD C:\cmdcons
2013-09-21 18:52 - 2008-04-25 12:16 - 00000355 __RSH C:\boot.ini
2013-09-21 14:26 - 2008-04-25 17:32 - 00000178 ___SH C:\Documents and Settings\LocalService\ntuser.ini
2013-09-21 14:17 - 2013-09-21 14:17 - 00000205 _____ C:\WINDOWS\WINNT32.LOG
2013-09-21 14:17 - 2013-09-21 14:17 - 00000178 _____ C:\WINDOWS\DHCPUPG.LOG
2013-09-21 14:17 - 2013-09-11 09:11 - 00000341 _____ C:\WINDOWS\setupact.log
2013-09-21 14:14 - 2013-09-11 11:08 - 00040175 _____ C:\WINDOWS\iis6.log
2013-09-21 14:14 - 2013-09-11 11:08 - 00038499 _____ C:\WINDOWS\FaxSetup.log
2013-09-21 14:14 - 2013-09-11 11:08 - 00020596 _____ C:\WINDOWS\ocgen.log
2013-09-21 14:14 - 2013-09-11 11:08 - 00018697 _____ C:\WINDOWS\tsoc.log
2013-09-21 14:14 - 2013-09-11 11:08 - 00012771 _____ C:\WINDOWS\comsetup.log
2013-09-21 14:14 - 2013-09-11 11:08 - 00008021 _____ C:\WINDOWS\ntdtcsetup.log
2013-09-21 14:14 - 2013-09-11 11:08 - 00007007 _____ C:\WINDOWS\netfxocm.log
2013-09-21 14:14 - 2013-09-11 11:08 - 00002844 _____ C:\WINDOWS\MedCtrOC.log
2013-09-21 14:14 - 2013-09-11 11:08 - 00002179 _____ C:\WINDOWS\ocmsn.log
2013-09-21 14:14 - 2013-09-11 11:08 - 00002024 _____ C:\WINDOWS\msgsocm.log
2013-09-21 14:14 - 2013-09-11 11:08 - 00001917 _____ C:\WINDOWS\imsins.log
2013-09-21 14:14 - 2013-09-11 11:08 - 00001866 _____ C:\WINDOWS\tabletoc.log
2013-09-21 14:13 - 2013-09-11 11:08 - 00011352 _____ C:\WINDOWS\msmqinst.log
2013-09-21 03:52 - 2012-12-22 02:27 - 00000986 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2821682522-1311732649-3067762728-1005UA.job
2013-09-21 03:43 - 2013-09-21 03:43 - 00001106 _____ C:\Documents and Settings\Barbara\Desktop\JRT.txt
2013-09-21 03:43 - 2012-04-10 16:36 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-09-21 03:40 - 2013-09-21 03:40 - 00000000 ____D C:\WINDOWS\ERUNT
2013-09-21 03:39 - 2013-09-21 02:08 - 00000000 ____D C:\AdwCleaner
2013-09-21 02:47 - 2009-06-29 23:12 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-20 23:13 - 2013-09-20 23:13 - 00014214 _____ C:\Documents and Settings\Barbara\Desktop\dds.txt
2013-09-20 23:13 - 2013-09-20 23:13 - 00013997 _____ C:\Documents and Settings\Barbara\Desktop\attach.txt
2013-09-20 21:28 - 2013-09-20 21:28 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Application Data\Avg2013
2013-09-20 21:24 - 2013-09-13 09:50 - 00019595 _____ C:\WINDOWS\setupapi.log
2013-09-20 19:41 - 2013-09-20 19:41 - 00000786 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-09-20 19:41 - 2013-09-20 19:41 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-20 19:41 - 2013-09-20 19:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-09-20 13:37 - 2012-06-07 17:53 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-09-20 12:13 - 2009-06-02 13:55 - 00000868 _____ C:\WINDOWS\Tasks\Google Software Updater.job
2013-09-20 12:00 - 2009-07-29 14:23 - 00000000 ____D C:\Documents and Settings\Barbara\Desktop\Unused Desktop Shortcuts
2013-09-19 14:47 - 2013-09-19 14:47 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Apple Computer
2013-09-19 13:26 - 2010-04-01 08:41 - 01819648 _____ C:\Documents and Settings\Barbara\My Documents\Tree.rmgc
2013-09-19 09:59 - 2009-09-30 15:32 - 00000000 ____D C:\Program Files\PokerStars
2013-09-18 20:14 - 2009-02-28 19:07 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-09-16 13:52 - 2012-12-22 02:27 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2821682522-1311732649-3067762728-1005Core.job
2013-09-13 19:50 - 2009-02-28 19:08 - 00000000 ____D C:\Documents and Settings\Barbara\Application Data\Apple Computer
2013-09-13 10:43 - 2012-04-10 16:36 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-13 10:43 - 2011-06-03 22:41 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-13 09:50 - 2013-09-13 09:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2013-09-12 14:08 - 2013-09-12 14:08 - 00000000 ____D C:\Documents and Settings\Barbara\Desktop\Jobs
2013-09-12 06:52 - 2012-06-18 10:37 - 00000000 ____D C:\Documents and Settings\Barbara\Application Data\Mozilla
2013-09-11 20:22 - 2013-09-11 20:22 - 00001544 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2013-09-11 20:22 - 2013-09-11 20:22 - 00000000 ____D C:\Program Files\iTunes
2013-09-11 20:22 - 2013-09-11 20:22 - 00000000 ____D C:\Program Files\iPod
2013-09-11 20:22 - 2013-09-11 20:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2013-09-11 20:22 - 2013-09-11 20:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-11 20:22 - 2009-02-28 19:07 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-11 20:18 - 2013-09-11 20:18 - 00001606 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2013-09-11 20:18 - 2013-09-11 20:18 - 00000000 ____D C:\Program Files\QuickTime
2013-09-11 20:18 - 2013-09-11 20:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2013-09-11 20:18 - 2009-02-28 19:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer
2013-09-11 19:51 - 2008-04-25 05:21 - 00146808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-11 19:22 - 2013-09-11 19:22 - 00016583 _____ C:\WINDOWS\KB2870699-IE8.log
2013-09-11 19:22 - 2013-09-11 19:21 - 00004966 _____ C:\WINDOWS\updspapi.log
2013-09-11 19:22 - 2013-09-11 13:41 - 00014781 _____ C:\WINDOWS\KB2876315.log
2013-09-11 19:22 - 2013-09-11 11:08 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-09-11 19:22 - 2009-06-01 13:38 - 00000000 ____D C:\WINDOWS\ie8updates
2013-09-11 19:21 - 2013-09-11 19:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$
2013-09-11 19:21 - 2013-09-11 19:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-09-11 19:21 - 2013-09-11 19:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-09-11 19:21 - 2013-09-11 13:41 - 00013808 _____ C:\WINDOWS\KB2876217.log
2013-09-11 19:21 - 2013-09-11 13:41 - 00013674 _____ C:\WINDOWS\KB2864063.log
2013-09-11 19:20 - 2013-07-14 07:20 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-09-11 19:19 - 2009-03-02 19:42 - 76725432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-09-11 11:23 - 2013-09-11 11:12 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Nero
2013-09-11 11:17 - 2013-09-11 11:17 - 00000000 ____D C:\Documents and Settings\Barbara\Application Data\Nero
2013-09-11 11:08 - 2013-09-11 11:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB942288-v3$
2013-09-11 11:08 - 2013-09-11 11:07 - 00012766 _____ C:\WINDOWS\KB942288-v3.log
2013-09-11 11:08 - 2008-04-25 05:17 - 00000000 ____D C:\WINDOWS\system32\mui
2013-09-11 11:02 - 2013-09-11 11:02 - 00000000 ____D C:\Documents and Settings\Barbara\My Documents\Add-in Express
2013-09-11 11:02 - 2012-10-02 07:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2013
2013-09-11 10:48 - 2013-09-11 10:48 - 00000000 ____D C:\Documents and Settings\Barbara\Application Data\Roxio
2013-09-11 10:36 - 2013-09-11 10:34 - 00000000 ____D C:\Documents and Settings\Barbara\Local Settings\Application Data\PC MightyMax 2013
2013-09-11 10:35 - 2013-09-11 10:34 - 00000000 ____D C:\Documents and Settings\Barbara\Application Data\PCMM2009
2013-09-11 10:34 - 2013-09-11 10:34 - 00000000 ____D C:\Documents and Settings\Barbara\Application Data\PCMM2013
2013-09-11 10:34 - 2013-09-11 10:34 - 00000000 ____D C:\Documents and Settings\Barbara\Application Data\licenses
2013-09-11 10:01 - 2009-06-02 13:55 - 00000000 ____D C:\Program Files\Google
2013-09-11 10:01 - 2009-06-02 13:55 - 00000000 ____D C:\Documents and Settings\Barbara\Local Settings\Application Data\Google
2013-09-11 09:31 - 2009-06-25 09:59 - 00000000 __SHD C:\Documents and Settings\Barbara\IECompatCache
2013-09-11 09:31 - 2009-06-01 13:40 - 00000000 __SHD C:\Documents and Settings\Barbara\PrivacIE
2013-09-11 09:31 - 2009-06-01 13:40 - 00000000 __SHD C:\Documents and Settings\Barbara\IETldCache
2013-09-11 09:11 - 2013-09-11 09:11 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-09-11 09:09 - 2009-02-20 09:04 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2013-09-11 09:06 - 2013-08-09 20:54 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-11 09:05 - 2012-03-30 00:27 - 00000000 ____D C:\WINDOWS\Minidump
2013-09-11 08:53 - 2013-09-11 08:46 - 00000000 __SHD C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-09-11 08:53 - 2013-02-10 09:06 - 00000000 __SHD C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-09-11 08:53 - 2010-08-03 17:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2013-09-11 08:53 - 2009-10-12 09:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2013-09-11 08:53 - 2009-04-10 16:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2013-09-11 08:53 - 2009-04-03 16:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2013-09-11 08:49 - 2013-09-11 08:49 - 00001747 _____ C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2013-09-11 08:49 - 2013-09-11 08:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2014
2013-09-11 08:49 - 2012-01-28 15:55 - 00000000 ____D C:\Documents and Settings\Barbara\Application Data\AVG
2013-09-11 08:46 - 2013-02-10 09:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG
2013-09-11 08:36 - 2013-09-11 08:36 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-09-11 08:36 - 2013-09-11 08:36 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-09-11 08:36 - 2013-09-11 08:36 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-09-11 08:36 - 2013-09-11 08:36 - 00144896 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-09-11 08:36 - 2013-09-11 08:36 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-09-11 08:36 - 2013-09-11 08:36 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-11 08:36 - 2013-09-11 08:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-09-11 08:36 - 2012-06-08 02:45 - 00868264 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-09-11 08:36 - 2010-05-25 19:06 - 00790440 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-09-10 13:41 - 2013-09-10 13:41 - 00000738 _____ C:\Documents and Settings\Barbara\Start Menu\PokerStars.lnk
2013-09-10 13:41 - 2013-09-10 13:41 - 00000000 ____D C:\Documents and Settings\Barbara\Start Menu\Programs\PokerStars
2013-09-10 01:34 - 2011-12-23 13:32 - 00022328 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsshimx.sys
2013-09-09 09:40 - 2013-09-11 08:50 - 00035640 _____ (AVG) C:\WINDOWS\system32\uxtuneup.dll
2013-09-09 09:40 - 2013-09-11 08:49 - 00036152 _____ (AVG) C:\WINDOWS\system32\TURegOpt.exe
2013-09-05 01:43 - 2011-09-13 07:30 - 00039224 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgrkx86.sys
2013-08-29 06:43 - 2013-08-29 06:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
 
ZeroAccess:
C:\Documents and Settings\Barbara\Local Settings\Application Data\{ebc8304c-8e2f-4737-c9b3-76598667dd8e}
C:\Documents and Settings\Barbara\Local Settings\Application Data\{ebc8304c-8e2f-4737-c9b3-76598667dd8e}\@
 
Files to move or delete:
====================
C:\Documents and Settings\Barbara\jobq.dat
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
 Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-09-2013
Ran by Barbara at 2013-09-22 00:05:59
Running from C:\temp\farbar
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs ======================
 
7-Zip 9.20
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.174)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
AVG 2013 (Version: 13.0.3222)
AVG 2013 (Version: 13.0.3408)
AVG 2013 (Version: 2013.0.3408)
AVG PC TuneUp 2014 (en-US) (Version: 14.0.1001.156)
AVG PC TuneUp 2014 (Version: 14.0.1001.156)
AVG PC TuneUp Language Pack (en-US) (Version: 12.0.4000.108)
Bonjour (Version: 3.0.0.10)
Canon Easy-PhotoPrint EX
Canon MP Navigator EX 5.1
Canon MX430 series MP Drivers
Canon MX430 series On-screen Manual
Canon MX430 series User Registration
Canon My Printer
Canon Solution Menu EX
Choice Guard (Version: 1.2.87.0)
Dell DataSafe Online (Version: 1.2.0009)
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Support Center (Support Software) (Version: 2.2.08335)
Digital Voice Editor 3 (Version: 3.3.01.11240)
FamilySearch Indexing 3.13.1 (Version: 3.13.1)
Google Earth (Version: 7.1.1.1888)
Google Talk Plugin (Version: 4.6.2.15096)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4413.1752)
Google Updater (Version: 2.4.2432.1652)
GoToAssist 8.0.0.514
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
iTunes (Version: 11.0.5.5)
Java 7 Update 40 (Version: 7.0.400)
Java Auto Updater (Version: 2.1.9.8)
JavaFX 2.1.0 (Version: 2.1.0)
Junk Mail filter update (Version: 14.0.8050.1202)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 2.0.31005.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.4518.1014)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 17.0.8 (x86 en-US) (Version: 17.0.8)
MSN
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB927977) (Version: 6.00.3890.0)
PokerStars
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver
RootsMagic 5.0.4.1
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Segoe UI (Version: 14.0.4327.805)
Uninstall FamilySearch Indexing
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8050.1202)
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Essentials (Version: 14.0.8050.1202)
Windows Live Mail (Version: 14.0.8050.1202)
Windows Live Messenger (Version: 14.0.8050.1202)
Windows Live Photo Gallery (Version: 14.0.8051.1204)
Windows Live Sign-in Assistant (Version: 5.000.817.1)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8050.1202)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation (Version: 3.0.6920.0)
XML Paper Specification Shared Components Pack 1.0
 
==================== Restore Points  =========================
 
23-06-2013 16:32:56 System Checkpoint
25-06-2013 13:51:40 System Checkpoint
26-06-2013 15:12:56 System Checkpoint
27-06-2013 18:21:23 System Checkpoint
02-07-2013 10:41:30 System Checkpoint
03-07-2013 22:19:51 System Checkpoint
04-07-2013 23:46:02 System Checkpoint
06-07-2013 16:31:53 System Checkpoint
07-07-2013 21:34:56 System Checkpoint
09-07-2013 00:26:04 System Checkpoint
10-07-2013 10:37:07 System Checkpoint
11-07-2013 11:24:34 Software Distribution Service 3.0
12-07-2013 21:43:11 System Checkpoint
14-07-2013 02:39:27 System Checkpoint
14-07-2013 11:20:14 Software Distribution Service 3.0
15-07-2013 13:43:11 System Checkpoint
17-07-2013 03:09:35 System Checkpoint
18-07-2013 16:02:07 System Checkpoint
19-07-2013 17:49:51 System Checkpoint
20-07-2013 22:22:42 System Checkpoint
21-07-2013 23:46:46 System Checkpoint
22-07-2013 23:59:19 System Checkpoint
24-07-2013 04:16:22 System Checkpoint
25-07-2013 17:15:36 System Checkpoint
26-07-2013 19:07:19 System Checkpoint
28-07-2013 04:21:41 System Checkpoint
29-07-2013 11:30:09 System Checkpoint
31-07-2013 14:07:16 System Checkpoint
02-08-2013 10:45:50 System Checkpoint
05-08-2013 15:43:45 System Checkpoint
07-08-2013 23:52:46 System Checkpoint
10-08-2013 02:06:38 System Checkpoint
11-08-2013 14:06:21 System Checkpoint
12-08-2013 18:32:47 System Checkpoint
13-08-2013 19:34:13 System Checkpoint
14-08-2013 21:20:58 System Checkpoint
15-08-2013 11:05:30 Software Distribution Service 3.0
16-08-2013 16:41:25 System Checkpoint
20-08-2013 02:33:47 System Checkpoint
22-08-2013 13:36:57 System Checkpoint
23-08-2013 16:03:58 System Checkpoint
24-08-2013 20:38:11 System Checkpoint
26-08-2013 16:28:10 System Checkpoint
27-08-2013 20:06:39 System Checkpoint
29-08-2013 03:42:51 System Checkpoint
29-08-2013 10:43:12 Software Distribution Service 3.0
30-08-2013 18:14:59 System Checkpoint
02-09-2013 17:50:57 System Checkpoint
04-09-2013 01:57:17 System Checkpoint
05-09-2013 04:52:00 System Checkpoint
06-09-2013 18:19:12 System Checkpoint
08-09-2013 15:46:34 System Checkpoint
09-09-2013 20:43:41 System Checkpoint
10-09-2013 23:00:38 System Checkpoint
11-09-2013 12:35:48 Removed Java 7 Update 4
11-09-2013 12:36:09 Installed Java 7 Update 40
11-09-2013 12:47:26 Installed AVG PC TuneUp 2014
11-09-2013 15:02:07 Removed WinZip 17.5
11-09-2013 15:08:33 Installed Windows XP KB942288-v3.
11-09-2013 15:12:12 Installed Nero BurningROM 12.
11-09-2013 15:22:42 Removed Nero BurningROM 12.
11-09-2013 23:19:20 Software Distribution Service 3.0
13-09-2013 15:17:27 System Checkpoint
15-09-2013 16:49:11 System Checkpoint
16-09-2013 18:09:42 System Checkpoint
18-09-2013 10:40:35 System Checkpoint
19-09-2013 15:40:18 System Checkpoint
20-09-2013 16:24:27 System Checkpoint
20-09-2013 21:48:13 Restore Operation
20-09-2013 21:50:00 Restore Operation
20-09-2013 21:51:50 Restore Operation
20-09-2013 21:53:55 Restore Operation
 
==================== Hosts content: ==========================
 
2008-04-25 12:16 - 2013-09-21 19:01 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2821682522-1311732649-3067762728-1005Core.job => C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2821682522-1311732649-3067762728-1005UA.job => C:\Documents and Settings\Barbara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2008-04-25 12:16 - 2008-04-14 08:00 - 00177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfime.ime
2009-02-20 09:01 - 2009-02-20 09:01 - 00010536 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
2013-09-11 08:50 - 2013-09-09 09:40 - 00035640 _____ (AVG) c:\windows\system32\uxtuneup.dll
2008-04-25 17:26 - 2008-04-14 08:00 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbem\wbemcons.dll
2012-12-03 18:47 - 2011-09-21 06:00 - 00257536 _____ (CANON INC.) C:\WINDOWS\system32\CNCALB1.DLL
2012-12-03 18:47 - 2011-11-03 06:00 - 00311296 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMB1.DLL
2012-12-03 18:47 - 2011-08-16 04:30 - 00363520 _____ (CANON INC.) C:\WINDOWS\system32\CNMNPPM.DLL
2012-12-03 18:47 - 2011-11-03 06:00 - 00029184 _____ (CANON INC.) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPDB1.DLL
2008-04-25 17:38 - 2008-07-06 08:06 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll
2009-02-20 08:58 - 2006-10-26 21:56 - 00033104 _____ (Microsoft Corporation) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\msonpppr.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00053024 _____ (Open Source Software community project) C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00017648 _____ () C:\Program Files\Dell DataSafe Online\cpputils.dll
2013-09-09 09:40 - 2013-09-09 09:40 - 00032056 _____ (AVG) C:\Program Files\AVG\AVG PC TuneUp\SDShelEx-win32.dll
2013-09-09 09:40 - 2013-09-09 09:40 - 00501560 _____ () C:\Program Files\AVG\AVG PC TuneUp\avgreplibx.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00275696 _____ () C:\Program Files\Dell DataSafe Online\SdbShared.dll
2008-11-03 11:54 - 2008-11-03 11:54 - 00058608 _____ () C:\Program Files\Dell DataSafe Online\BalloonWindow.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00095472 _____ () C:\Program Files\Dell DataSafe Online\SdbUI.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00152816 _____ () C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00338160 _____ (TODO: <Company name>) C:\Program Files\Dell DataSafe Online\OlbEng.dll
2009-11-13 17:57 - 2009-11-13 17:57 - 01441792 _____ (SwapDrive, Inc.) C:\Program Files\Dell DataSafe Online\BuEng.dll
2012-12-03 18:47 - 2011-11-03 06:00 - 00638464 _____ (CANON INC.) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMDRB1.DLL
2012-12-03 18:47 - 2011-11-03 06:00 - 03535360 _____ (CANON INC.) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMUIB1.DLL
 
==================== Alternate Data Streams (whitelisted) ======
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/21/2013 06:59:34 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
 
Error: (09/21/2013 06:59:34 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
 
Error: (09/21/2013 06:59:34 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
 
Error: (09/21/2013 06:59:34 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
 
Error: (09/21/2013 06:59:34 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
 
Error: (09/21/2013 06:59:34 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
 
Error: (09/21/2013 06:59:34 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
 
Error: (09/21/2013 06:59:34 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
 
Error: (09/21/2013 06:59:34 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
 
Error: (09/21/2013 06:59:34 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
 
 
System errors:
=============
Error: (09/21/2013 11:58:41 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
MRxSmb
 
Error: (09/21/2013 11:58:40 PM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater15.5.0 service failed to start due to the following error: 
%%2
 
Error: (09/21/2013 11:58:40 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error: 
%%1066
 
Error: (09/21/2013 11:58:40 PM) (Source: Service Control Manager) (User: )
Description: The Workstation service terminated with service-specific error 2250 (0x8CA).
 
Error: (09/21/2013 11:58:03 PM) (Source: Workstation) (User: )
Description: Could not load RDR device driver.
 
Error: (09/21/2013 11:58:03 PM) (Source: Workstation) (User: )
Description: Could not load MRxSmb device driver.
 
Error: (09/21/2013 07:03:20 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
MRxSmb
 
Error: (09/21/2013 07:03:20 PM) (Source: Service Control Manager) (User: )
Description: The SharedAccess service hung on starting.
 
Error: (09/21/2013 07:01:17 PM) (Source: Service Control Manager) (User: )
Description: The vToolbarUpdater15.5.0 service failed to start due to the following error: 
%%2
 
Error: (09/21/2013 07:01:17 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
 
Microsoft Office Sessions:
=========================
Error: (03/03/2010 06:33:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 26%
Total physical RAM: 2037.1 MB
Available physical RAM: 1505.39 MB
Total Pagefile: 3929 MB
Available Pagefile: 3412.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.36 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:298.05 GB) (Free:270.18 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (sysrcd-3.0.0) (CDROM) (Total:0.34 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=298 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

  • Staff

Hello retxab

I need you to download this script I have made for you --> fixlist.txt

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.

When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Gringo

Link to post
Share on other sites

Attached is the log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-09-2013

Ran by Barbara at 2013-09-22 01:55:18 Run:1
Running from C:\temp\farbar
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
C:\Documents and Settings\Barbara\Local Settings\Application Data\{ebc8304c-8e2f-4737-c9b3-76598667dd8e} 
C:\Documents and Settings\Barbara\jobq.dat 
 
 
 
*****************
 
C:\Documents and Settings\Barbara\Local Settings\Application Data\{ebc8304c-8e2f-4737-c9b3-76598667dd8e}  => Moved successfully.
C:\Documents and Settings\Barbara\jobq.dat  => Moved successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites

  • Staff

Hello retxab

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
Link to post
Share on other sites

Here's what I did:

 

1. Turned on machine and booted to windows

2. Avg updated itself and started running a scan.

3. I paused scan and it found two threats: one registry and one system file:  c:\windows\system32\drivers\netbt.sys

4. I am not sure what AVG did with the registry entry. AVG could not clean file mentioned above

5. Disabled AVG

6. Then created the file and dragged onto combofix

7. Rebooted machine and regression: no internet--network icon apperead with the message acquiring network address

 

Attached is the combofix log

 

 ComboFix 13-09-22.01 - Barbara 09/22/2013  18:24:45.3.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2037.1302 [GMT -4:00]
Running from: c:\temp\ComboFix.exe
Command switches used :: c:\temp\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-22 to 2013-09-22  )))))))))))))))))))))))))))))))
.
.
2013-09-22 03:59 . 2013-09-22 03:59 -------- d-----w- C:\FRST
2013-09-21 07:40 . 2013-09-21 07:40 -------- d-----w- c:\windows\ERUNT
2013-09-21 06:08 . 2013-09-21 07:39 -------- d-----w- C:\AdwCleaner
2013-09-21 01:28 . 2013-09-21 01:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Avg2013
2013-09-20 23:41 . 2013-09-20 23:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-20 23:41 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-20 19:34 . 2013-09-22 22:24 -------- d---a-w- C:\temp
2013-09-19 18:47 . 2013-09-19 18:47 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2013-09-12 00:22 . 2013-09-12 00:22 -------- d-----w- c:\program files\iPod
2013-09-12 00:22 . 2013-09-12 00:22 -------- d-----w- c:\program files\iTunes
2013-09-12 00:22 . 2013-09-12 00:22 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-09-12 00:18 . 2013-09-12 00:18 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2013-09-12 00:18 . 2013-09-12 00:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-09-12 00:18 . 2013-09-12 00:18 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2013-09-12 00:18 . 2013-09-12 00:18 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2013-09-12 00:18 . 2013-09-12 00:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-09-12 00:18 . 2013-09-12 00:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-09-12 00:18 . 2013-09-12 00:18 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2013-09-12 00:18 . 2013-09-12 00:18 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2013-09-12 00:18 . 2013-09-12 00:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-09-12 00:18 . 2013-09-12 00:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-09-12 00:18 . 2013-09-12 00:18 -------- d-----w- c:\program files\QuickTime
2013-09-11 15:17 . 2013-09-11 15:17 -------- d-----w- c:\documents and settings\Barbara\Application Data\Nero
2013-09-11 15:12 . 2013-09-11 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2013-09-11 14:48 . 2013-09-11 14:48 -------- d-----w- c:\documents and settings\Barbara\Application Data\Roxio
2013-09-11 14:34 . 2013-09-11 14:34 -------- d-----w- c:\documents and settings\Barbara\Application Data\licenses
2013-09-11 14:34 . 2013-09-11 14:35 -------- d-----w- c:\documents and settings\Barbara\Application Data\PCMM2009
2013-09-11 14:34 . 2013-09-11 14:34 -------- d-----w- c:\documents and settings\Barbara\Application Data\PCMM2013
2013-09-11 14:34 . 2013-09-11 14:36 -------- d-----w- c:\documents and settings\Barbara\Local Settings\Application Data\PC MightyMax 2013
2013-09-11 12:50 . 2013-09-09 13:40 35640 ----a-w- c:\windows\system32\uxtuneup.dll
2013-09-11 12:49 . 2013-09-09 13:40 36152 ----a-w- c:\windows\system32\TURegOpt.exe
2013-09-11 12:46 . 2013-09-11 12:53 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-09-11 12:36 . 2013-09-11 12:36 -------- d-----w- c:\program files\Common Files\Java
2013-09-11 12:36 . 2013-09-11 12:36 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-09-11 12:36 . 2013-09-11 12:36 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-13 14:43 . 2012-04-10 20:36 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-13 14:43 . 2011-06-04 02:41 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-11 12:36 . 2012-06-08 06:45 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-11 12:36 . 2010-05-25 23:06 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-10 05:34 . 2011-12-23 17:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-05 05:43 . 2011-09-13 11:30 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-08-14 21:13 . 2012-09-03 11:58 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-08-09 01:56 . 2008-04-25 16:16 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05 . 2008-04-25 16:16 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2008-04-25 16:16 43520 ------w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2008-04-25 16:16 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 01:27 . 2008-04-25 16:16 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 00:02 . 2008-04-25 16:16 385024 ------w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2008-04-25 16:16 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 18:18 . 2006-10-19 01:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-07-20 05:51 . 2012-08-09 17:56 246072 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-07-20 05:50 . 2012-04-19 08:50 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-07-20 05:50 . 2011-12-23 17:32 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 05:50 . 2011-10-07 11:23 171320 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-07-10 10:37 . 2008-04-25 16:16 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03 . 2008-04-25 16:16 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2008-04-14 00:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-01 05:45 . 2011-08-08 11:08 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-08-10 00:54 . 2013-08-10 00:54 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 18:01 . 2013-08-10 00:54 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-17 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-17 138008]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2567272]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-08-16 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-02-20 13:01 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [8/9/2012 1:56 PM 246072]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 7:30 AM 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 7:23 AM 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 2:14 AM 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/3/2012 7:58 AM 37664]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [7/23/2013 7:09 PM 283136]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [9/9/2013 9:40 AM 1740088]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [8/21/2013 7:53 PM 12320]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [7/4/2013 3:53 PM 4939312]
S2 gupdate1c9e3ab5e358b90;Google Update Service (gupdate1c9e3ab5e358b90);c:\program files\Google\Update\GoogleUpdate.exe [6/2/2009 1:55 PM 133104]
S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [?]
S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [10/23/2011 8:20 AM 11264]
S3 MFE_RR;MFE_RR;\??\c:\docume~1\Barbara\LOCALS~1\Temp\mfe_rr.sys --> c:\docume~1\Barbara\LOCALS~1\Temp\mfe_rr.sys [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 14:43]
.
2013-09-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-09-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-02 12:18]
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 17:55]
.
2013-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 17:55]
.
2013-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2821682522-1311732649-3067762728-1005Core.job
- c:\documents and settings\Barbara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-12-22 17:22]
.
2013-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2821682522-1311732649-3067762728-1005UA.job
- c:\documents and settings\Barbara\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-12-22 17:22]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Barbara\Application Data\Mozilla\Firefox\Profiles\jo5flxg6.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-22 18:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(136)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-09-22  18:32:12
ComboFix-quarantined-files.txt  2013-09-22 22:32
ComboFix2.txt  2013-09-21 23:05
.
Pre-Run: 290,298,781,696 bytes free
Post-Run: 290,284,318,720 bytes free
.
- - End Of File - - 3B7650218DE1159E04B660D7164F6B59
CDB4DE4BBD714F152979DA2DCBEF57EB
Link to post
Share on other sites

  • Staff

Hello

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Gringo
Link to post
Share on other sites

Attached is the log

 

Farbar Service Scanner Version: 13-09-2013

Ran by Barbara (administrator) on 22-09-2013 at 22:40:19
Running from "C:\temp"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
 
NetBt Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of NetBt. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of NetBt. The value does not exist.
 
 
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2008-04-25 12:16] - [2008-04-14 08:00] - 0162816 ____A () D059DA3E533E70D50F41C78766EED6AA
 
ATTENTION!=====> C:\WINDOWS\system32\Drivers\netbt.sys IS INFECTED.
 
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
 
Extra List:
=======
Avgtdix(10) Gpc(6) IPSec(4) PSched(7) Tcpip(3) 
0x0B0000000400000001000000020000000300000009000000080000000A0000000500000006000000070000000B000000
IpSec Tag value is correct.
 
**** End of log ****
Link to post
Share on other sites

  • Staff

Hello

I would like to run this next to search for some files on the computer.

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefindnetbt.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Gringo

Link to post
Share on other sites

Gringo

 

Attached is the log

 

 SystemLook 30.07.11 by jpshortstuff

Log created at 00:39 on 23/09/2013 by Barbara
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "netbt.sys"
C:\WINDOWS\system32\drivers\netbt.sys --a---- 162816 bytes [16:16 25/04/2008] [12:00 14/04/2008] D059DA3E533E70D50F41C78766EED6AA
 
-= EOF =-
Link to post
Share on other sites

  • Staff

Hello

I have changed the search some so I want you to rerun it

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefindnetbt.*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Gringo

Link to post
Share on other sites

Gringo

 

Here is the log

 

 SystemLook 30.07.11 by jpshortstuff

Log created at 01:45 on 23/09/2013 by Barbara
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "netbt.*"
C:\I386\NETBT.SY_ --a--c- 90332 bytes [16:12 25/04/2008] [12:00 14/04/2008] 5283D951FE9596543E17457B6BAE87F9
C:\WINDOWS\system32\drivers\netbt.sys --a---- 162816 bytes [16:16 25/04/2008] [12:00 14/04/2008] D059DA3E533E70D50F41C78766EED6AA
 
-= EOF =-
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.