Hi. I've run scan using FRST but I'm not clear as to what to extract from the log for placing in the fixlist.txt for running fix option. Could someone explain what I need to look for? Log copied over below. Many thanks. James.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-08-2014
Ran by SYSTEM on REATOGO on 25-08-2014 18:03:45
Running from F:\
Platform: Microsoft Windows XP (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [D-Link D-Link DWA-525] => C:\Program Files\D-Link\DWA-525 revA\AirNCFG.exe [1074496 2011-08-29] (D-Link Corp.)
HKLM\...\Run: [D-Link DWA-525 WZCSLDR2] => C:\Program Files\D-Link\DWA-525 revA\WZCSLDR2.exe [122880 2010-07-12] (Wireless Service)
HKLM\...\Run: [DATAMNGR] => C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe [1683608 2013-02-07] (Bandoo Media Inc)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguix.exe [1103888 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
HKU\Piscator\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Documents and Settings\Piscator\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 5a1aec12ea6147d182cbd169abaf4dbb-36f2888862bab67a04538ca7f1330c25577c1bbb --CMPI (the data entry has 7 more characters).
HKU\Piscator\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
Startup: C:\Documents and Settings\Piscator\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\Documents and Settings\All Users\Application Data\8E1C6C.cpp (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [677392 2014-06-17] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
S2 D_Link_DWA-525; C:\Program Files\D-Link\DWA-525 revA\ANIWZCSdS.exe [126976 2010-07-12] (Wireless Service)
S2 D_Link_DWA-525_WPS; C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe [53248 2010-07-12] ()
S2 SLService; C:\Windows\system32\slserv.exe [73796 2008-04-14] (Smart Link)
S2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1532280 2012-08-23] (AVG)
S2 winmgmt; C:\Windows\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 ANPD; C:\WINDOWS\system32\ANPD.sys [29411 2012-02-18] ()
S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriverl; C:\Windows\System32\DRIVERS\avgidsdriverlx.sys [190232 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 Mtlmnt5; C:\Windows\System32\DRIVERS\Mtlmnt5.sys [126686 2008-04-13] (Smart Link)
S3 Mtlstrm; C:\Windows\System32\DRIVERS\Mtlstrm.sys [1309184 2008-04-13] (Smart Link)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NtMtlFax; C:\Windows\System32\DRIVERS\NtMtlFax.sys [180360 2008-04-13] (Smart Link)
S0 RecAgent; C:\Windows\System32\DRIVERS\RecAgent.sys [13776 2008-04-13] (Smart Link)
S3 RT80x86; C:\Windows\System32\DRIVERS\DRT2860.sys [2240064 2011-04-15] (Ralink Technology, Corp.)
S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
S3 Slntamr; C:\Windows\System32\DRIVERS\slntamr.sys [404990 2008-04-13] (Smart Link)
S3 SlNtHal; C:\Windows\System32\DRIVERS\Slnthal.sys [95424 2008-04-13] (Smart Link)
S3 SlWdmSup; C:\Windows\System32\DRIVERS\SlWdmSup.sys [13240 2008-04-13] (Smart Link)
S3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [10088 2012-07-04] (TuneUp Software)
S4 IntelIde; No ImagePath
S1 WS2IFSL;
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-25 18:03 - 2014-08-25 18:03 - 00000000 ___DC () C:\FRST
2014-08-23 06:05 - 2014-08-23 06:05 - 00000054 ____C () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-3756-F.txt
2014-08-23 05:13 - 2014-08-23 05:45 - 00003003 ____C () C:\Documents and Settings\Administrator.PETER\avgrep.txt
2014-08-23 05:13 - 2014-08-23 05:13 - 00000000 ___DC () C:\Documents and Settings\Administrator.PETER\Application Data\AVG2014
2014-08-23 05:09 - 2014-08-23 05:09 - 00000000 ___DC () C:\Documents and Settings\Administrator.PETER\Local Settings\Application Data\Avg
2014-08-23 05:08 - 2014-08-23 05:13 - 00000000 ___DC () C:\Documents and Settings\Administrator.PETER\Local Settings\Application Data\Avg2014
2014-08-23 05:06 - 2014-08-23 05:06 - 00000000 _SHDC () C:\Documents and Settings\Administrator.PETER\PrivacIE
2014-08-23 05:06 - 2014-08-23 05:06 - 00000000 _SHDC () C:\Documents and Settings\Administrator.PETER\IECompatCache
2014-08-20 08:54 - 2014-08-20 08:54 - 00000058 ____C () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-1344-F.txt
2014-08-20 08:31 - 2014-08-20 08:31 - 00000113 ____C () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-1296-F.txt
2014-08-20 08:30 - 2014-08-20 08:30 - 00172032 ____C (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\8E1C6C.cpp
2014-08-13 14:19 - 2014-08-13 14:20 - 00000174 ____C () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-3228-F.txt
2014-08-13 14:10 - 2014-08-13 14:10 - 00000000 _SHDC () C:\Documents and Settings\Administrator.PETER\IETldCache
2014-08-13 14:09 - 2014-08-13 14:12 - 00000000 ____C () C:\Documents and Settings\Administrator.PETER\rstrui.exe
2014-08-05 06:11 - 2014-08-05 06:14 - 00001114 ____C () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-1200-F.txt
2014-07-30 13:50 - 2014-07-30 13:50 - 00000057 ____C () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-832-F.txt
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-25 18:03 - 2014-08-25 18:03 - 00000000 ___DC () C:\FRST
2014-08-23 06:06 - 2012-02-18 06:55 - 00003284 _____ () C:\Windows\System32\ANIWZCS{1ACE3675-AEA8-421E-868D-85C0BB2FD7AB}
2014-08-23 06:05 - 2014-08-23 06:05 - 00000054 ____C () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-3756-F.txt
2014-08-23 06:05 - 2012-02-18 06:33 - 00000009 _____ () C:\Windows\System32\ANIWZCSUSERNAME{1ACE3675-AEA8-421E-868D-85C0BB2FD7AB}
2014-08-23 06:05 - 2011-07-22 08:06 - 01641025 _____ () C:\Windows\WindowsUpdate.log
2014-08-23 06:04 - 2011-07-22 08:57 - 00000157 _____ () C:\Windows\wiadebug.log
2014-08-23 06:04 - 2011-07-22 08:57 - 00000049 _____ () C:\Windows\wiaservc.log
2014-08-23 06:04 - 2011-07-22 08:15 - 00000000 ____D () C:\Documents and Settings\Piscator\Local Settings\Temp
2014-08-23 06:04 - 2003-03-31 08:00 - 00013646 _____ () C:\Windows\System32\wpa.dbl
2014-08-23 06:01 - 2014-07-16 14:40 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-08-23 05:45 - 2014-08-23 05:13 - 00003003 ____C () C:\Documents and Settings\Administrator.PETER\avgrep.txt
2014-08-23 05:19 - 2014-04-19 06:14 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\2992199F9A
2014-08-23 05:13 - 2014-08-23 05:13 - 00000000 ___DC () C:\Documents and Settings\Administrator.PETER\Application Data\AVG2014
2014-08-23 05:13 - 2014-08-23 05:08 - 00000000 ___DC () C:\Documents and Settings\Administrator.PETER\Local Settings\Application Data\Avg2014
2014-08-23 05:09 - 2014-08-23 05:09 - 00000000 ___DC () C:\Documents and Settings\Administrator.PETER\Local Settings\Application Data\Avg
2014-08-23 05:09 - 2014-04-30 16:26 - 00000000 ___DC () C:\Documents and Settings\Administrator.PETER\Local Settings\Temp
2014-08-23 05:06 - 2014-08-23 05:06 - 00000000 _SHDC () C:\Documents and Settings\Administrator.PETER\PrivacIE
2014-08-23 05:06 - 2014-08-23 05:06 - 00000000 _SHDC () C:\Documents and Settings\Administrator.PETER\IECompatCache
2014-08-22 13:48 - 2014-07-08 06:26 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\3F297C670AD95C358A8374AA908DA80C
2014-08-20 08:54 - 2014-08-20 08:54 - 00000058 ____C () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-1344-F.txt
2014-08-20 08:31 - 2014-08-20 08:31 - 00000113 ____C () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-1296-F.txt
2014-08-20 08:30 - 2014-08-20 08:30 - 00172032 ____C (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\8E1C6C.cpp
2014-08-20 07:53 - 2011-07-22 08:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-08-19 05:36 - 2013-03-12 09:16 - 00065536 _____ () C:\Windows\System32\config\TuneUp.evt
2014-08-19 05:36 - 2011-07-22 08:15 - 00000178 ___SH () C:\Documents and Settings\Piscator\ntuser.ini
2014-08-19 05:36 - 2011-07-22 08:12 - 00032656 _____ () C:\Windows\SchedLgU.Txt
2014-08-13 14:20 - 2014-08-13 14:19 - 00000174 ____C () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-3228-F.txt
2014-08-13 14:12 - 2014-08-13 14:09 - 00000000 ____C () C:\Documents and Settings\Administrator.PETER\rstrui.exe
2014-08-13 14:10 - 2014-08-13 14:10 - 00000000 _SHDC () C:\Documents and Settings\Administrator.PETER\IETldCache
2014-08-05 06:14 - 2014-08-05 06:11 - 00001114 ____C () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-1200-F.txt
2014-07-30 13:50 - 2014-07-30 13:50 - 00000057 ____C () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-832-F.txt
Files to move or delete:
====================
C:\Documents and Settings\Administrator.PETER\rstrui.exe
C:\Documents and Settings\Piscator\rstrui.exe
Some content of TEMP:
====================
C:\Documents and Settings\Piscator\Local Settings\Temp\avguirn_08696223890.exe
C:\Documents and Settings\Piscator\Local Settings\Temp\bde.dll
C:\Documents and Settings\Piscator\Local Settings\Temp\ghp.dll
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points (XP) =====================
==================== Memory info ===========================
Percentage of memory in use: 33%
Total physical RAM: 767.48 MB
Available physical RAM: 511.41 MB
Total Pagefile: 707.05 MB
Available Pagefile: 513.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1999.11 MB
==================== Drives ================================
Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.05 GB) NTFS
Drive c: (DRIVE_C) (Fixed) (Total:10 GB) (Free:2.08 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Storage) (Fixed) (Total:64.53 GB) (Free:64.46 GB) NTFS
Drive f: (KINGSTON) (Removable) (Total:7.2 GB) (Free:6.88 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: E02AE02A)
Partition 1: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=64.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 7.2 GB) (Disk ID: 7B8705CF)
Partition 1: (Active) - (Size=7.2 GB) - (Type=0B)
==================== End Of Log ============================