Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

trying to remove fbi virus using FRST [Closed]

Started by jamesfo , Sep 01 2014 08:39 AM

virus frst

This topic is locked

#1
jamesfo

Posted 01 September 2014 - 08:39 AM

New Member

Member
9 posts

Hi. I've run scan using FRST but I'm not clear as to what to extract from the log for placing in the fixlist.txt for running fix option. Could someone explain what I need to look for? Log copied over below. Many thanks. James.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-08-2014
Ran by SYSTEM on REATOGO on 25-08-2014 18:03:45
Running from F:\
Platform: Microsoft Windows XP (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [D-Link D-Link DWA-525] => C:\Program Files\D-Link\DWA-525 revA\AirNCFG.exe [1074496 2011-08-29] (D-Link Corp.)
HKLM\...\Run: [D-Link DWA-525 WZCSLDR2] => C:\Program Files\D-Link\DWA-525 revA\WZCSLDR2.exe [122880 2010-07-12] (Wireless Service)
HKLM\...\Run: [DATAMNGR] => C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe [1683608 2013-02-07] (Bandoo Media Inc)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguix.exe [1103888 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
HKU\Piscator\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Documents and Settings\Piscator\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 5a1aec12ea6147d182cbd169abaf4dbb-36f2888862bab67a04538ca7f1330c25577c1bbb --CMPI (the data entry has 7 more characters).
HKU\Piscator\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
Startup: C:\Documents and Settings\Piscator\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\Documents and Settings\All Users\Application Data\8E1C6C.cpp (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [677392 2014-06-17] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
S2 D_Link_DWA-525; C:\Program Files\D-Link\DWA-525 revA\ANIWZCSdS.exe [126976 2010-07-12] (Wireless Service)
S2 D_Link_DWA-525_WPS; C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe [53248 2010-07-12] ()
S2 SLService; C:\Windows\system32\slserv.exe [73796 2008-04-14] (Smart Link)
S2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1532280 2012-08-23] (AVG)
S2 winmgmt; C:\Windows\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 ANPD; C:\WINDOWS\system32\ANPD.sys [29411 2012-02-18] ()
S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriverl; C:\Windows\System32\DRIVERS\avgidsdriverlx.sys [190232 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 Mtlmnt5; C:\Windows\System32\DRIVERS\Mtlmnt5.sys [126686 2008-04-13] (Smart Link)
S3 Mtlstrm; C:\Windows\System32\DRIVERS\Mtlstrm.sys [1309184 2008-04-13] (Smart Link)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NtMtlFax; C:\Windows\System32\DRIVERS\NtMtlFax.sys [180360 2008-04-13] (Smart Link)
S0 RecAgent; C:\Windows\System32\DRIVERS\RecAgent.sys [13776 2008-04-13] (Smart Link)
S3 RT80x86; C:\Windows\System32\DRIVERS\DRT2860.sys [2240064 2011-04-15] (Ralink Technology, Corp.)
S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
S3 Slntamr; C:\Windows\System32\DRIVERS\slntamr.sys [404990 2008-04-13] (Smart Link)
S3 SlNtHal; C:\Windows\System32\DRIVERS\Slnthal.sys [95424 2008-04-13] (Smart Link)
S3 SlWdmSup; C:\Windows\System32\DRIVERS\SlWdmSup.sys [13240 2008-04-13] (Smart Link)
S3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [10088 2012-07-04] (TuneUp Software)
S4 IntelIde; No ImagePath
S1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 18:03 - 2014-08-25 18:03 - 00000000 ___DC () C:\FRST
2014-08-23 06:05 - 2014-08-23 06:05 - 00000054 ____C () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-3756-F.txt
2014-08-23 05:13 - 2014-08-23 05:45 - 00003003 ____C () C:\Documents and Settings\Administrator.PETER\avgrep.txt
2014-08-23 05:13 - 2014-08-23 05:13 - 00000000 ___DC () C:\Documents and Settings\Administrator.PETER\Application Data\AVG2014
2014-08-23 05:09 - 2014-08-23 05:09 - 00000000 ___DC () C:\Documents and Settings\Administrator.PETER\Local Settings\Application Data\Avg
2014-08-23 05:08 - 2014-08-23 05:13 - 00000000 ___DC () C:\Documents and Settings\Administrator.PETER\Local Settings\Application Data\Avg2014
2014-08-23 05:06 - 2014-08-23 05:06 - 00000000 _SHDC () C:\Documents and Settings\Administrator.PETER\PrivacIE
2014-08-23 05:06 - 2014-08-23 05:06 - 00000000 _SHDC () C:\Documents and Settings\Administrator.PETER\IECompatCache
2014-08-20 08:54 - 2014-08-20 08:54 - 00000058 ____C () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-1344-F.txt
2014-08-20 08:31 - 2014-08-20 08:31 - 00000113 ____C () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-1296-F.txt
2014-08-20 08:30 - 2014-08-20 08:30 - 00172032 ____C (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\8E1C6C.cpp
2014-08-13 14:19 - 2014-08-13 14:20 - 00000174 ____C () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-3228-F.txt
2014-08-13 14:10 - 2014-08-13 14:10 - 00000000 _SHDC () C:\Documents and Settings\Administrator.PETER\IETldCache
2014-08-13 14:09 - 2014-08-13 14:12 - 00000000 ____C () C:\Documents and Settings\Administrator.PETER\rstrui.exe
2014-08-05 06:11 - 2014-08-05 06:14 - 00001114 ____C () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-1200-F.txt
2014-07-30 13:50 - 2014-07-30 13:50 - 00000057 ____C () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-832-F.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 18:03 - 2014-08-25 18:03 - 00000000 ___DC () C:\FRST
2014-08-23 06:06 - 2012-02-18 06:55 - 00003284 _____ () C:\Windows\System32\ANIWZCS{1ACE3675-AEA8-421E-868D-85C0BB2FD7AB}
2014-08-23 06:05 - 2014-08-23 06:05 - 00000054 ____C () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-3756-F.txt
2014-08-23 06:05 - 2012-02-18 06:33 - 00000009 _____ () C:\Windows\System32\ANIWZCSUSERNAME{1ACE3675-AEA8-421E-868D-85C0BB2FD7AB}
2014-08-23 06:05 - 2011-07-22 08:06 - 01641025 _____ () C:\Windows\WindowsUpdate.log
2014-08-23 06:04 - 2011-07-22 08:57 - 00000157 _____ () C:\Windows\wiadebug.log
2014-08-23 06:04 - 2011-07-22 08:57 - 00000049 _____ () C:\Windows\wiaservc.log
2014-08-23 06:04 - 2011-07-22 08:15 - 00000000 ____D () C:\Documents and Settings\Piscator\Local Settings\Temp
2014-08-23 06:04 - 2003-03-31 08:00 - 00013646 _____ () C:\Windows\System32\wpa.dbl
2014-08-23 06:01 - 2014-07-16 14:40 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-08-23 05:45 - 2014-08-23 05:13 - 00003003 ____C () C:\Documents and Settings\Administrator.PETER\avgrep.txt
2014-08-23 05:19 - 2014-04-19 06:14 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\2992199F9A
2014-08-23 05:13 - 2014-08-23 05:13 - 00000000 ___DC () C:\Documents and Settings\Administrator.PETER\Application Data\AVG2014
2014-08-23 05:13 - 2014-08-23 05:08 - 00000000 ___DC () C:\Documents and Settings\Administrator.PETER\Local Settings\Application Data\Avg2014
2014-08-23 05:09 - 2014-08-23 05:09 - 00000000 ___DC () C:\Documents and Settings\Administrator.PETER\Local Settings\Application Data\Avg
2014-08-23 05:09 - 2014-04-30 16:26 - 00000000 ___DC () C:\Documents and Settings\Administrator.PETER\Local Settings\Temp
2014-08-23 05:06 - 2014-08-23 05:06 - 00000000 _SHDC () C:\Documents and Settings\Administrator.PETER\PrivacIE
2014-08-23 05:06 - 2014-08-23 05:06 - 00000000 _SHDC () C:\Documents and Settings\Administrator.PETER\IECompatCache
2014-08-22 13:48 - 2014-07-08 06:26 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\3F297C670AD95C358A8374AA908DA80C
2014-08-20 08:54 - 2014-08-20 08:54 - 00000058 ____C () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-1344-F.txt
2014-08-20 08:31 - 2014-08-20 08:31 - 00000113 ____C () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-1296-F.txt
2014-08-20 08:30 - 2014-08-20 08:30 - 00172032 ____C (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\8E1C6C.cpp
2014-08-20 07:53 - 2011-07-22 08:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-08-19 05:36 - 2013-03-12 09:16 - 00065536 _____ () C:\Windows\System32\config\TuneUp.evt
2014-08-19 05:36 - 2011-07-22 08:15 - 00000178 ___SH () C:\Documents and Settings\Piscator\ntuser.ini
2014-08-19 05:36 - 2011-07-22 08:12 - 00032656 _____ () C:\Windows\SchedLgU.Txt
2014-08-13 14:20 - 2014-08-13 14:19 - 00000174 ____C () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-3228-F.txt
2014-08-13 14:12 - 2014-08-13 14:09 - 00000000 ____C () C:\Documents and Settings\Administrator.PETER\rstrui.exe
2014-08-13 14:10 - 2014-08-13 14:10 - 00000000 _SHDC () C:\Documents and Settings\Administrator.PETER\IETldCache
2014-08-05 06:14 - 2014-08-05 06:11 - 00001114 ____C () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-1200-F.txt
2014-07-30 13:50 - 2014-07-30 13:50 - 00000057 ____C () C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-832-F.txt

Files to move or delete:
====================
C:\Documents and Settings\Administrator.PETER\rstrui.exe
C:\Documents and Settings\Piscator\rstrui.exe

Some content of TEMP:
====================
C:\Documents and Settings\Piscator\Local Settings\Temp\avguirn_08696223890.exe
C:\Documents and Settings\Piscator\Local Settings\Temp\bde.dll
C:\Documents and Settings\Piscator\Local Settings\Temp\ghp.dll

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points (XP) =====================

==================== Memory info ===========================

Percentage of memory in use: 33%
Total physical RAM: 767.48 MB
Available physical RAM: 511.41 MB
Total Pagefile: 707.05 MB
Available Pagefile: 513.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1999.11 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.05 GB) NTFS
Drive c: (DRIVE_C) (Fixed) (Total:10 GB) (Free:2.08 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Storage) (Fixed) (Total:64.53 GB) (Free:64.46 GB) NTFS
Drive f: (KINGSTON) (Removable) (Total:7.2 GB) (Free:6.88 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: E02AE02A)
Partition 1: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=64.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.2 GB) (Disk ID: 7B8705CF)
Partition 1: (Active) - (Size=7.2 GB) - (Type=0B)

==================== End Of Log ============================

#2
tom982

Posted 01 September 2014 - 10:28 AM

Member 1K

Member
1,183 posts

Hello James and :welcome:

My name is Tom and I am going to be helping you with your malware removal. Please note that, as I am currently still in training, all of my posts have to be reviewed by my instructor prior to me posting them.

Before we continue, I would like you to read the following text:

Some of my instructions may be carried out in safe mode, where you will not have access to GeeksToGo, I suggest you save or print my instructions for later reference
Please do not attach your logs to your post, instead I would like you to copy and paste the contents into your post
Please do NOT use any other tools, fixes or scripts unless instructed to do so by myself. Not only could this damage your system, but it will make it harder for me to fix your problem
If you do not understand any of my instructions, then feel free to ask me and I will explain in further detail
Please be patient. Malware removal is a long process and requires many steps, if you stick with me, I'll help you get through this
Stay with me until I deem your computer clean. A lack of symptoms does not always mean that the system is clean
Please make sure you have read and understood my instructions before continuing with them, spelling errors in the scripts etc. could cause adverse effects to your system
If you do not hear a reply from me in 36 hours, then simply post "bump" on the thread
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed

I will review your logs now and submit a fix as soon as possible

Tom

#3
jamesfo

Posted 02 September 2014 - 03:39 AM

New Member

Topic Starter
Member
9 posts

Thanks Tom. I await your fix! James.

#4
tom982

Posted 02 September 2014 - 11:38 AM

Member 1K

Member
1,183 posts

Hi James,

I've got the go ahead, let's see how we get on with this:

FRST Fix

Open Notepad and Copy (Ctrl+C) and Paste (Ctrl+V) the following text into it:

HKLM\...\Run: [DATAMNGR] => C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe [1683608 2013-02-07] (Bandoo Media Inc)

Startup: C:\Documents and Settings\Piscator\Start Menu\Programs\Startup\program.lnk

ShortcutTarget: program.lnk -> C:\Documents and Settings\All Users\Application Data\8E1C6C.cpp (Microsoft Corporation)

2014-08-20 08:30 - 2014-08-20 08:30 - 00172032 ____C (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\8E1C6C.cpp

2014-08-13 14:09 - 2014-08-13 14:12 - 00000000 ____C () C:\Documents and Settings\Administrator.PETER\rstrui.exe

C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-*-F.txt

C:\Documents and Settings\Piscator\rstrui.exe

C:\Program Files\Search Results Toolbar



Folder: C:\Documents and Settings\All Users\Application Data\2992199F9A

Folder: C:\Documents and Settings\All Users\Application Data\3F297C670AD95C358A8374AA908DA80C



Reg: reg query "HKEY_CLASSES_ROOT\CLSID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\LocalServer32" /s

Save this as fixlist.txt, located in the same directory as FRST.exe (in the root folder of your F: drive).
Open FRST and click Fix.
After processing the script, FRST will create a log in the same folder as FRST named Fixlog.txt, please post this in your next reply.

Also, after running this please try and boot your computer normally and let me know if there are any problems.

Tom

#5
jamesfo

Posted 04 September 2014 - 03:59 AM

New Member

Topic Starter
Member
9 posts

Thanks Tom - after fixing and rebooting the lockout screen has gone, hopefully the virus is completely out of the system. Here is the fix list report:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:22-08-2014
Ran by SYSTEM at 2014-09-04 13:25:36 Run:1
Running from F:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [DATAMNGR] => C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe [1683608 2013-02-07] (Bandoo Media Inc)

Startup: C:\Documents and Settings\Piscator\Start Menu\Programs\Startup\program.lnk

ShortcutTarget: program.lnk -> C:\Documents and Settings\All Users\Application Data\8E1C6C.cpp (Microsoft Corporation)

2014-08-20 08:30 - 2014-08-20 08:30 - 00172032 ____C (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\8E1C6C.cpp

2014-08-13 14:09 - 2014-08-13 14:12 - 00000000 ____C () C:\Documents and Settings\Administrator.PETER\rstrui.exe

C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-*-F.txt

C:\Documents and Settings\Piscator\rstrui.exe

C:\Program Files\Search Results Toolbar

Folder: C:\Documents and Settings\All Users\Application Data\2992199F9A

Folder: C:\Documents and Settings\All Users\Application Data\3F297C670AD95C358A8374AA908DA80C

Reg: reg query "HKEY_CLASSES_ROOT\CLSID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\LocalServer32" /s
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR => value deleted successfully.
C:\Documents and Settings\Piscator\Start Menu\Programs\Startup\program.lnk => Moved successfully.
C:\Documents and Settings\All Users\Application Data\8E1C6C.cpp => Moved successfully.
"C:\Documents and Settings\All Users\Application Data\8E1C6C.cpp" => File/Directory not found.
C:\Documents and Settings\Administrator.PETER\rstrui.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\RUNDLL32.EXE-*-F.txt => Moved successfully.
C:\Documents and Settings\Piscator\rstrui.exe => Moved successfully.
C:\Program Files\Search Results Toolbar => Moved successfully.

========================= Folder: C:\Documents and Settings\All Users\Application Data\2992199F9A ========================

2014-04-19 06:14 - 2014-04-19 06:14 - 0000000 ____C () C:\Documents and Settings\All Users\Application Data\2992199F9A\2193912002.dat
2014-04-19 06:14 - 2014-05-01 05:49 - 0000000 ____C () C:\Documents and Settings\All Users\Application Data\2992199F9A\mql8zmqnePiscator.fdd

====== End of Folder: ======

========================= Folder: C:\Documents and Settings\All Users\Application Data\3F297C670AD95C358A8374AA908DA80C ========================

2014-08-22 13:48 - 2014-07-08 06:26 - 0141824 _____ () C:\Documents and Settings\All Users\Application Data\3F297C670AD95C358A8374AA908DA80C\jrjz16ji0.cpp

====== End of Folder: ======

========= reg query "HKEY_CLASSES_ROOT\CLSID\{1F87137D-0E7C-44d5-8C73-4EFFB68962F2}\LocalServer32" /s =========

Error: The system was unable to find the specified registry key or value

========= End of Reg: =========

==== End of Fixlog ====

#6
tom982

Posted 04 September 2014 - 05:10 PM

Member 1K

Member
1,183 posts

Hi James,

Glad to hear it! While the bulk of the malware should be gone now, there's probably a few remnants that we should take care of. Let's get a full set of logs and see where we stand:

Farbar Recovery Scan Tool (FRST)

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here

Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
Right-click FRST.exe/FRST64.exe (depending on which version you downloaded) and select Run as administrator to run it.
When the disclaimer appears, click Yes.
Make sure Addition.txt is checked and don't change any other options.
Click Scan to start FRST.
When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

Tom

#7
jamesfo

Posted 06 September 2014 - 05:02 AM

New Member

Topic Starter
Member
9 posts

Hi Tom,

Here's the FRST.txt and Addition.txt logs:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-09-2014
Ran by Piscator at 2014-09-06 13:34:00
Running from G:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2003-03-31 13:00 - 2003-03-31 13:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\PC TuneUp Maestro Scan.job => ?
Task: C:\WINDOWS\Tasks\SpeedyPC Pro.job => ?
Task: C:\WINDOWS\Tasks\SpeedyPC Registration3.job => ?
Task: C:\WINDOWS\Tasks\SpeedyPC Update Version3.job => ?

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/23/2014 10:08:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
Processing media-specific event for [mbam.exe!ws!]

Error: (08/23/2014 10:04:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
Processing media-specific event for [mbam.exe!ws!]

Error: (08/20/2014 01:14:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/16/2014 00:05:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/16/2014 11:56:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/08/2014 11:26:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/08/2014 10:51:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/29/2014 10:59:59 AM) (Source: SecurityCenter) (EventID: 1802) (User: )
Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Error: (06/26/2014 10:51:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/26/2014 10:40:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (09/06/2014 01:33:37 PM) (Source: DCOM) (EventID: 10010) (User: PETER)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (09/06/2014 01:33:07 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (09/06/2014 01:32:37 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (09/06/2014 01:32:07 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (09/06/2014 01:31:37 PM) (Source: DCOM) (EventID: 10010) (User: PETER)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (09/06/2014 01:31:07 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (09/06/2014 01:30:37 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (09/06/2014 01:30:07 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (09/06/2014 01:29:37 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (09/06/2014 01:29:06 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Microsoft Office Sessions:
=========================
Error: (08/23/2014 10:08:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.532msvcr100.dll10.0.40219.3250008d6fd

Error: (08/23/2014 10:04:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.532msvcr100.dll10.0.40219.3250008d6fd

Error: (08/20/2014 01:14:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (08/16/2014 00:05:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (08/16/2014 11:56:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (07/08/2014 11:26:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (07/08/2014 10:51:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/29/2014 10:59:59 AM) (Source: SecurityCenter) (EventID: 1802) (User: )
Description:

Error: (06/26/2014 10:51:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/26/2014 10:40:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

==================== Memory info ===========================

Processor: Intel® Pentium® 4 CPU 2.53GHz
Percentage of memory in use: 59%
Total physical RAM: 767.48 MB
Available physical RAM: 312.07 MB
Total Pagefile: 1877.79 MB
Available Pagefile: 1466.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1959.65 MB

==================== Drives ================================

Drive c: (DRIVE_C) (Fixed) (Total:10 GB) (Free:1.29 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: (Storage) (Fixed) (Total:64.53 GB) (Free:64.46 GB) NTFS
Drive g: (KINGSTON) (Removable) (Total:7.2 GB) (Free:6.88 GB) FAT32

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2014
Ran by Piscator (ATTENTION: The logged in user is not administrator) on PETER on 06-09-2014 13:30:41
Running from G:\
Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...&q={searchTerms}
SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.co...{language}&nt=1
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: DataMngr -> {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} -> C:\PROGRA~1\SEARCH~1\Datamngr\BROWSE~1.DLL No File
BHO: Search-Results Toolbar -> {f34c9277-6577-4dff-b2d7-7d58092f272f} -> C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe
[2008-04-14 06:42] - [2008-04-14 06:42] - 1033728 ____A (Microsoft Corporation)

C:\WINDOWS\system32\winlogon.exe
[2008-04-14 06:42] - [2008-04-14 06:42] - 0507904 ____A (Microsoft Corporation)

C:\WINDOWS\system32\svchost.exe
[2008-04-14 06:42] - [2008-04-14 06:42] - 0014336 ____A (Microsoft Corporation)

C:\WINDOWS\system32\services.exe
[2008-04-14 06:42] - [2009-02-06 12:11] - 0110592 ____A (Microsoft Corporation)

C:\WINDOWS\system32\User32.dll
[2008-04-14 06:42] - [2008-04-14 06:42] - 0578560 ____A (Microsoft Corporation)

C:\WINDOWS\system32\userinit.exe
[2008-04-14 06:42] - [2008-04-14 06:42] - 0026112 ____A (Microsoft Corporation)

C:\WINDOWS\system32\rpcss.dll
[2008-04-14 06:42] - [2009-02-09 13:10] - 0401408 ____A (Microsoft Corporation)

ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2008-04-14 01:11] - [2008-04-14 01:11] - 0052352 ____A (Microsoft Corporation)

==================== End Of Log ============================

#8
tom982

Posted 06 September 2014 - 01:26 PM

Member 1K

Member
1,183 posts

Hi James,

I'm sorry for the delay - I'm away this weekend with a few friends walking in Wales and although I brought my laptop and phone (to tether a hotspot), we're staying in the middle of nowhere and I overestimated the signal coverage I would get :lol:

I brought my laptop to the restaurant though and I'm on their wifi so I can reply.

I've reviewed your log and there are still quite a few things that require attention, but before we tend to those I would like to speak to you about your options. As you may or may not know, support for Windows XP ended recently meaning that you will no longer get security patches and updates for this leaving your computer vulnerable. There are two options as I see it:

1. Update to Windows 7/8 (depending on your preference, a lot of people don't like the Metro UI in Windows 8)

2. Remain on XP

I would highly recommend you seriously consider choosing option 1 because although I can, and will happily should you choose #2, fix the problems in your log, there's a very high chance that you will get infected again in the future. Upgrading to Windows 7/8 will remove all of the current problems as well as making your computer more secure in the future.

The reason I ask this is because if I was to remove all of the malware, then suggest upgrading and you agree to this, then it will be a lot of time wasted for both of us

I really don't mind either way, just let me know what you decide and we can go ahead with that.

Tom

P.S. I'm off on a fishing trip tomorrow and will stop off at a cafe either before or after so I can reply

#9
Dakeyras

Posted 08 September 2014 - 03:57 AM

Anti-Malware Mammoth

Expert
9,772 posts

Hello and my apologies for the delay, tom982 is currently unavailable and another helper will continue assistance in due course.

#10
pystryker

Posted 08 September 2014 - 04:50 AM

Trusted Helper

Malware Removal
3,912 posts

Hello James,

My name is Pystryker and I'll be filling in for Tom while he is away. Have you made a decision regarding the possibility of upgrading to Windows 7 or 8? If that is not feasible, then let's continue to try and clean the machine.

Step 1: Fix with FRST

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
Right-click in the open notepad and select Paste).
Save it on the desktop as fixlist.txt

Start
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.co...{language}&nt=1
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: DataMngr -> {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} -> C:\PROGRA~1\SEARCH~1\Datamngr\BROWSE~1.DLL No File
BHO: Search-Results Toolbar -> {f34c9277-6577-4dff-b2d7-7d58092f272f} -> C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
Task: C:\WINDOWS\Tasks\PC TuneUp Maestro Scan.job => ?
Task: C:\WINDOWS\Tasks\SpeedyPC Pro.job => ?
Task: C:\WINDOWS\Tasks\SpeedyPC Registration3.job => ?
Task: C:\WINDOWS\Tasks\SpeedyPC Update Version3.job => ?
C:\Documents and Settings\All Users\Application Data\2992199F9A
C:\Documents and Settings\All Users\Application Data\3F297C670AD95C358A8374AA908DA80C
Hosts:
Emptytemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Step 2: Fresh FRST and Addition Logs

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Place a check in the box marked Addition.txt
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Fresh FRST Log

Addition.txt Log

#11
jamesfo

Posted 09 September 2014 - 03:04 AM

New Member

Topic Starter
Member
9 posts

Hello Pystryker,

Thanks for taking over while Tom is away. The computer in question here is my second computer. The main computer runs on windows 7. Can I load Windows 7 on to this second computer using the CD I have, so updating it from XP? Does Microsoft permit using the CD on more than one computer? If so, I'll do this. And is it just a case of inserting the Windows 7 CD and following the instructions?

Thanks,

James.

#12
pystryker

Posted 09 September 2014 - 04:43 AM

Trusted Helper

Malware Removal
3,912 posts

Hello Pystryker,

Thanks for taking over while Tom is away. The computer in question here is my second computer. The main computer runs on windows 7. Can I load Windows 7 on to this second computer using the CD I have, so updating it from XP? Does Microsoft permit using the CD on more than one computer? If so, I'll do this. And is it just a case of inserting the Windows 7 CD and following the instructions?

Thanks,

James.

You're quite welcome, James.

Unfortunately, you'd need to buy a new copy of Windows 7 to upgrade the machine with. You could install it, but wouldn't be able to activate it, as the key for that copy is already registered to your other machine. It's one copy/dvd license per machine when buying Windows.

However, the prices of Windows 7 have dropped so much, it's possible to get a copy for under $100 in many places. (Ebay, Amazon, etc.)

Please let me know how you wish to proceed.

#13
jamesfo

Posted 11 September 2014 - 10:14 AM

New Member

Topic Starter
Member
9 posts

Hello Pystryker,

As the problem is with my second computer only I thought we could try and clean it first and see how it goes, then if it gets infected again, then upgrade it. If this happens, will inserting the updated Windows CD and loading the new operating system automatically scrub the hard disk and all its viruses?

I've run the fix and the scan as per your previous advice. Here is the Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-09-2014
Ran by Piscator at 2014-09-10 23:10:58 Run:4
Running from G:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms}
SearchScopes: HKCU - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.co...{language}&nt=1
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: DataMngr -> {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} -> C:\PROGRA~1\SEARCH~1\Datamngr\BROWSE~1.DLL No File
BHO: Search-Results Toolbar -> {f34c9277-6577-4dff-b2d7-7d58092f272f} -> C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
Task: C:\WINDOWS\Tasks\PC TuneUp Maestro Scan.job => ?
Task: C:\WINDOWS\Tasks\SpeedyPC Pro.job => ?
Task: C:\WINDOWS\Tasks\SpeedyPC Registration3.job => ?
Task: C:\WINDOWS\Tasks\SpeedyPC Update Version3.job => ?
C:\Documents and Settings\All Users\Application Data\2992199F9A
C:\Documents and Settings\All Users\Application Data\3F297C670AD95C358A8374AA908DA80C
Hosts:
Emptytemp:
End

*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => Key not found.
"HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key deleted successfully.
"HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}" => Key deleted successfully.
"HKCR\CLSID\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f34c9277-6577-4dff-b2d7-7d58092f272f}" => Key deleted successfully.
"HKCR\CLSID\{f34c9277-6577-4dff-b2d7-7d58092f272f}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.
C:\WINDOWS\Tasks\PC TuneUp Maestro Scan.job => Moved successfully.
C:\WINDOWS\Tasks\SpeedyPC Pro.job => Moved successfully.
C:\WINDOWS\Tasks\SpeedyPC Registration3.job => Moved successfully.
C:\WINDOWS\Tasks\SpeedyPC Update Version3.job => Moved successfully.
C:\Documents and Settings\All Users\Application Data\2992199F9A => Moved successfully.
C:\Documents and Settings\All Users\Application Data\3F297C670AD95C358A8374AA908DA80C => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 689.7 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

#14
jamesfo

Posted 11 September 2014 - 10:15 AM

New Member

Topic Starter
Member
9 posts

Here is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-09-2014
Ran by Piscator (administrator) on PETER on 10-09-2014 23:17:10
Running from G:\
Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(D-Link Corp.) C:\Program Files\D-Link\DWA-525 revA\AirNCFG.exe
(Wireless Service) C:\Program Files\D-Link\DWA-525 revA\WZCSLDR2.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
() C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe
(Smart Link) C:\WINDOWS\system32\slserv.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [D-Link D-Link DWA-525] => C:\Program Files\D-Link\DWA-525 revA\AirNCFG.exe [1074496 2011-08-29] (D-Link Corp.)
HKLM\...\Run: [D-Link DWA-525 WZCSLDR2] => C:\Program Files\D-Link\DWA-525 revA\WZCSLDR2.exe [122880 2010-07-12] (Wireless Service)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguix.exe [1103888 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-842925246-573735546-1606980848-1004\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Documents and Settings\Piscator\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 5a1aec12ea6147d182cbd169abaf4dbb-36f2888862bab67a04538ca7f1330c25577c1bbb --CMPI (the data entry has 7 more characters).
HKU\S-1-5-21-842925246-573735546-1606980848-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - No Name - {f34c9277-6577-4dff-b2d7-7d58092f272f} - No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation) [File not signed]
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [677392 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation) [File not signed]
S3 COMSysApp; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
S3 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation) [File not signed]
S2 D_Link_DWA-525; C:\Program Files\D-Link\DWA-525 revA\ANIWZCSdS.exe [126976 2010-07-12] (Wireless Service) [File not signed]
R2 D_Link_DWA-525_WPS; C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe [53248 2010-07-12] () [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation) [File not signed]
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation) [File not signed]
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
S3 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2003-03-31] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation) [File not signed]
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation) [File not signed]
S2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
R2 SLService; C:\WINDOWS\system32\slserv.exe [73796 2008-04-14] (Smart Link) [File not signed]
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
R2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1532280 2012-08-23] (AVG)
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) [File not signed]
S3 VSS; C:\WINDOWS\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 W32Time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation) [File not signed]
S2 winmgmt; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [52224 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation) [File not signed]
S2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation) [File not signed]
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation) [File not signed]
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ACPIEC; C:\WINDOWS\system32\Drivers\ACPIEC.sys [11648 2003-03-31] (Microsoft Corporation) [File not signed]
S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) [File not signed]
R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
R2 ANPD; C:\WINDOWS\system32\ANPD.sys [29411 2012-02-18] () [File not signed]
R3 Arp1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [60800 2008-04-14] (Microsoft Corporation) [File not signed]
S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-14] (Microsoft Corporation) [File not signed]
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-14] (Microsoft Corporation) [File not signed]
R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [190232 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Beep; C:\WINDOWS\system32\Drivers\Beep.sys [4224 2003-03-31] (Microsoft Corporation) [File not signed]
S4 cbidf2k; C:\WINDOWS\system32\Drivers\cbidf2k.sys [13952 2003-03-31] (Microsoft Corporation) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) [File not signed]
S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2003-03-31] (Microsoft Corporation) [File not signed]
R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-04-14] (Microsoft Corporation) [File not signed]
R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-14] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
S4 dmio; C:\WINDOWS\System32\drivers\dmio.sys [153344 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
S4 dmload; C:\WINDOWS\System32\drivers\dmload.sys [5888 2003-03-31] (Microsoft Corp., Veritas Software.) [File not signed]
S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2008-04-14] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2008-04-14] (Microsoft Corporation) [File not signed]
R4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143744 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Fdc; C:\WINDOWS\System32\DRIVERS\fdc.sys [27392 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Flpydisk; C:\WINDOWS\System32\DRIVERS\flpydisk.sys [20480 2008-04-14] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\WINDOWS\System32\DRIVERS\fltMgr.sys [129792 2008-04-14] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2003-03-31] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2003-03-31] (Microsoft Corporation) [File not signed]
R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-14] (Microsoft Corporation) [File not signed]
S3 HidUsb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [10368 2008-04-14] (Microsoft Corporation) [File not signed]
R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
R1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52480 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-14] (Microsoft Corporation) [File not signed]
R1 intelppm; C:\WINDOWS\System32\DRIVERS\intelppm.sys [36352 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Ip6Fw; C:\WINDOWS\System32\DRIVERS\Ip6Fw.sys [36608 2008-04-14] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2003-03-31] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-14] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-14] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-14] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2008-04-14] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37248 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2008-04-14] (Microsoft Corporation) [File not signed]
S3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2008-04-14] (Microsoft Corporation) [File not signed]
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2003-03-31] (Microsoft Corporation) [File not signed]
R3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2008-04-14] (Microsoft Corporation) [File not signed]
R3 MODEMCSA; C:\WINDOWS\System32\drivers\MODEMCSA.sys [16128 2001-08-17] (Microsoft Corporation) [File not signed]
R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2008-04-14] (Microsoft Corporation) [File not signed]
S3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation) [File not signed]
R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-14] (Microsoft Corporation) [File not signed]
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
R1 Msfs; C:\WINDOWS\system32\Drivers\Msfs.sys [19072 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2008-04-14] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\WINDOWS\System32\drivers\MSTEE.sys [5504 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [126686 2008-04-14] (Smart Link) [File not signed]
S3 Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [1309184 2008-04-14] (Smart Link) [File not signed]
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
S3 NABTSFEC; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation) [File not signed]
R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-14] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-14] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-14] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-14] (Microsoft Corporation) [File not signed]
R3 NIC1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [61824 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-14] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [180360 2008-04-14] (Smart Link) [File not signed]
R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2003-03-31] (Microsoft Corporation) [File not signed]
R3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [1897408 2008-04-13] (NVIDIA Corporation) [File not signed]
S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2003-03-31] (Microsoft Corporation) [File not signed]
S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2003-03-31] (Microsoft Corporation) [File not signed]
R0 ohci1394; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [61696 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Parport; C:\WINDOWS\System32\DRIVERS\parport.sys [80128 2008-04-14] (Microsoft Corporation) [File not signed]
R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2003-03-31] (Microsoft Corporation) [File not signed]
R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2003-03-31] (Microsoft Corporation) [File not signed]
S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [120192 2008-04-14] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-14] (Microsoft Corporation) [File not signed]
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2003-03-31] (Parallel Technologies, Inc.) [File not signed]
R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2003-03-31] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2003-03-31] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-14] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2003-03-31] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\WINDOWS\system32\Drivers\RDPWD.sys [139784 2012-07-04] (Microsoft Corporation) [File not signed]
R0 RecAgent; C:\WINDOWS\System32\DRIVERS\RecAgent.sys [13776 2008-04-14] (Smart Link) [File not signed]
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57600 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RT80x86; C:\WINDOWS\System32\DRIVERS\DRT2860.sys [2240064 2011-04-15] (Ralink Technology, Corp.)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation) [File not signed]
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2008-04-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 serenum; C:\WINDOWS\System32\DRIVERS\serenum.sys [15744 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Serial; C:\WINDOWS\System32\DRIVERS\serial.sys [64512 2008-04-14] (Microsoft Corporation) [File not signed]
S1 Sfloppy; C:\WINDOWS\system32\Drivers\Sfloppy.sys [11392 2008-04-14] (Microsoft Corporation) [File not signed]
R0 sisagp; C:\WINDOWS\System32\DRIVERS\sisagp.sys [40960 2008-04-14] (Silicon Integrated Systems Corporation) [File not signed]
S3 SLIP; C:\WINDOWS\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Slntamr; C:\WINDOWS\System32\DRIVERS\slntamr.sys [404990 2008-04-14] (Smart Link) [File not signed]
S3 SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [95424 2008-04-14] (Smart Link) [File not signed]
R3 SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [13240 2008-04-14] (Smart Link) [File not signed]
S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2008-04-14] (Microsoft Corporation) [File not signed]
R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
S3 streamip; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation) [File not signed]
R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-14] (Microsoft Corporation) [File not signed]
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-14] (Microsoft Corporation) [File not signed]
S3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation) [File not signed]
R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [10088 2012-07-04] (TuneUp Software)
S4 Udfs; C:\WINDOWS\system32\Drivers\Udfs.sys [66048 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-14] (Microsoft Corporation) [File not signed]
S3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32128 2008-04-14] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation) [File not signed]
R3 usbohci; C:\WINDOWS\System32\DRIVERS\usbohci.sys [17152 2008-04-14] (Microsoft Corporation) [File not signed]
R3 USBSTOR; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-14] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-14] (Microsoft Corporation) [File not signed]
R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-14] (Microsoft Corporation) [File not signed]
S3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [83072 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WSTCODEC; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation) [File not signed]
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 13:13 - 2014-09-10 23:15 - 00000228 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-09-09 13:13 - 2014-09-10 22:55 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-09-06 14:52 - 2014-09-06 14:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
2014-09-06 14:51 - 2014-09-06 14:51 - 00013374 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-09-06 14:51 - 2014-09-06 14:51 - 00011938 _____ () C:\WINDOWS\KB2834886.log
2014-09-06 14:51 - 2014-09-06 14:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-09-06 14:51 - 2014-09-06 14:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-09-06 14:51 - 2014-09-06 14:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2014-09-06 14:51 - 2014-09-06 14:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834886$
2014-09-06 14:50 - 2014-09-06 14:51 - 00011722 _____ () C:\WINDOWS\KB2900986.log
2014-09-06 14:50 - 2014-09-06 14:50 - 00018302 _____ () C:\WINDOWS\KB2862335.log
2014-09-06 14:50 - 2014-09-06 14:50 - 00011111 _____ () C:\WINDOWS\KB2904266.log
2014-09-06 14:50 - 2014-09-06 14:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-09-06 14:50 - 2014-09-06 14:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2014-09-06 14:50 - 2014-09-06 14:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2014-09-06 14:50 - 2014-09-06 14:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$
2014-09-06 14:50 - 2014-09-06 14:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2014-09-06 14:50 - 2014-09-06 14:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2014-09-06 14:49 - 2014-09-06 14:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-09-06 14:49 - 2014-09-06 14:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
2014-09-06 14:49 - 2014-09-06 14:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2864063$
2014-09-06 14:49 - 2014-09-06 14:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$
2014-09-06 14:49 - 2014-09-06 14:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2850869$
2014-09-06 14:48 - 2014-09-06 14:48 - 00019273 _____ () C:\WINDOWS\KB2868038.log
2014-09-06 14:48 - 2014-09-06 14:48 - 00010021 _____ () C:\WINDOWS\KB2803821-v2.log
2014-09-06 14:48 - 2014-09-06 14:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2014-09-06 14:48 - 2014-09-06 14:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2014-09-06 14:48 - 2014-09-06 14:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$
2014-09-06 14:48 - 2014-09-06 14:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2820917$
2014-09-06 14:48 - 2014-09-06 14:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2803821-v2_WM9$
2014-09-06 14:47 - 2014-09-06 14:47 - 00008525 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-09-06 14:47 - 2014-09-06 14:47 - 00008329 _____ () C:\WINDOWS\KB2934207.log
2014-09-06 14:47 - 2014-09-06 14:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-09-06 14:47 - 2014-09-06 14:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2014-09-06 14:47 - 2014-09-06 14:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2014-09-06 14:47 - 2014-09-06 14:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813345$
2014-09-06 14:46 - 2014-09-06 14:47 - 00010953 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-09-06 14:46 - 2014-09-06 14:46 - 00004585 _____ () C:\WINDOWS\KB2914368.log
2014-09-06 14:46 - 2014-09-06 14:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-09-06 13:54 - 2014-09-06 14:51 - 00017291 _____ () C:\WINDOWS\KB2922229.log
2014-09-06 13:53 - 2014-09-06 14:52 - 00018077 _____ () C:\WINDOWS\KB2868626.log
2014-09-06 13:53 - 2014-09-06 14:51 - 00017079 _____ () C:\WINDOWS\KB2916036.log
2014-09-06 13:52 - 2014-09-06 14:50 - 00016518 _____ () C:\WINDOWS\KB2898715.log
2014-09-06 13:52 - 2014-09-06 14:50 - 00016245 _____ () C:\WINDOWS\KB2847311.log
2014-09-06 13:51 - 2014-09-06 14:50 - 00015528 _____ () C:\WINDOWS\KB2876217.log
2014-09-06 13:51 - 2014-09-06 14:50 - 00015206 _____ () C:\WINDOWS\KB2929961.log
2014-09-06 13:51 - 2014-09-06 14:49 - 00015621 _____ () C:\WINDOWS\KB2930275.log
2014-09-06 13:51 - 2014-09-06 14:49 - 00014646 _____ () C:\WINDOWS\KB2862152.log
2014-09-06 13:51 - 2014-09-06 14:49 - 00014341 _____ () C:\WINDOWS\KB2864063.log
2014-09-06 13:51 - 2013-07-03 03:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2014-09-06 13:51 - 2013-07-03 02:59 - 00014976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys
2014-09-06 13:50 - 2014-09-06 14:49 - 00014137 _____ () C:\WINDOWS\KB2876331.log
2014-09-06 13:50 - 2014-09-06 14:49 - 00013825 _____ () C:\WINDOWS\KB2850869.log
2014-09-06 13:50 - 2014-09-06 14:48 - 00015944 _____ () C:\WINDOWS\KB2820917.log
2014-09-06 13:50 - 2014-09-06 14:48 - 00015523 _____ () C:\WINDOWS\KB2859537.log
2014-09-06 13:49 - 2014-09-06 14:48 - 00012951 _____ () C:\WINDOWS\KB2893294.log
2014-09-06 13:49 - 2014-09-06 14:47 - 00017126 _____ () C:\WINDOWS\KB2813345.log
2014-09-06 13:49 - 2014-09-06 14:47 - 00012445 _____ () C:\WINDOWS\KB2892075.log
2014-09-06 13:49 - 2014-02-26 02:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-09-06 13:49 - 2014-02-26 02:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-09-06 13:49 - 2013-08-09 01:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2014-09-06 13:49 - 2013-08-09 01:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2014-09-06 13:49 - 2009-03-18 12:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2014-08-25 23:03 - 2014-09-10 23:17 - 00000000 ___DC () C:\FRST
2014-08-23 10:13 - 2014-08-23 10:45 - 00003003 ____C () C:\Documents and Settings\Administrator.PETER\avgrep.txt
2014-08-23 10:13 - 2014-08-23 10:13 - 00000000 ___DC () C:\Documents and Settings\Administrator.PETER\Application Data\AVG2014
2014-08-23 10:09 - 2014-08-23 10:09 - 00000000 ___DC () C:\Documents and Settings\Administrator.PETER\Local Settings\Application Data\Avg
2014-08-23 10:08 - 2014-08-23 10:13 - 00000000 ___DC () C:\Documents and Settings\Administrator.PETER\Local Settings\Application Data\Avg2014
2014-08-23 10:06 - 2014-08-23 10:06 - 00000000 _SHDC () C:\Documents and Settings\Administrator.PETER\PrivacIE
2014-08-23 10:06 - 2014-08-23 10:06 - 00000000 _SHDC () C:\Documents and Settings\Administrator.PETER\IECompatCache
2014-08-13 19:10 - 2014-08-13 19:10 - 00000000 _SHDC () C:\Documents and Settings\Administrator.PETER\IETldCache

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 23:17 - 2014-08-25 23:03 - 00000000 ___DC () C:\FRST
2014-09-10 23:17 - 2011-07-22 13:15 - 00000000 ____D () C:\Documents and Settings\Piscator\Local Settings\Temp
2014-09-10 23:17 - 2011-07-22 13:06 - 02004655 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-10 23:15 - 2014-09-09 13:13 - 00000228 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-09-10 23:15 - 2012-02-18 11:55 - 00003284 _____ () C:\WINDOWS\system32\ANIWZCS{1ACE3675-AEA8-421E-868D-85C0BB2FD7AB}
2014-09-10 23:15 - 2012-02-18 11:33 - 00000007 _____ () C:\WINDOWS\system32\ANIWZCSUSERNAME{1ACE3675-AEA8-421E-868D-85C0BB2FD7AB}
2014-09-10 23:15 - 2011-07-22 13:57 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-10 23:15 - 2011-07-22 13:57 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-09-10 23:15 - 2011-07-22 13:12 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-10 23:15 - 2003-03-31 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-10 23:14 - 2011-07-22 13:53 - 00225616 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-10 23:13 - 2013-03-12 14:16 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-09-10 23:13 - 2011-07-22 13:15 - 00000178 ___SH () C:\Documents and Settings\Piscator\ntuser.ini
2014-09-10 23:13 - 2011-07-22 13:12 - 00032656 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-10 23:12 - 2014-04-30 21:26 - 00000000 ___DC () C:\Documents and Settings\Administrator.PETER\Local Settings\Temp
2014-09-10 23:00 - 2011-07-22 13:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-09-10 22:55 - 2014-09-09 13:13 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-09-09 14:04 - 2011-07-22 13:15 - 00000000 ____D () C:\Documents and Settings\Piscator
2014-09-06 14:52 - 2014-09-06 14:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
2014-09-06 14:52 - 2014-09-06 13:53 - 00018077 _____ () C:\WINDOWS\KB2868626.log
2014-09-06 14:52 - 2011-07-23 10:56 - 00082549 _____ () C:\WINDOWS\updspapi.log
2014-09-06 14:52 - 2011-07-22 13:55 - 00476049 _____ () C:\WINDOWS\tsoc.log
2014-09-06 14:52 - 2011-07-22 13:55 - 00255330 _____ () C:\WINDOWS\ntdtcsetup.log
2014-09-06 14:52 - 2011-07-22 13:55 - 00068601 _____ () C:\WINDOWS\ocmsn.log
2014-09-06 14:52 - 2011-07-22 13:55 - 00062053 _____ () C:\WINDOWS\msgsocm.log
2014-09-06 14:52 - 2011-07-22 13:55 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-09-06 14:52 - 2011-07-22 13:54 - 01238936 _____ () C:\WINDOWS\FaxSetup.log
2014-09-06 14:52 - 2011-07-22 13:54 - 00704668 _____ () C:\WINDOWS\setupapi.log
2014-09-06 14:52 - 2011-07-22 13:54 - 00600013 _____ () C:\WINDOWS\ocgen.log
2014-09-06 14:52 - 2011-07-22 13:54 - 00423319 _____ () C:\WINDOWS\comsetup.log
2014-09-06 14:52 - 2011-07-22 13:54 - 00195750 _____ () C:\WINDOWS\iis6.log
2014-09-06 14:51 - 2014-09-06 14:51 - 00013374 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-09-06 14:51 - 2014-09-06 14:51 - 00011938 _____ () C:\WINDOWS\KB2834886.log
2014-09-06 14:51 - 2014-09-06 14:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-09-06 14:51 - 2014-09-06 14:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2916036$
2014-09-06 14:51 - 2014-09-06 14:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2014-09-06 14:51 - 2014-09-06 14:51 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834886$
2014-09-06 14:51 - 2014-09-06 14:50 - 00011722 _____ () C:\WINDOWS\KB2900986.log
2014-09-06 14:51 - 2014-09-06 13:54 - 00017291 _____ () C:\WINDOWS\KB2922229.log
2014-09-06 14:51 - 2014-09-06 13:53 - 00017079 _____ () C:\WINDOWS\KB2916036.log
2014-09-06 14:51 - 2011-07-23 11:27 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-09-06 14:51 - 2011-07-22 13:55 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-09-06 14:50 - 2014-09-06 14:50 - 00018302 _____ () C:\WINDOWS\KB2862335.log
2014-09-06 14:50 - 2014-09-06 14:50 - 00011111 _____ () C:\WINDOWS\KB2904266.log
2014-09-06 14:50 - 2014-09-06 14:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-09-06 14:50 - 2014-09-06 14:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$
2014-09-06 14:50 - 2014-09-06 14:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2014-09-06 14:50 - 2014-09-06 14:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$
2014-09-06 14:50 - 2014-09-06 14:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2014-09-06 14:50 - 2014-09-06 14:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2014-09-06 14:50 - 2014-09-06 13:52 - 00016518 _____ () C:\WINDOWS\KB2898715.log
2014-09-06 14:50 - 2014-09-06 13:52 - 00016245 _____ () C:\WINDOWS\KB2847311.log
2014-09-06 14:50 - 2014-09-06 13:51 - 00015528 _____ () C:\WINDOWS\KB2876217.log
2014-09-06 14:50 - 2014-09-06 13:51 - 00015206 _____ () C:\WINDOWS\KB2929961.log
2014-09-06 14:50 - 2011-07-23 11:09 - 00026484 _____ () C:\WINDOWS\system32\TZLog.log
2014-09-06 14:49 - 2014-09-06 14:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-09-06 14:49 - 2014-09-06 14:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876331$
2014-09-06 14:49 - 2014-09-06 14:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2864063$
2014-09-06 14:49 - 2014-09-06 14:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$
2014-09-06 14:49 - 2014-09-06 14:49 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2850869$
2014-09-06 14:49 - 2014-09-06 13:51 - 00015621 _____ () C:\WINDOWS\KB2930275.log
2014-09-06 14:49 - 2014-09-06 13:51 - 00014646 _____ () C:\WINDOWS\KB2862152.log
2014-09-06 14:49 - 2014-09-06 13:51 - 00014341 _____ () C:\WINDOWS\KB2864063.log
2014-09-06 14:49 - 2014-09-06 13:50 - 00014137 _____ () C:\WINDOWS\KB2876331.log
2014-09-06 14:49 - 2014-09-06 13:50 - 00013825 _____ () C:\WINDOWS\KB2850869.log
2014-09-06 14:48 - 2014-09-06 14:48 - 00019273 _____ () C:\WINDOWS\KB2868038.log
2014-09-06 14:48 - 2014-09-06 14:48 - 00010021 _____ () C:\WINDOWS\KB2803821-v2.log
2014-09-06 14:48 - 2014-09-06 14:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2014-09-06 14:48 - 2014-09-06 14:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2014-09-06 14:48 - 2014-09-06 14:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$
2014-09-06 14:48 - 2014-09-06 14:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2820917$
2014-09-06 14:48 - 2014-09-06 14:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2803821-v2_WM9$
2014-09-06 14:48 - 2014-09-06 13:50 - 00015944 _____ () C:\WINDOWS\KB2820917.log
2014-09-06 14:48 - 2014-09-06 13:50 - 00015523 _____ () C:\WINDOWS\KB2859537.log
2014-09-06 14:48 - 2014-09-06 13:49 - 00012951 _____ () C:\WINDOWS\KB2893294.log
2014-09-06 14:47 - 2014-09-06 14:47 - 00008525 _____ () C:\WINDOWS\KB2909210-IE8.log
2014-09-06 14:47 - 2014-09-06 14:47 - 00008329 _____ () C:\WINDOWS\KB2934207.log
2014-09-06 14:47 - 2014-09-06 14:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-09-06 14:47 - 2014-09-06 14:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2014-09-06 14:47 - 2014-09-06 14:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2014-09-06 14:47 - 2014-09-06 14:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2813345$
2014-09-06 14:47 - 2014-09-06 14:46 - 00010953 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-09-06 14:47 - 2014-09-06 13:49 - 00017126 _____ () C:\WINDOWS\KB2813345.log
2014-09-06 14:47 - 2014-09-06 13:49 - 00012445 _____ () C:\WINDOWS\KB2892075.log
2014-09-06 14:46 - 2014-09-06 14:46 - 00004585 _____ () C:\WINDOWS\KB2914368.log
2014-09-06 14:46 - 2014-09-06 14:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2014-09-06 13:50 - 2011-07-23 10:33 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2014-09-04 18:25 - 2014-04-30 21:26 - 00000000 ___DC () C:\Documents and Settings\Administrator.PETER
2014-08-23 11:01 - 2014-07-16 19:40 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-08-23 10:45 - 2014-08-23 10:13 - 00003003 ____C () C:\Documents and Settings\Administrator.PETER\avgrep.txt
2014-08-23 10:13 - 2014-08-23 10:13 - 00000000 ___DC () C:\Documents and Settings\Administrator.PETER\Application Data\AVG2014
2014-08-23 10:13 - 2014-08-23 10:08 - 00000000 ___DC () C:\Documents and Settings\Administrator.PETER\Local Settings\Application Data\Avg2014
2014-08-23 10:09 - 2014-08-23 10:09 - 00000000 ___DC () C:\Documents and Settings\Administrator.PETER\Local Settings\Application Data\Avg
2014-08-23 10:06 - 2014-08-23 10:06 - 00000000 _SHDC () C:\Documents and Settings\Administrator.PETER\PrivacIE
2014-08-23 10:06 - 2014-08-23 10:06 - 00000000 _SHDC () C:\Documents and Settings\Administrator.PETER\IECompatCache
2014-08-13 19:10 - 2014-08-13 19:10 - 00000000 _SHDC () C:\Documents and Settings\Administrator.PETER\IETldCache

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

#15
jamesfo

Posted 11 September 2014 - 10:16 AM

New Member

Topic Starter
Member
9 posts

Here is the Addition log:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-09-2014
Ran by Piscator at 2014-09-10 23:18:22
Running from G:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AVG (HKLM\...\AvgZen) (Version: 1.0.289 - AVG Technologies)
AVG 2013 (Version: 13.0.3658 - AVG Technologies) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
AVG 2014 (Version: 14.0.4015 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM\...\AVG PC TuneUp) (Version: 12.0.4000.108 - AVG Technologies)
AVG PC TuneUp (Version: 12.0.4000.108 - AVG Technologies) Hidden
AVG PC TuneUp Language Pack (en-US) (Version: 12.0.4000.108 - AVG Technologies) Hidden
AVG Zen (Version: 1.0.229 - AVG Technologies) Hidden
AVG Zen (Version: 1.0.289 - AVG Technologies) Hidden
D-Link DWA-525 (HKLM\...\{1DEB8A37-56C9-4E41-9102-171D8EC91DF0}) (Version: - D-Link)
FMW 1 (Version: 1.0.218 - AVG Technologies) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
KODAK DC240/DC280 Software (HKLM\...\KODAK DC240_DC280) (Version: - )
Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
PC TuneUp Maestro (HKLM\...\PC TuneUp Maestro) (Version: 2.8.3.91 - CompuClever Systems Inc.)
Search-Results Toolbar (HKLM\...\ilividtoolbarguid) (Version: 1.0.0.12 - APN LLC) <==== ATTENTION
SpeedyPC Pro (HKLM\...\{604CD5A1-4520-4844-B064-A3D884B77E91}) (Version: 3.1.3.0 - SpeedyPC Software, Inc.) <==== ATTENTION
ThumbsPlus version 4.10-R (HKLM\...\ThumbsPlus4) (Version: - )
Update for Windows Internet Explorer 8 (KB2447568) (HKLM\...\KB2447568-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (HKLM\...\KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D8}) (Version: 17.0.10381 - WinZip Computing, S.L. )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2003-03-31 13:00 - 2014-09-10 23:12 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2003-03-31 13:00 - 2003-03-31 13:00 - 00015360 _____ () C:\WINDOWS\system32\tsd32.dll
2012-02-18 11:22 - 2012-02-18 11:22 - 00315392 _____ () C:\WINDOWS\system32\ANPDApi.dll
2012-02-18 11:21 - 2010-05-13 11:58 - 00294912 _____ () C:\Program Files\D-Link\DWA-525 revA\WlanApp.dll
2014-05-14 19:55 - 2014-05-14 19:55 - 31842816 _____ () C:\Program Files\AVG\Framework\Common\libcef.dll
2012-02-18 11:21 - 2010-07-12 15:39 - 00053248 _____ () C:\Program Files\D-Link\DWA-525 revA\ANIWConnService.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2014 11:01:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 10.9.2014.0, faulting module frst.exe, version 10.9.2014.0, fault address 0x0001f3d4.
Processing media-specific event for [frst.exe!ws!]

Error: (09/10/2014 10:57:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 10.9.2014.0, faulting module frst.exe, version 10.9.2014.0, fault address 0x0001f3f6.
Processing media-specific event for [frst.exe!ws!]

Error: (09/06/2014 02:18:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/23/2014 10:08:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 1.0.0.532, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
Processing media-specific event for [mbam.exe!ws!]

System errors:
=============
Error: (09/10/2014 11:28:48 PM) (Source: DCOM) (EventID: 10010) (User: PETER)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (09/10/2014 11:28:18 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (09/10/2014 11:27:48 PM) (Source: DCOM) (EventID: 10010) (User: PETER)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (09/10/2014 11:27:18 PM) (Source: DCOM) (EventID: 10010) (User: PETER)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (09/10/2014 11:26:48 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (09/10/2014 11:26:18 PM) (Source: DCOM) (EventID: 10010) (User: PETER)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (09/10/2014 11:25:48 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (09/10/2014 11:25:18 PM) (Source: DCOM) (EventID: 10010) (User: PETER)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

Error: (09/10/2014 11:25:12 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (09/10/2014 11:25:05 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Microsoft Office Sessions:
=========================
Error: (09/10/2014 11:01:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: frst.exe10.9.2014.0frst.exe10.9.2014.00001f3d4

Error: (09/10/2014 10:57:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: frst.exe10.9.2014.0frst.exe10.9.2014.00001f3f6

Error: (09/06/2014 02:18:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (08/23/2014 10:08:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.532msvcr100.dll10.0.40219.3250008d6fd

Error: (08/23/2014 10:04:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.532msvcr100.dll10.0.40219.3250008d6fd

Error: (08/20/2014 01:14:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (08/16/2014 00:05:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (08/16/2014 11:56:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (07/08/2014 11:26:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

==================== Memory info ===========================

Processor: Intel® Pentium® 4 CPU 2.53GHz
Percentage of memory in use: 57%
Total physical RAM: 767.48 MB
Available physical RAM: 327.12 MB
Total Pagefile: 1877.79 MB
Available Pagefile: 1442.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1964.73 MB

==================== Drives ================================

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: virus, frst

Security → Virus, Spyware, Malware Removal → Having Powersheel.exe Issues ... Need fixlist.txt Started by raj0171 , 19 Mar 2024 Virus, HELP, Malwarebytes	5 replies 2,650 views	DR M 06 Apr 2024
Security → Virus, Spyware, Malware Removal → HP desktop - google.com is in Norwegian [Solved] Started by wayneman50 , 23 Jul 2023 internet, google, virus and 1 more... 1 2 3	Hot 41 replies 24,151 views	wayneman50 17 Aug 2023
Security → Virus, Spyware, Malware Removal → Virus Infection Started by ForrestGump , 05 Oct 2022 Virus 1 2 3 8 →	Hot 110 replies 15,832 views	RKinner 14 Nov 2022
Security → Virus, Spyware, Malware Removal → Checkmate Ransomware detection / removal? Started by JcTcom , 18 Aug 2022 Checkmate, Ransomware, Virus and 5 more...	0 replies 1,853 views	JcTcom 18 Aug 2022
Security → Virus, Spyware, Malware Removal → Virus on laptop - pop up screen and audio message [Solved] Started by bjorkstrait , 28 Jun 2022 Virus, lock screen and 1 more... 1 2	Hot 17 replies 5,169 views	DR M 30 Jun 2022