Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Running Slow Virus Uninstalled Poorly [Solved]


  • This topic is locked This topic is locked

#1
dtekka

dtekka

    Member

  • Member
  • PipPipPip
  • 174 posts
My friends computer had a virus on it and she had someone fix it. They told me that it has been running extremely slow. I looked at it and it is abnormally slow. When going to web pages it will freeze. The internet connection is great, and I have no problems on my laptop there. Here is a OTL log of the computer. Hopefully its something simple the other person missed?

OTL logfile created on: 10/29/2013 3:30:20 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Associate\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.49 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 76.30% Memory free
4.34 Gb Paging File | 3.82 Gb Available in Paging File | 87.95% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 13.97 Gb Free Space | 37.50% Space Free | Partition Type: NTFS
Drive S: | 465.76 Gb Total Space | 357.39 Gb Free Space | 76.73% Space Free | Partition Type: NTFS

Computer Name: ASSOCIATE | User Name: Associate | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/29 11:26:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Associate\Desktop\OTL.exe
PRC - [2013/10/07 19:54:20 | 004,908,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013/10/03 22:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2013/10/01 05:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/10/01 05:14:40 | 004,536,672 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version8\TeamViewer_Desktop.exe
PRC - [2013/10/01 05:14:39 | 012,631,904 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer.exe
PRC - [2013/10/01 05:05:43 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\tv_w32.exe
PRC - [2013/09/25 21:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/09/15 23:08:30 | 000,895,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2013/09/03 22:22:16 | 000,588,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2013/09/02 11:19:00 | 000,669,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
PRC - [2013/08/20 23:03:42 | 000,728,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2013/08/12 10:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/08/12 10:11:20 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/06/05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\Associate\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2013/04/04 16:49:16 | 029,078,632 | ---- | M] (Gemalto N.V.) -- C:\Documents and Settings\Associate\Application Data\SanDisk\SanDisk_Button_Manager.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/03 23:30:08 | 000,219,648 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsty.exe
PRC - [2005/11/11 19:30:22 | 000,995,328 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2003/07/30 09:08:58 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011/05/06 14:50:42 | 011,483,240 | ---- | M] () -- C:\Documents and Settings\Associate\Application Data\SanDisk\My Backup\dmBackup.dll
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2002/11/26 14:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll


========== Services (SafeList) ==========

SRV - [2013/10/17 12:34:34 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/03 22:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/10/01 05:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/09/25 21:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/08/12 10:12:38 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/07/03 12:26:59 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/01 12:06:46 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/10/01 11:57:29 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/09/25 20:57:14 | 000,120,632 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/09/10 22:11:44 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/08 22:12:16 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/09/02 10:39:32 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/09/02 10:28:06 | 000,145,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/09/02 10:28:04 | 000,209,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/09/02 10:28:00 | 000,223,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/08/20 22:54:04 | 000,102,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/08/01 16:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2008/04/13 11:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/02/15 01:00:00 | 000,026,624 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dwvkbd.sys -- (dwvkbd)
DRV - [2007/02/07 02:00:00 | 000,003,712 | ---- | M] (DameWare Development, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DamewareMini.sys -- (DwMirror)
DRV - [2004/08/03 17:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 17:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 17:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 17:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 17:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 17:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 17:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 17:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 17:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 17:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 17:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 17:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 17:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 17:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 17:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2004/05/04 10:31:18 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/02/04 11:34:16 | 000,051,584 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2002/04/03 23:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)
DRV - [2001/08/17 13:54:20 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/17 13:54:20 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{170CD3DF-E0A4-4BFA-A26A-99A9A0F4B0F4}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {170CD3DF-E0A4-4BFA-A26A-99A9A0F4B0F4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\..\SearchScopes\{170CD3DF-E0A4-4BFA-A26A-99A9A0F4B0F4}: "URL" = http://www.google.co...1I7GZAG_enUS427
IE - HKCU\..\SearchScopes\{645701DB-0A59-AE3F-8D62-BAA040AFB663}: "URL" = http://www.bing.com/...007&form=ZGAIDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Associate\Application Data\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Associate\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Associate\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/04/11 09:49:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/09/20 10:04:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Associate\Application Data\Mozilla\Extensions
[2013/10/29 13:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Associate\Application Data\Mozilla\Firefox\Profiles\j8alfuol.default\extensions
[2013/10/15 09:51:18 | 000,003,669 | ---- | M] () -- C:\Documents and Settings\Associate\Application Data\Mozilla\Firefox\Profiles\j8alfuol.default\searchplugins\safeguard-secure-search.xml
[2013/10/29 12:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/03 12:25:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/03 12:27:01 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/01/24 15:43:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/

O1 HOSTS File: ([2013/10/29 13:30:22 | 000,000,741 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.exe (DameWare Development)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Associate\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [SanDisk_Button_Manager.exe] C:\Documents and Settings\Associate\Application Data\SanDisk\SanDisk_Button_Manager.exe (Gemalto N.V.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.fac...fbootloader.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1264309798530 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1264374151578 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{883D7199-25FF-405D-9BC7-2A9829E235F2}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: \\File_server\S\Salek Law Desktop.bmp
O24 - Desktop BackupWallPaper: \\File_server\S\Salek Law Desktop.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/29 14:24:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/10/29 14:24:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/10/29 14:24:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/10/29 14:24:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/10/29 14:24:24 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/10/29 14:00:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/29 14:00:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/10/29 13:56:09 | 005,137,551 | R--- | C] (Swearware) -- C:\Documents and Settings\Associate\Desktop\ComboFix.exe
[2013/10/29 13:54:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Associate\Recent
[2013/10/29 13:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Associate\Desktop\RK_Quarantine
[2013/10/29 13:08:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/10/29 12:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Associate\Application Data\Malwarebytes
[2013/10/29 12:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/29 12:19:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/10/29 12:19:01 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/10/29 12:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/29 12:06:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/29 11:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Associate\Desktop\tools
[2013/10/29 11:26:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Associate\Desktop\OTL.exe
[2013/10/29 11:21:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8
[2013/10/29 11:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2013/10/21 10:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/09/30 14:30:17 | 027,795,880 | ---- | C] (SUPERAntiSpyware) -- C:\Documents and Settings\Associate\My Documents\SUPERAntiSpywarePro.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/29 15:34:32 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/10/29 15:34:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/29 15:25:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/29 15:24:53 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/29 15:24:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/29 15:10:32 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/29 14:55:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1043594332-3240213967-4197018714-1005UA.job
[2013/10/29 13:56:27 | 005,137,551 | R--- | M] (Swearware) -- C:\Documents and Settings\Associate\Desktop\ComboFix.exe
[2013/10/29 13:36:05 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/10/29 12:19:12 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/29 12:09:45 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/29 11:26:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Associate\Desktop\OTL.exe
[2013/10/29 11:21:33 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk
[2013/10/29 11:08:31 | 000,000,426 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2013/10/29 10:52:18 | 000,002,531 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DraftSight.lnk
[2013/10/28 16:55:02 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Associate\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003 (2).lnk
[2013/10/21 10:36:37 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2013/10/18 09:32:09 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Associate\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/10/17 17:14:04 | 000,474,542 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/10/17 17:14:04 | 000,084,650 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/10/17 16:59:45 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/10/15 09:55:32 | 000,003,669 | ---- | M] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013/10/03 11:33:27 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Associate\Desktop\Microsoft Office Excel 2003.lnk
[2013/10/02 19:55:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1043594332-3240213967-4197018714-1005Core.job
[2013/10/01 11:57:29 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/09/30 14:59:15 | 000,210,804 | ---- | M] () -- C:\Documents and Settings\Associate\My Documents\cc_20130930_145851.reg
[2013/09/30 14:30:32 | 027,795,880 | ---- | M] (SUPERAntiSpyware) -- C:\Documents and Settings\Associate\My Documents\SUPERAntiSpywarePro.exe
[2013/09/30 14:25:29 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/29 14:24:34 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/10/29 14:24:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/10/29 14:24:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/10/29 14:24:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/10/29 14:24:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/10/29 12:19:12 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/29 11:21:33 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk
[2013/10/17 17:09:37 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/09/30 14:58:56 | 000,210,804 | ---- | C] () -- C:\Documents and Settings\Associate\My Documents\cc_20130930_145851.reg
[2013/07/24 09:52:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Associate\Application Data\BNCLI.DLL
[2013/07/18 15:32:33 | 000,003,669 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013/04/04 16:48:05 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Associate\Application Data\.backup.dm
[2012/04/17 13:38:43 | 000,016,991 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
[2012/04/17 13:25:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2012/02/16 09:21:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/01/23 22:20:39 | 000,002,758 | -H-- | C] () -- C:\Documents and Settings\Associate\Local Settings\Application Data\intuy.iru

========== ZeroAccess Check ==========

[2009/07/24 10:38:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/21 22:21:02 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/02/25 12:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2013/08/27 10:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2013/09/27 10:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/09/27 10:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2013/07/16 11:12:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/30 14:59:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dassault Systemes
[2013/10/29 10:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/08/29 12:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/01/24 13:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2013/07/16 11:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/07/01 13:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Associate\Application Data\.oit
[2013/07/16 12:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Associate\Application Data\AVG SafeGuard toolbar
[2013/09/27 10:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Associate\Application Data\AVG2014
[2013/04/02 11:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Associate\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/11/30 14:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Associate\Application Data\DraftSight
[2013/04/02 11:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Associate\Application Data\PDAppFlex
[2013/10/08 09:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Associate\Application Data\SanDisk
[2013/04/02 12:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Associate\Application Data\SolidDocuments
[2011/10/11 10:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Associate\Application Data\SumatraPDF
[2012/10/26 13:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Associate\Application Data\Tabs3
[2013/07/16 12:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Associate\Application Data\TuneUp Software
[2013/07/15 12:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Associate\Application Data\Voza
[2010/12/02 15:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Associate\Application Data\WhiteSmokeSetup
[2010/12/09 09:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Associate\Application Data\WhiteSmokeTranslator

========== Purity Check ==========



< End of report >

Edited by dtekka, 29 October 2013 - 04:46 PM.

  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello dtekka,

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

  • 0

#3
dtekka

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-11-2013
Ran by Associate (administrator) on ASSOCIATE on 18-11-2013 23:16:10
Running from C:\Documents and Settings\Associate\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsty.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter2\brctrcen.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Associate\Local Settings\Application Data\Akamai\netsession_win.exe
(Gemalto N.V.) C:\Documents and Settings\Associate\Application Data\SanDisk\SanDisk_Button_Manager.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Associate\Local Settings\Application Data\Akamai\netsession_win.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(TeamViewer GmbH) c:\program files\teamviewer\version8\TeamViewer_Desktop.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Smapp] - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [143360 2003-07-30] (Analog Devices, Inc.)
HKLM\...\Run: [PDF Complete] - C:\Program Files\PDF Complete\pdfsty.exe [219648 2006-01-03] (PDF Complete Inc)
HKLM\...\Run: [SetRefresh] - C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [525824 2003-11-20] (Hewlett-Packard Company)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [155648 2003-10-14] (Scansoft, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [ControlCenter2.0] - C:\Program Files\Brother\ControlCenter2\brctrcen.exe [995328 2005-11-11] (Brother Industries, Ltd.)
HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [DameWare MRC Agent] - C:\WINDOWS\system32\DWRCST.exe [78848 2008-03-24] (DameWare Development)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Documents and Settings\Associate\Local Settings\Application Data\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [SanDisk_Button_Manager.exe] - C:\Documents and Settings\Associate\Application Data\SanDisk\SanDisk_Button_Manager.exe [29078632 2013-04-04] (Gemalto N.V.)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-04-11] (Google Inc.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {645701DB-0A59-AE3F-8D62-BAA040AFB663} URL = http://www.bing.com/...007&form=ZGAIDF
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.fac...fbootloader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1264309798530
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Associate\Application Data\Mozilla\Firefox\Profiles\j8alfuol.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Documents and Settings\Associate\Application Data\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Associate\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Associate\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File
FF SearchPlugin: C:\Documents and Settings\Associate\Application Data\Mozilla\Firefox\Profiles\j8alfuol.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Google Toolbar for Firefox - C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Extension: (Poppit) - C:\DOCUME~1\ASSOCI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Associate\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] (Microsoft Corporation)
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.)

==================== Drivers (Whitelisted) ====================

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120632 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [209208 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [145720 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102200 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27448 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-10-01] (AVG Technologies)
S3 Blfp; C:\Windows\System32\DRIVERS\baspxp32.sys [51584 2004-02-04] (Broadcom Corporation)
R3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [3712 2007-02-07] (DameWare Development, LLC)
R1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd.sys [26624 2007-02-15] (DameWare)
S3 i81x; C:\Windows\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel® Corporation)
S3 iAimFP0; C:\Windows\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel® Corporation)
S3 iAimFP1; C:\Windows\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel® Corporation)
S3 iAimFP2; C:\Windows\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel® Corporation)
S3 iAimFP3; C:\Windows\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel® Corporation)
S3 iAimFP4; C:\Windows\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel® Corporation)
S3 iAimFP5; C:\Windows\System32\DRIVERS\wADV07nt.sys [11807 2004-08-03] (Intel® Corporation)
S3 iAimFP6; C:\Windows\System32\DRIVERS\wADV08nt.sys [11295 2004-08-03] (Intel® Corporation)
S3 iAimFP7; C:\Windows\System32\DRIVERS\wADV09nt.sys [11871 2004-08-03] (Intel® Corporation)
S3 iAimTV0; C:\Windows\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel® Corporation)
S3 iAimTV1; C:\Windows\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel® Corporation)
S3 iAimTV3; C:\Windows\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel® Corporation)
S3 iAimTV4; C:\Windows\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel® Corporation)
S3 iAimTV5; C:\Windows\System32\DRIVERS\wATV10nt.sys [25471 2004-08-03] (Intel® Corporation)
S3 iAimTV6; C:\Windows\System32\DRIVERS\wATV06nt.sys [22271 2004-08-03] (Intel® Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2001-08-17] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2001-08-17] (Microsoft Corporation)
S1 P3; C:\Windows\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
S4 Symmpi; C:\Windows\system32\DRIVERS\symmpi.sys [28416 2002-04-03] (LSI Logic)
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-18 23:16 - 2013-11-18 23:16 - 00014989 _____ C:\Documents and Settings\Associate\Desktop\FRST.txt
2013-11-18 23:16 - 2013-11-18 23:16 - 00000000 ____D C:\FRST
2013-11-18 23:14 - 2013-11-18 23:14 - 01090881 _____ (Farbar) C:\Documents and Settings\Associate\Desktop\FRST.exe
2013-11-13 16:53 - 2013-11-13 16:53 - 00009068 _____ C:\WINDOWS\KB2900986.log
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-13 16:52 - 2013-11-13 16:53 - 00034037 _____ C:\WINDOWS\iis6.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00030915 _____ C:\WINDOWS\FaxSetup.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00014780 _____ C:\WINDOWS\ocgen.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00014105 _____ C:\WINDOWS\tsoc.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00010267 _____ C:\WINDOWS\comsetup.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00009642 _____ C:\WINDOWS\msmqinst.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00006227 _____ C:\WINDOWS\ntdtcsetup.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00005415 _____ C:\WINDOWS\netfxocm.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00002125 _____ C:\WINDOWS\MedCtrOC.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00001710 _____ C:\WINDOWS\ocmsn.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00001555 _____ C:\WINDOWS\tabletoc.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00001545 _____ C:\WINDOWS\msgsocm.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00001393 _____ C:\WINDOWS\imsins.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 _____ C:\WINDOWS\setupact.log
2013-11-13 16:51 - 2013-11-13 16:53 - 00004119 _____ C:\WINDOWS\updspapi.log
2013-11-13 16:51 - 2013-11-13 16:52 - 00011232 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-13 10:21 - 2013-11-13 16:53 - 00014833 _____ C:\WINDOWS\KB2868626.log
2013-11-13 10:21 - 2013-11-13 16:53 - 00013816 _____ C:\WINDOWS\KB2862152.log
2013-11-13 10:21 - 2013-11-13 16:52 - 00013342 _____ C:\WINDOWS\KB2876331.log
2013-10-29 14:23 - 2013-10-29 14:23 - 00003309 _____ C:\Documents and Settings\Associate\reset.log
2013-10-29 13:24 - 2013-10-29 13:25 - 00000000 ___SD C:\ComboFix
2013-10-29 13:24 - 2011-06-25 22:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-10-29 13:24 - 2010-11-07 09:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-10-29 13:24 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-10-29 13:00 - 2013-10-29 13:24 - 00000000 ____D C:\Qoobox
2013-10-29 13:00 - 2013-10-29 13:00 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-29 12:08 - 2013-10-29 12:08 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\Associate\Application Data\Malwarebytes
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-29 11:19 - 2013-04-04 13:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-10-29 11:06 - 2013-10-29 11:08 - 00000000 ____D C:\AdwCleaner
2013-10-29 10:52 - 2013-10-29 15:10 - 00000000 ____D C:\Documents and Settings\Associate\Desktop\tools
2013-10-29 10:21 - 2013-10-29 10:21 - 00000815 _____ C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk
2013-10-29 10:21 - 2013-10-29 10:21 - 00000000 ____D C:\Program Files\TeamViewer
2013-10-29 10:21 - 2013-10-29 10:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8
2013-10-21 09:36 - 2013-10-21 09:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG

==================== One Month Modified Files and Folders =======

2013-11-18 23:16 - 2013-11-18 23:16 - 00014989 _____ C:\Documents and Settings\Associate\Desktop\FRST.txt
2013-11-18 23:16 - 2013-11-18 23:16 - 00000000 ____D C:\FRST
2013-11-18 23:14 - 2013-11-18 23:14 - 01090881 _____ (Farbar) C:\Documents and Settings\Associate\Desktop\FRST.exe
2013-11-18 23:13 - 2009-07-24 09:14 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-18 23:10 - 2013-07-03 11:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-18 23:10 - 2011-04-11 08:48 - 00000892 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-18 22:55 - 2011-04-07 14:45 - 00000994 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1043594332-3240213967-4197018714-1005UA.job
2013-11-18 22:34 - 2012-07-09 08:22 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-18 19:55 - 2011-04-07 14:45 - 00000942 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1043594332-3240213967-4197018714-1005Core.job
2013-11-18 19:25 - 2004-08-09 13:00 - 01470073 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-18 17:47 - 2013-07-16 10:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-11-18 12:38 - 2013-10-17 16:09 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-11-18 12:22 - 2011-08-25 14:36 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-11-18 12:22 - 2011-04-11 08:48 - 00000888 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-18 12:22 - 2009-07-24 09:14 - 00000259 _____ C:\WINDOWS\wiadebug.log
2013-11-18 12:22 - 2009-07-24 09:14 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-18 12:21 - 2010-01-23 21:13 - 00000000 __SHD C:\WINDOWS\CSC
2013-11-18 12:21 - 2004-08-10 10:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-18 09:52 - 2013-04-04 15:50 - 00000000 ____D C:\Documents and Settings\Associate\Application Data\SanDisk
2013-11-15 18:18 - 2010-01-23 21:20 - 00000278 ___SH C:\Documents and Settings\Associate\ntuser.ini
2013-11-15 18:18 - 2009-07-24 09:09 - 00032362 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-15 09:10 - 2004-08-09 12:44 - 00569878 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-13 16:53 - 2013-11-13 16:53 - 00009068 _____ C:\WINDOWS\KB2900986.log
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-13 16:53 - 2013-11-13 16:52 - 00034037 _____ C:\WINDOWS\iis6.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00030915 _____ C:\WINDOWS\FaxSetup.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00014780 _____ C:\WINDOWS\ocgen.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00014105 _____ C:\WINDOWS\tsoc.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00010267 _____ C:\WINDOWS\comsetup.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00009642 _____ C:\WINDOWS\msmqinst.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00006227 _____ C:\WINDOWS\ntdtcsetup.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00005415 _____ C:\WINDOWS\netfxocm.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00002125 _____ C:\WINDOWS\MedCtrOC.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00001710 _____ C:\WINDOWS\ocmsn.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00001555 _____ C:\WINDOWS\tabletoc.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00001545 _____ C:\WINDOWS\msgsocm.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00001393 _____ C:\WINDOWS\imsins.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-11-13 16:53 - 2013-11-13 16:51 - 00004119 _____ C:\WINDOWS\updspapi.log
2013-11-13 16:53 - 2013-11-13 10:21 - 00014833 _____ C:\WINDOWS\KB2868626.log
2013-11-13 16:53 - 2013-11-13 10:21 - 00013816 _____ C:\WINDOWS\KB2862152.log
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 _____ C:\WINDOWS\setupact.log
2013-11-13 16:52 - 2013-11-13 16:51 - 00011232 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-13 16:52 - 2013-11-13 10:21 - 00013342 _____ C:\WINDOWS\KB2876331.log
2013-11-13 16:51 - 2010-01-24 13:53 - 00000000 ____D C:\WINDOWS\ie8updates
2013-11-13 16:50 - 2013-08-14 16:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-13 16:47 - 2010-01-24 13:50 - 80340640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-11-13 16:46 - 2010-01-23 21:20 - 00000000 ____D C:\Documents and Settings\Associate
2013-10-29 15:10 - 2013-10-29 10:52 - 00000000 ____D C:\Documents and Settings\Associate\Desktop\tools
2013-10-29 14:23 - 2013-10-29 14:23 - 00003309 _____ C:\Documents and Settings\Associate\reset.log
2013-10-29 13:25 - 2013-10-29 13:24 - 00000000 ___SD C:\ComboFix
2013-10-29 13:24 - 2013-10-29 13:00 - 00000000 ____D C:\Qoobox
2013-10-29 13:00 - 2013-10-29 13:00 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-29 12:35 - 2013-07-16 10:38 - 00000000 ____D C:\Program Files\CCleaner
2013-10-29 12:08 - 2013-10-29 12:08 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-29 11:43 - 2010-01-24 13:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB956744$
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\Associate\Application Data\Malwarebytes
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-29 11:13 - 2010-01-24 12:00 - 00068840 ____C C:\Documents and Settings\Associate\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-29 11:09 - 2004-08-09 12:40 - 00267800 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-29 11:08 - 2013-10-29 11:06 - 00000000 ____D C:\AdwCleaner
2013-10-29 10:21 - 2013-10-29 10:21 - 00000815 _____ C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk
2013-10-29 10:21 - 2013-10-29 10:21 - 00000000 ____D C:\Program Files\TeamViewer
2013-10-29 10:21 - 2013-10-29 10:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8
2013-10-29 10:08 - 2010-01-24 12:53 - 00000426 ____C C:\WINDOWS\BRWMARK.INI
2013-10-29 09:52 - 2010-11-30 13:59 - 00002531 _____ C:\Documents and Settings\All Users\Desktop\DraftSight.lnk
2013-10-29 09:42 - 2010-02-22 09:54 - 00000000 ____D C:\Documents and Settings\Associate\Local Settings\Application Data\Google
2013-10-21 09:36 - 2013-10-21 09:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2013-10-21 09:35 - 2013-07-16 11:00 - 00000000 ___HD C:\$AVG

Some content of TEMP:
====================
C:\Documents and Settings\Associate\Local Settings\Temp\ntdll_dump.dll
C:\Documents and Settings\Associate\Local Settings\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
  • 0

#4
dtekka

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-11-2013
Ran by Associate at 2013-11-18 23:17:41
Running from C:\Documents and Settings\Associate\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 8.1.4)
Adobe AIR (Version: 3.0.0.4080)
Adobe Download Assistant (Version: 1.2.5)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
Akamai NetSession Interface Service
AVG 2014 (Version: 14.0.3629)
AVG 2014 (Version: 14.0.4158)
AVG 2014 (Version: 2014.0.4158)
AVG SafeGuard toolbar (Version: 17.0.1.12)
Broadcom Management Programs (Version: 7.58.01)
Brother MFL-Pro Suite (Version: 1.00.000)
CCleaner (Version: 4.07)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
DameWare Mini Remote Control Client Agent Service (Version: 6.7.0.9)
DraftSight (Version: 8.0.1713)
E-Transcript Bundle Viewer (Version: 5.0.2.132)
Google Chrome (HKCU Version: 11.0.696.60)
Google Toolbar for Firefox (Version: 7.1.20101113)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4601.54)
Google Update Helper (Version: 1.3.21.165)
HP Help and Support (Version: 3.100.6.1)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4396)
Java 2 Runtime Environment, SE v1.4.2_03 (Version: 1.4.2_03)
king.com (remove only)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSVCRT (Version: 14.0.1468.721)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PaperPort (Version: 9.02.0827)
PDF Complete
SanDisk_Button_Manager.exe (HKCU Version: 1.0.0)
Segoe UI (Version: 14.0.4327.805)
Software Setup
SoundMAX (Version: 5.12.01.4070)
swMSM (Version: 12.0.0.1)
Tabs3/PracticeMaster Local Installation (Version: 16)
TeamViewer 8 (Version: 8.0.22298)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8098.930)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)

==================== Restore Points =========================

07-10-2013 16:50:36 Software Distribution Service 3.0
07-10-2013 18:48:20 Software Distribution Service 3.0
09-10-2013 17:27:01 Software Distribution Service 3.0
09-10-2013 19:05:55 Software Distribution Service 3.0
11-10-2013 16:50:36 Software Distribution Service 3.0
11-10-2013 19:07:09 Software Distribution Service 3.0
15-10-2013 17:00:09 Software Distribution Service 3.0
15-10-2013 19:02:58 Software Distribution Service 3.0
15-10-2013 23:28:45 Software Distribution Service 3.0
16-10-2013 18:58:53 Software Distribution Service 3.0
17-10-2013 18:17:41 Restore Operation
17-10-2013 18:55:22 Software Distribution Service 3.0
17-10-2013 23:58:45 Software Distribution Service 3.0
18-10-2013 18:56:46 Software Distribution Service 3.0
21-10-2013 17:33:51 Software Distribution Service 3.0
23-10-2013 17:12:47 Software Distribution Service 3.0
23-10-2013 18:50:40 Software Distribution Service 3.0
25-10-2013 17:35:32 Software Distribution Service 3.0
25-10-2013 19:08:30 Software Distribution Service 3.0
28-10-2013 17:04:36 Software Distribution Service 3.0
28-10-2013 18:38:38 Software Distribution Service 3.0
29-10-2013 19:24:02 Software Distribution Service 3.0
30-10-2013 19:23:43 Software Distribution Service 3.0
01-11-2013 16:20:44 Software Distribution Service 3.0
04-11-2013 17:36:44 Software Distribution Service 3.0
04-11-2013 20:31:55 Software Distribution Service 3.0
06-11-2013 17:38:15 Software Distribution Service 3.0
06-11-2013 19:33:11 Software Distribution Service 3.0
08-11-2013 17:31:56 Software Distribution Service 3.0
08-11-2013 19:41:51 Software Distribution Service 3.0
13-11-2013 18:33:29 Software Distribution Service 3.0
14-11-2013 00:47:05 Software Distribution Service 3.0
15-11-2013 17:15:43 Software Distribution Service 3.0
15-11-2013 20:18:36 Software Distribution Service 3.0
18-11-2013 18:02:35 Software Distribution Service 3.0
18-11-2013 20:40:49 Software Distribution Service 3.0

==================== Hosts content: ==========================

2009-07-24 09:11 - 2013-10-29 12:30 - 00000741 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1043594332-3240213967-4197018714-1005Core.job => C:\Documents and Settings\Associate\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1043594332-3240213967-4197018714-1005UA.job => C:\Documents and Settings\Associate\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Loaded Modules (whitelisted) =============

2010-01-24 12:52 - 2002-11-26 13:43 - 00106496 ____N () C:\WINDOWS\system32\BrMuSNMP.dll
2011-04-07 12:43 - 2011-05-06 13:50 - 11483240 _____ () C:\Documents and Settings\Associate\Application Data\SanDisk\My Backup\dmBackup.dll
2004-08-03 23:56 - 2008-04-13 16:11 - 00059904 ____C () C:\WINDOWS\system32\devenum.dll
2004-08-03 23:56 - 2008-04-13 16:11 - 00014336 ____C () C:\WINDOWS\system32\msdmo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2013 09:30:25 AM) (Source: Application Hang) (User: )
Description: Hanging application OUTLOOK.EXE, version 11.0.8326.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/29/2013 01:24:09 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.3.219.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (10/29/2013 10:25:08 AM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 11.0.8407.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/25/2013 10:10:32 AM) (Source: Application Hang) (User: )
Description: Hanging application WINWORD.EXE, version 11.0.8407.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/18/2013 08:32:40 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.3.219.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (10/17/2013 04:14:03 PM) (Source: LoadPerf) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 20688, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (10/17/2013 04:14:02 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service aspnet_state (ASP.NET State Service) failed. The
Error code is the first DWORD in Data section.

Error: (10/17/2013 04:14:02 PM) (Source: LoadPerf) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 20688, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (10/17/2013 04:14:00 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service ASP.NET_2.0.50727 (ASP.NET_2.0.50727) failed. The
Error code is the first DWORD in Data section.

Error: (10/17/2013 04:14:00 PM) (Source: LoadPerf) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 20688, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.


System errors:
=============
Error: (11/08/2013 09:21:37 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (10/29/2013 01:19:29 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (10/29/2013 09:58:11 AM) (Source: Print) (User: ASSOCIATE)
Description: The document https://payments.cha...ransfer/Confirm owned by Associate failed to print on printer Brother MFC-8660DN Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 3211264. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\ASSOCIATE. Win32 error code returned by the print processor: https://payments.cha...nsfer/Confirm0. https://payments.cha...ansfer/Confirm1

Error: (10/29/2013 09:55:51 AM) (Source: Print) (User: ASSOCIATE)
Description: The document https://payments.cha...ransfer/Confirm owned by Associate failed to print on printer Brother MFC-8660DN Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 3211264. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\ASSOCIATE. Win32 error code returned by the print processor: https://payments.cha...nsfer/Confirm0. https://payments.cha...ansfer/Confirm1

Error: (10/25/2013 03:48:34 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (10/25/2013 11:04:59 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (10/25/2013 11:04:50 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (10/23/2013 09:02:18 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (10/18/2013 08:29:49 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (10/17/2013 10:31:04 AM) (Source: Microsoft Antimalware) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

Signatures Attempted: %24

Error Code: 0x80070002

Error description: The system cannot find the file specified.

Signature version: 0.0.0.0;0.0.0.0

Engine version: %600


Microsoft Office Sessions:
=========================
Error: (11/06/2013 09:30:25 AM) (Source: Application Hang)(User: )
Description: OUTLOOK.EXE11.0.8326.0hungapp0.0.0.000000000

Error: (10/29/2013 01:24:09 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.3.219.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (10/29/2013 10:25:08 AM) (Source: Application Hang)(User: )
Description: WINWORD.EXE11.0.8407.0hungapp0.0.0.000000000

Error: (10/25/2013 10:10:32 AM) (Source: Application Hang)(User: )
Description: WINWORD.EXE11.0.8407.0hungapp0.0.0.000000000

Error: (10/18/2013 08:32:40 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry2152759308unspecifiedscanfile4.3.219.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (10/17/2013 04:14:03 PM) (Source: LoadPerf)(User: )
Description: 20688

Error: (10/17/2013 04:14:02 PM) (Source: LoadPerf)(User: )
Description: aspnet_stateASP.NET State Service

Error: (10/17/2013 04:14:02 PM) (Source: LoadPerf)(User: )
Description: 20688

Error: (10/17/2013 04:14:00 PM) (Source: LoadPerf)(User: )
Description: ASP.NET_2.0.50727ASP.NET_2.0.50727

Error: (10/17/2013 04:14:00 PM) (Source: LoadPerf)(User: )
Description: 20688


==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 2551.43 MB
Available physical RAM: 1724.32 MB
Total Pagefile: 4444.48 MB
Available Pagefile: 3734.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.26 GB) (Free:14.59 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive s: (SERVER) (Network) (Total:465.76 GB) (Free:358.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: 9C879C87)
Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#5
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello dtekka,

Did you install or know about this program:

DameWare Mini Remote Control Client Agent Service (Version: 6.7.0.9)

The reason I ask is because it is a program commonly used by hackers. If it wasn't installed by the owner or with their knowledge then it should be uninstalled.

Secondly

I see you have run ComboFix in the past.

I would like to see what, if anything, it found.

Right click on Start > Explore and navigate to:

:\Qoobox folder (most likely C:\Qoobox\ComboFix.txt) and past the contents of the text file back here.

Note: ComboFix.txt are numbered so if there was more than one run for instance you might find C:\Qoobox\ComboFix2.txt. etc.

For now

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

So when you return please post
  • ComboFix.txt
  • Fixlog.txt

  • 0

#6
dtekka

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
I tried navigating to the combofix list, but there are only a couple subfolders in the Qoobox directory. They are: BackEnv, LasRun, Quarantine, Test and TestC. I am running a search on the computer for combofix.txt Also in response to Dameware, that is not a program that she uses. She uses teamviewer from time to time for assistance.

I just noticed I see combofix in my computer within C: and it looks as if it is a network drive. Should I navigate through there?

Edited by dtekka, 19 November 2013 - 02:58 PM.

  • 0

#7
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

I tried navigating to the combofix list, but there are only a couple subfolders in the Qoobox directory. They are: BackEnv, LasRun, Quarantine, Test and TestC. I am running a search on the computer for combofix.txt


Don't worry if you can't find it, it's not the end of the world. Just might have been helful to see what it found.

Also in response to Dameware, that is not a program that she uses. She uses teamviewer from time to time for assistance.


They both show in the logs. For safety it might be a good idea to unistall the Dameware one.
  • 0

#8
dtekka

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Here is the one log that you requested. Also, I wanted to note that I went into add remove programs and could not find DameWare Mini Remote Control Client Agent Service (Version: 6.7.0.9) Could you please guide me on how to uninstall it? I also checked in - Start menu - programs and did not see it listed there either.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-11-2013
Ran by Associate at 2013-11-19 13:00:17 Run:1
Running from C:\Documents and Settings\Associate\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
C:\Documents and Settings\Associate\Local Settings\Temp\ntdll_dump.dll
C:\Documents and Settings\Associate\Local Settings\Temp\Quarantine.exe
*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
C:\Documents and Settings\Associate\Local Settings\Temp\ntdll_dump.dll => Moved successfully.
C:\Documents and Settings\Associate\Local Settings\Temp\Quarantine.exe => Moved successfully.

==== End of Fixlog ====

Edited by dtekka, 19 November 2013 - 03:05 PM.

  • 0

#9
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
With the ComboFix one is there a text file in that LasRun? If not let's do this:

Please delete your version of ComboFix, including the folders C:\Qoobox and C:\Combofix, and download a new version of Combofix.

Download ComboFix from one of this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#10
dtekka

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
ComboFix 13-11-19.01 - Associate 11/19/2013 13:15:23.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2551.1905 [GMT -8:00]
Running from: c:\documents and settings\Associate\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\Cache
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\117b9e6d59684cb2.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\22774951b4d31535.fb
c:\windows\system32\Cache\297bdaf276e15175.fb
c:\windows\system32\Cache\3d2918c3c0b6b786.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\5c54eb1a1655b076.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\78f4a2b6ff55eeac.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\c7380504c9d2248a.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\ef3e79bfdafef03f.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
.
.
((((((((((((((((((((((((( Files Created from 2013-10-19 to 2013-11-19 )))))))))))))))))))))))))))))))
.
.
2013-11-19 20:14 . 2013-11-19 20:14 62576 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66F06C83-FCD4-42D0-8662-F647E247E619}\offreg.dll
2013-11-19 20:13 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{66F06C83-FCD4-42D0-8662-F647E247E619}\mpengine.dll
2013-11-19 11:00 . 2013-11-19 11:00 -------- d-----w- c:\windows\LastGood
2013-11-19 11:00 . 2013-11-19 11:01 -------- d-----w- C:\5bddf395a3ec60e948233541
2013-11-19 09:13 . 2013-11-19 09:13 -------- d-----w- c:\program files\ESET
2013-11-19 07:16 . 2013-11-19 07:16 -------- d-----w- C:\FRST
2013-11-18 20:40 . 2013-11-08 01:15 7772552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-10-29 20:08 . 2013-10-29 20:08 -------- d-----w- c:\windows\ERUNT
2013-10-29 19:19 . 2013-10-29 19:19 -------- d-----w- c:\documents and settings\Associate\Application Data\Malwarebytes
2013-10-29 19:19 . 2013-10-29 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-10-29 19:19 . 2013-10-29 19:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-29 19:19 . 2013-04-04 21:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-29 19:06 . 2013-10-29 19:08 -------- d-----w- C:\AdwCleaner
2013-10-29 18:21 . 2013-10-29 18:21 -------- d-----w- c:\program files\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 10:21 . 2011-05-19 07:17 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-17 19:34 . 2012-07-09 16:22 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-17 19:34 . 2011-05-19 05:13 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-17 19:34 . 2013-10-17 19:34 17813896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-10-13 07:25 . 2004-08-04 07:56 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-13 07:25 . 2004-08-04 07:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-13 07:25 . 2004-08-04 07:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-13 07:24 . 2004-08-04 07:56 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-13 06:57 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2013-10-12 15:56 . 2004-08-04 07:56 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2004-08-04 07:56 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2004-08-04 07:56 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 01:14 . 2010-01-24 05:29 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-01 18:57 . 2013-07-16 19:05 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-09-27 17:53 . 2010-10-25 04:25 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-26 03:57 . 2013-08-01 23:06 120632 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-09-11 05:11 . 2013-03-01 17:32 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-09 05:12 . 2013-02-08 11:37 27448 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-09-02 17:39 . 2013-02-08 11:37 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-09-02 17:28 . 2013-02-08 11:37 145720 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-09-02 17:28 . 2013-03-29 09:53 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-09-02 17:28 . 2013-02-08 11:37 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-08-29 01:31 . 2004-08-04 06:17 1878656 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\Associate\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-06-05 4489472]
"SanDisk_Button_Manager.exe"="c:\documents and settings\Associate\Application Data\SanDisk\SanDisk_Button_Manager.exe" [2013-04-04 29078632]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2006-01-04 219648]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-11-12 995328]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2008-03-24 78848]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-10-08 4908592]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-04-11 16:49 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2013-10-01 18:57 2404376 ----a-w- c:\program files\AVG SafeGuard toolbar\vprot.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Associate\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2811:TCP"= 2811:TCP:DameWare Mini Remote Control Service
"6526:UDP"= 6526:UDP:UDP 6526
"7130:TCP"= 7130:TCP:TCP 7130
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2/8/2013 3:37 AM 145720]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 3:37 AM 223032]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2/8/2013 3:37 AM 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [8/1/2013 3:06 PM 120632]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [3/29/2013 1:53 AM 209208]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [3/1/2013 9:32 AM 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/8/2013 3:37 AM 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/21/2013 2:08 AM 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [7/16/2013 11:05 AM 37664]
R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2/15/2007 26624]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/3/2004 11:56 PM 14336]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [9/25/2013 8:47 PM 301152]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [10/29/2013 10:21 AM 5087584]
R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2/7/2007 1:00 AM 3712]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [10/3/2013 9:00 PM 3538480]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPFILTER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 19:34]
.
2013-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-11 22:44]
.
2013-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-11 22:44]
.
2013-11-19 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 23:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\documents and settings\Associate\Application Data\Mozilla\Firefox\Profiles\j8alfuol.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-19 13:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-11-19 13:22:49
ComboFix-quarantined-files.txt 2013-11-19 21:22
.
Pre-Run: 15,443,030,016 bytes free
Post-Run: 15,783,944,192 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 02A023D7A21D116EDE28A27CEC7B2398
8F558EB6672622401DA993E1E865C861
  • 0

Advertisements


#11
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
There are two anti-virus programs running on this machine.

Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

Please uninstall either of AVG or Microsoft Security Essentials.

MSE is the lighter of the two and as the user is complaining of a slow computer I would recommend uninstalling AVG.

After you have done that please run FRST again and post back the FRST.txt log.
  • 0

#12
dtekka

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Before I run FRST, should I delete the fixlog from the desktop?
  • 0

#13
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Before I run FRST, should I delete the fixlog from the desktop?


No need. :)
  • 0

#14
dtekka

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
As I was uninstalling AVG I got two errors which I took screen shots of. If you want to see them let me know. One was Machine ID Creator has encountered a problem and needs to close. The other error was AVG toolbar install/uninstall failed. I then went back in to the addremoved programs and selected AVG safesearch toolbar and was able to uninstall it successfully. Here is the FRST log you requested
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-11-2013
Ran by Associate (administrator) on ASSOCIATE on 19-11-2013 13:42:42
Running from C:\Documents and Settings\Associate\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsty.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter2\brctrcen.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Smapp] - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [143360 2003-07-30] (Analog Devices, Inc.)
HKLM\...\Run: [PDF Complete] - C:\Program Files\PDF Complete\pdfsty.exe [219648 2006-01-03] (PDF Complete Inc)
HKLM\...\Run: [SetRefresh] - C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [525824 2003-11-20] (Hewlett-Packard Company)
HKLM\...\Run: [SSBkgdUpdate] - C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [155648 2003-10-14] (Scansoft, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [IndexSearch] - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [ControlCenter2.0] - C:\Program Files\Brother\ControlCenter2\brctrcen.exe [995328 2005-11-11] (Brother Industries, Ltd.)
HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [DameWare MRC Agent] - C:\WINDOWS\system32\DWRCST.exe [78848 2008-03-24] (DameWare Development)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Documents and Settings\Associate\Local Settings\Application Data\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [SanDisk_Button_Manager.exe] - C:\Documents and Settings\Associate\Application Data\SanDisk\SanDisk_Button_Manager.exe [29078632 2013-04-04] (Gemalto N.V.)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-04-11] (Google Inc.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {645701DB-0A59-AE3F-8D62-BAA040AFB663} URL = http://www.bing.com/...007&form=ZGAIDF
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.fac...fbootloader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1264309798530
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Associate\Application Data\Mozilla\Firefox\Profiles\j8alfuol.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Documents and Settings\Associate\Application Data\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Associate\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Associate\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll No File
FF SearchPlugin: C:\Documents and Settings\Associate\Application Data\Mozilla\Firefox\Profiles\j8alfuol.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Google Toolbar for Firefox - C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "tabs":{"use_vertical_tabs"
CHR Extension: (Poppit) - C:\DOCUME~1\ASSOCI~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Associate\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.)

==================== Drivers (Whitelisted) ====================

S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120632 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [176952 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [102200 2013-08-20] (AVG Technologies CZ, s.r.o.)
S3 Blfp; C:\Windows\System32\DRIVERS\baspxp32.sys [51584 2004-02-04] (Broadcom Corporation)
R3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [3712 2007-02-07] (DameWare Development, LLC)
R1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd.sys [26624 2007-02-15] (DameWare)
S3 i81x; C:\Windows\System32\DRIVERS\i81xnt5.sys [161020 2004-08-03] (Intel® Corporation)
S3 iAimFP0; C:\Windows\System32\DRIVERS\wADV01nt.sys [12415 2004-08-03] (Intel® Corporation)
S3 iAimFP1; C:\Windows\System32\DRIVERS\wADV02NT.sys [12127 2004-08-03] (Intel® Corporation)
S3 iAimFP2; C:\Windows\System32\DRIVERS\wADV05NT.sys [11775 2004-08-03] (Intel® Corporation)
S3 iAimFP3; C:\Windows\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-03] (Intel® Corporation)
S3 iAimFP4; C:\Windows\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-03] (Intel® Corporation)
S3 iAimFP5; C:\Windows\System32\DRIVERS\wADV07nt.sys [11807 2004-08-03] (Intel® Corporation)
S3 iAimFP6; C:\Windows\System32\DRIVERS\wADV08nt.sys [11295 2004-08-03] (Intel® Corporation)
S3 iAimFP7; C:\Windows\System32\DRIVERS\wADV09nt.sys [11871 2004-08-03] (Intel® Corporation)
S3 iAimTV0; C:\Windows\System32\DRIVERS\wATV01nt.sys [29311 2004-08-03] (Intel® Corporation)
S3 iAimTV1; C:\Windows\System32\DRIVERS\wATV02NT.sys [19551 2004-08-03] (Intel® Corporation)
S3 iAimTV3; C:\Windows\System32\DRIVERS\wATV04nt.sys [33599 2004-08-03] (Intel® Corporation)
S3 iAimTV4; C:\Windows\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-03] (Intel® Corporation)
S3 iAimTV5; C:\Windows\System32\DRIVERS\wATV10nt.sys [25471 2004-08-03] (Intel® Corporation)
S3 iAimTV6; C:\Windows\System32\DRIVERS\wATV06nt.sys [22271 2004-08-03] (Intel® Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2001-08-17] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2001-08-17] (Microsoft Corporation)
S1 P3; C:\Windows\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
S4 Symmpi; C:\Windows\system32\DRIVERS\symmpi.sys [28416 2002-04-03] (LSI Logic)
R4 AVGIDSDriver; system32\DRIVERS\avgidsdriverx.sys [x]
R4 AVGIDSHX; system32\DRIVERS\avgidshx.sys [x]
R4 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [x]
R4 Avgrkx86; system32\DRIVERS\avgrkx86.sys [x]
R4 Avgtdix; system32\DRIVERS\avgtdix.sys [x]
U3 catchme; \??\C:\DOCUME~1\ASSOCI~1\LOCALS~1\Temp\catchme.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 mbr; \??\C:\ComboFix\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-19 13:42 - 2013-11-19 13:42 - 00013478 _____ C:\Documents and Settings\Associate\Desktop\FRST.txt
2013-11-19 13:40 - 2013-11-19 13:42 - 00000401 _____ C:\Documents and Settings\Associate\Desktop\repl.txt
2013-11-19 13:38 - 2013-11-19 13:38 - 01936571 _____ C:\Documents and Settings\Associate\Desktop\AVGInstLog.cab
2013-11-19 13:36 - 2013-11-19 13:36 - 03932214 _____ C:\Documents and Settings\Associate\Desktop\machine_id_creator_error.bmp
2013-11-19 13:35 - 2013-11-19 13:37 - 00004746 _____ C:\WINDOWS\setupapi.log
2013-11-19 13:22 - 2013-11-19 13:22 - 00015329 _____ C:\ComboFix.txt
2013-11-19 13:14 - 2013-11-19 13:14 - 00000000 _RSHD C:\cmdcons
2013-11-19 13:14 - 2013-09-30 13:25 - 00000211 _____ C:\Boot.bak
2013-11-19 13:14 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2013-11-19 13:12 - 2013-11-19 13:22 - 00000000 ____D C:\Qoobox
2013-11-19 13:11 - 2013-11-19 13:11 - 05146522 ____R (Swearware) C:\Documents and Settings\Associate\Desktop\ComboFix.exe
2013-11-19 13:01 - 2013-11-19 13:01 - 00000150 _____ C:\Documents and Settings\Associate\Desktop\combofix_error.URL
2013-11-19 10:51 - 2013-11-19 10:51 - 00000467 _____ C:\Documents and Settings\Associate\My Documents\eset.txt
2013-11-19 03:11 - 2013-11-19 12:11 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-11-19 03:00 - 2013-11-19 13:35 - 00000000 ____D C:\WINDOWS\LastGood
2013-11-19 03:00 - 2013-11-19 03:01 - 00000000 ____D C:\5bddf395a3ec60e948233541
2013-11-19 01:13 - 2013-11-19 01:13 - 00000000 ____D C:\Program Files\ESET
2013-11-18 23:16 - 2013-11-18 23:16 - 00000000 ____D C:\FRST
2013-11-18 23:14 - 2013-11-18 23:14 - 01090881 _____ (Farbar) C:\Documents and Settings\Associate\Desktop\FRST.exe
2013-11-13 16:53 - 2013-11-13 16:53 - 00009068 _____ C:\WINDOWS\KB2900986.log
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-13 16:52 - 2013-11-13 16:53 - 00034037 _____ C:\WINDOWS\iis6.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00030915 _____ C:\WINDOWS\FaxSetup.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00014780 _____ C:\WINDOWS\ocgen.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00014105 _____ C:\WINDOWS\tsoc.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00010267 _____ C:\WINDOWS\comsetup.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00009642 _____ C:\WINDOWS\msmqinst.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00006227 _____ C:\WINDOWS\ntdtcsetup.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00005415 _____ C:\WINDOWS\netfxocm.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00002125 _____ C:\WINDOWS\MedCtrOC.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00001710 _____ C:\WINDOWS\ocmsn.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00001555 _____ C:\WINDOWS\tabletoc.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00001545 _____ C:\WINDOWS\msgsocm.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00001393 _____ C:\WINDOWS\imsins.log
2013-11-13 16:52 - 2013-11-13 16:53 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 _____ C:\WINDOWS\setupact.log
2013-11-13 16:51 - 2013-11-13 16:53 - 00004119 _____ C:\WINDOWS\updspapi.log
2013-11-13 16:51 - 2013-11-13 16:52 - 00011232 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-13 10:21 - 2013-11-13 16:53 - 00014833 _____ C:\WINDOWS\KB2868626.log
2013-11-13 10:21 - 2013-11-13 16:53 - 00013816 _____ C:\WINDOWS\KB2862152.log
2013-11-13 10:21 - 2013-11-13 16:52 - 00013342 _____ C:\WINDOWS\KB2876331.log
2013-10-29 14:23 - 2013-10-29 14:23 - 00003309 _____ C:\Documents and Settings\Associate\reset.log
2013-10-29 13:24 - 2011-06-25 22:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-10-29 13:24 - 2010-11-07 09:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-10-29 13:24 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-10-29 13:24 - 2000-08-30 16:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-10-29 13:00 - 2013-11-19 13:21 - 00000000 ____D C:\WINDOWS\erdnt
2013-10-29 12:08 - 2013-10-29 12:08 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\Associate\Application Data\Malwarebytes
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-29 11:19 - 2013-04-04 13:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-10-29 11:06 - 2013-10-29 11:08 - 00000000 ____D C:\AdwCleaner
2013-10-29 10:52 - 2013-10-29 15:10 - 00000000 ____D C:\Documents and Settings\Associate\Desktop\tools
2013-10-29 10:21 - 2013-10-29 10:21 - 00000815 _____ C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk
2013-10-29 10:21 - 2013-10-29 10:21 - 00000000 ____D C:\Program Files\TeamViewer
2013-10-29 10:21 - 2013-10-29 10:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8
2013-10-21 09:36 - 2013-10-21 09:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG

==================== One Month Modified Files and Folders =======

2013-11-19 13:42 - 2013-11-19 13:42 - 00013478 _____ C:\Documents and Settings\Associate\Desktop\FRST.txt
2013-11-19 13:42 - 2013-11-19 13:40 - 00000401 _____ C:\Documents and Settings\Associate\Desktop\repl.txt
2013-11-19 13:39 - 2004-08-09 13:00 - 01510782 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-19 13:38 - 2013-11-19 13:38 - 01936571 _____ C:\Documents and Settings\Associate\Desktop\AVGInstLog.cab
2013-11-19 13:37 - 2013-11-19 13:35 - 00004746 _____ C:\WINDOWS\setupapi.log
2013-11-19 13:36 - 2013-11-19 13:36 - 03932214 _____ C:\Documents and Settings\Associate\Desktop\machine_id_creator_error.bmp
2013-11-19 13:35 - 2013-11-19 03:00 - 00000000 ____D C:\WINDOWS\LastGood
2013-11-19 13:34 - 2013-07-16 10:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-11-19 13:34 - 2012-07-09 08:22 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-19 13:22 - 2013-11-19 13:22 - 00015329 _____ C:\ComboFix.txt
2013-11-19 13:22 - 2013-11-19 13:12 - 00000000 ____D C:\Qoobox
2013-11-19 13:22 - 2009-07-24 09:30 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-11-19 13:22 - 2004-08-10 10:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-19 13:21 - 2013-10-29 13:00 - 00000000 ____D C:\WINDOWS\erdnt
2013-11-19 13:20 - 2009-07-24 09:11 - 00000227 _____ C:\WINDOWS\system.ini
2013-11-19 13:14 - 2013-11-19 13:14 - 00000000 _RSHD C:\cmdcons
2013-11-19 13:14 - 2009-07-24 09:14 - 00000327 __RSH C:\boot.ini
2013-11-19 13:13 - 2009-07-24 09:09 - 00032652 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-19 13:11 - 2013-11-19 13:11 - 05146522 ____R (Swearware) C:\Documents and Settings\Associate\Desktop\ComboFix.exe
2013-11-19 13:10 - 2011-04-11 08:48 - 00000892 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-19 13:02 - 2013-07-03 11:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-19 13:01 - 2013-11-19 13:01 - 00000150 _____ C:\Documents and Settings\Associate\Desktop\combofix_error.URL
2013-11-19 12:11 - 2013-11-19 03:11 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-11-19 12:10 - 2011-04-11 08:48 - 00000888 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-19 10:51 - 2013-11-19 10:51 - 00000467 _____ C:\Documents and Settings\Associate\My Documents\eset.txt
2013-11-19 03:01 - 2013-11-19 03:00 - 00000000 ____D C:\5bddf395a3ec60e948233541
2013-11-19 03:01 - 2012-04-25 08:32 - 00001698 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
2013-11-19 03:01 - 2011-05-18 23:11 - 00001945 ____C C:\WINDOWS\epplauncher.mif
2013-11-19 03:00 - 2011-05-18 23:09 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-19 02:21 - 2011-05-18 23:17 - 00230048 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2013-11-19 01:13 - 2013-11-19 01:13 - 00000000 ____D C:\Program Files\ESET
2013-11-18 23:16 - 2013-11-18 23:16 - 00000000 ____D C:\FRST
2013-11-18 23:14 - 2013-11-18 23:14 - 01090881 _____ (Farbar) C:\Documents and Settings\Associate\Desktop\FRST.exe
2013-11-18 23:13 - 2009-07-24 09:14 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-18 12:22 - 2011-08-25 14:36 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-11-18 12:22 - 2009-07-24 09:14 - 00000259 _____ C:\WINDOWS\wiadebug.log
2013-11-18 12:22 - 2009-07-24 09:14 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-18 12:21 - 2010-01-23 21:13 - 00000000 __SHD C:\WINDOWS\CSC
2013-11-18 09:52 - 2013-04-04 15:50 - 00000000 ____D C:\Documents and Settings\Associate\Application Data\SanDisk
2013-11-15 18:18 - 2010-01-23 21:20 - 00000278 ___SH C:\Documents and Settings\Associate\ntuser.ini
2013-11-15 09:10 - 2004-08-09 12:44 - 00569878 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-13 16:53 - 2013-11-13 16:53 - 00009068 _____ C:\WINDOWS\KB2900986.log
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-13 16:53 - 2013-11-13 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-13 16:53 - 2013-11-13 16:52 - 00034037 _____ C:\WINDOWS\iis6.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00030915 _____ C:\WINDOWS\FaxSetup.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00014780 _____ C:\WINDOWS\ocgen.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00014105 _____ C:\WINDOWS\tsoc.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00010267 _____ C:\WINDOWS\comsetup.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00009642 _____ C:\WINDOWS\msmqinst.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00006227 _____ C:\WINDOWS\ntdtcsetup.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00005415 _____ C:\WINDOWS\netfxocm.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00002125 _____ C:\WINDOWS\MedCtrOC.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00001710 _____ C:\WINDOWS\ocmsn.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00001555 _____ C:\WINDOWS\tabletoc.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00001545 _____ C:\WINDOWS\msgsocm.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00001393 _____ C:\WINDOWS\imsins.log
2013-11-13 16:53 - 2013-11-13 16:52 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-11-13 16:53 - 2013-11-13 16:51 - 00004119 _____ C:\WINDOWS\updspapi.log
2013-11-13 16:53 - 2013-11-13 10:21 - 00014833 _____ C:\WINDOWS\KB2868626.log
2013-11-13 16:53 - 2013-11-13 10:21 - 00013816 _____ C:\WINDOWS\KB2862152.log
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-11-13 16:52 - 2013-11-13 16:52 - 00000000 _____ C:\WINDOWS\setupact.log
2013-11-13 16:52 - 2013-11-13 16:51 - 00011232 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-13 16:52 - 2013-11-13 10:21 - 00013342 _____ C:\WINDOWS\KB2876331.log
2013-11-13 16:51 - 2010-01-24 13:53 - 00000000 ____D C:\WINDOWS\ie8updates
2013-11-13 16:50 - 2013-08-14 16:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-13 16:47 - 2010-01-24 13:50 - 80340640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-11-13 16:46 - 2010-01-23 21:20 - 00000000 ____D C:\Documents and Settings\Associate
2013-10-29 15:10 - 2013-10-29 10:52 - 00000000 ____D C:\Documents and Settings\Associate\Desktop\tools
2013-10-29 14:23 - 2013-10-29 14:23 - 00003309 _____ C:\Documents and Settings\Associate\reset.log
2013-10-29 12:35 - 2013-07-16 10:38 - 00000000 ____D C:\Program Files\CCleaner
2013-10-29 12:08 - 2013-10-29 12:08 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-29 11:43 - 2010-01-24 13:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB956744$
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\Associate\Application Data\Malwarebytes
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-29 11:19 - 2013-10-29 11:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-10-29 11:13 - 2010-01-24 12:00 - 00068840 ____C C:\Documents and Settings\Associate\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-29 11:09 - 2004-08-09 12:40 - 00267800 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-29 11:08 - 2013-10-29 11:06 - 00000000 ____D C:\AdwCleaner
2013-10-29 10:21 - 2013-10-29 10:21 - 00000815 _____ C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk
2013-10-29 10:21 - 2013-10-29 10:21 - 00000000 ____D C:\Program Files\TeamViewer
2013-10-29 10:21 - 2013-10-29 10:21 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8
2013-10-29 10:08 - 2010-01-24 12:53 - 00000426 ____C C:\WINDOWS\BRWMARK.INI
2013-10-29 09:52 - 2010-11-30 13:59 - 00002531 _____ C:\Documents and Settings\All Users\Desktop\DraftSight.lnk
2013-10-29 09:42 - 2010-02-22 09:54 - 00000000 ____D C:\Documents and Settings\Associate\Local Settings\Application Data\Google
2013-10-21 09:36 - 2013-10-21 09:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2013-10-21 09:35 - 2013-07-16 11:00 - 00000000 ____D C:\$AVG

Some content of TEMP:
====================
C:\Documents and Settings\Associate\Local Settings\Temp\UNINSTALL.EXE


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
  • 0

#15
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Question:

Did you run FRST before you uninstalled AVG?

The reason I ask is because it is still showing there.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP