Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus


  • Please log in to reply

#1
Nately

Nately

    New Member

  • Member
  • Pip
  • 8 posts

Can anyone help in the removing of adns.com virus from my PC I have windows xp 2000 and it is appearing when I use AOL as my browser.  It appears as a blank white window and keeps popping up.  I have used Norton and adw cleaner to no avail.  Any help would be appreciated.  Thank you.


  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Hello Nately,

Sorry for the delay.

Pretty old computer you have there. Not many of our tools will work efficiently with Windows 2000.

Let's see if this tool will allow us to help you.

Firstly though:

Download Peazip to the desktop  
Run and install the programme
As it installs this page will show, deselect the AVG ticks

 

peazip.jpg


Press decline and it will then install cleanly.

Next 

Please download the attached file and save to your desktop.

Right click on the zip file HJTInstall.zip and in the drop down click on Peazip > Extract here (in new folder).

A new folder HJTInstall will open on your desktop. .
 

  • Open the folder and double click HJTInstall.exe.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 


  • 0

#3
Nately

Nately

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank You - Attached;
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:04:27, on 11/09/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
c:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\AOL\1348676577\ee\AOLSoftware.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\System32\BrmfBAgS.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Documents and Settings\Raymond Sleet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Raymond Sleet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Raymond Sleet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Raymond Sleet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Raymond Sleet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Works\wkswp.exe
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\Microsoft Works\wkgdcach.exe
C:\Documents and Settings\Raymond Sleet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\PeaZip\PEAZIP.EXE
C:\Documents and Settings\Raymond Sleet\My Documents\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.search.ya...278&fr=sp_tr_ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts file is located at: C:\WINDOWS\help\hosts
O2 - BHO: (no name) - {210A34B7-A8CB-4A43-8392-7EBCF86276B6} - (no file)
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: AOL Broadband Toolbar Loader - {776a9d06-e178-4aa0-aee4-b4de3a64ad28} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: AOL Broadband Toolbar - {e6ed7f95-e571-4f81-8757-5eb11252703d} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1348676577\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Raymond Sleet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = mydomain.com
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - AOL LLC - (no file)
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\System32\BrmfBAgS.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
 
--
End of file - 10086 bytes

  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Hi Nately,

 

From your opening statement I thought you had Win 2000 but I see you have XP with SP3. My mistake.

 

We want a tool better for XP.

 

Please download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. In your case it will be the 32-Bit version.
 

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

 

 

 


  • 0

#5
Nately

Nately

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Thank You - Attached as  Requested;

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2014
Ran by Raymond Sleet (administrator) on GLOBAL on 12-09-2014 09:41:16
Running from C:\Documents and Settings\Raymond Sleet\My Documents\Downloads
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Easy Systems Japan Ltd.) C:\WINDOWS\system32\ezSP_Px.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\realplay.exe
(Lucent Technologies) C:\WINDOWS\LTSMMSG.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(AOL LLC) C:\Program Files\Common Files\AOL\1348676577\ee\aolsoftware.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Acresso Corporation) C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(Microsoft® Corporation) C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Brother Industries, Ltd.) C:\WINDOWS\system32\BrmfBAgS.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Google Inc.) C:\Documents and Settings\Raymond Sleet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Raymond Sleet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(AOL Inc.) C:\Program Files\AOL 9.1\waol.exe
(Google Inc.) C:\Documents and Settings\Raymond Sleet\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(AOL LLC) C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
(AOL Inc.) C:\Program Files\AOL 9.1\shellmon.exe
(Farbar) C:\Documents and Settings\Raymond Sleet\My Documents\Downloads\FRST (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
HKLM\...\Run: [ezShieldProtector for Px] => C:\WINDOWS\System32\ezSP_Px.exe [40960 2002-07-03] (Easy Systems Japan Ltd.)
HKLM\...\Run: [Microsoft Works Portfolio] => C:\Program Files\Microsoft Works\WksSb.exe [311350 2000-07-13] (Microsoft® Corporation)
HKLM\...\Run: [Microsoft Works Update Detection] => C:\Program Files\Microsoft Works\WkDetect.exe [28739 2000-07-13] (Microsoft® Corporation)
HKLM\...\Run: [RealTray] => C:\Program Files\Real\RealPlayer\RealPlay.exe [26112 2004-07-28] (RealNetworks, Inc.)
HKLM\...\Run: [LTSMMSG] => C:\WINDOWS\LTSMMSG.exe [32768 2002-08-02] (Lucent Technologies)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1348676577\ee\AOLSoftware.exe [42032 2007-05-25] (AOL LLC)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] => C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse]  <==== ATTENTION!
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-809299238-4212676017-31143968-1005\...\Run: [Google Update] => C:\Documents and Settings\Raymond Sleet\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2010-09-04] (Google Inc.)
HKU\S-1-5-21-809299238-4212676017-31143968-1005\...\Run: [ISUSPM] => C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
ShortcutTarget: Microsoft Works Calendar Reminders.lnk -> C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VAIO Action Setup (Server).lnk
ShortcutTarget: VAIO Action Setup (Server).lnk -> C:\Program Files\Sony\VAIO Action Setup\VAServ.exe (Sony Corporation)
BootExecute: autocheck autochk * SsiEfr.eC:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.search.ya...278&fr=sp_tr_ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=UP62
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=OIE8HP&PC=UP62
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...=OIE8HP&PC=UP62
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
URLSearchHook: HKLM - AOL Broadband Toolbar Search Class - {4a6e1b85-1193-4a2a-aab8-7417f275f18a} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
SearchScopes: HKCU - DefaultScope {A06F5ED7-4B90-4E62-9AD7-09DE472E063F} URL = https://uk.search.ya...p={searchTerms}
SearchScopes: HKCU - {A06F5ED7-4B90-4E62-9AD7-09DE472E063F} URL = https://uk.search.ya...p={searchTerms}
BHO: No Name -> {210A34B7-A8CB-4A43-8392-7EBCF86276B6} ->  No File
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AOL Broadband Toolbar Loader -> {776a9d06-e178-4aa0-aee4-b4de3a64ad28} -> C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - AOL Broadband Toolbar - {e6ed7f95-e571-4f81-8757-5eb11252703d} - C:\Program Files\AOL Broadband Toolbar\aolbbtb.dll (AOL LLC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} http://fpdownload2.m...ash/swflash.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Raymond Sleet\Application Data\Mozilla\Firefox\Profiles\nvv1uinz.default
FF Homepage: hxxp://www.aol.co.uk
FF Homepage: hxxp://www.aol.co.uk
FF NetworkProxy: "no_proxies_on", "localhost"
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: [email protected]/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Raymond Sleet\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Raymond Sleet\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Documents and Settings\Raymond Sleet\Application Data\Mozilla\Firefox\Profiles\nvv1uinz.default\searchplugins\aol-search.xml
FF SearchPlugin: C:\Documents and Settings\Raymond Sleet\Application Data\Mozilla\Firefox\Profiles\nvv1uinz.default\searchplugins\yahoo_ff.xml
FF Extension: Amazon Shopping Assistant by Spigot - C:\Documents and Settings\Raymond Sleet\Application Data\Mozilla\Firefox\Profiles\nvv1uinz.default\Extensions\[email protected] [2014-08-05]
FF Extension: Ebay Shopping Assistant by Spigot - C:\Documents and Settings\Raymond Sleet\Application Data\Mozilla\Firefox\Profiles\nvv1uinz.default\Extensions\[email protected] [2014-08-05]
FF Extension: Slick Savings - C:\Documents and Settings\Raymond Sleet\Application Data\Mozilla\Firefox\Profiles\nvv1uinz.default\Extensions\[email protected] [2014-08-05]
FF Extension: AOL Broadband Toolbar - C:\Documents and Settings\Raymond Sleet\Application Data\Mozilla\Firefox\Profiles\nvv1uinz.default\Extensions\{796503e4-19fe-48a3-82da-5c1fe0a13e3f} [2011-10-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-18]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> google.co.uk
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR CustomProfile: C:\Documents and Settings\Raymond Sleet\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Documents and Settings\Raymond Sleet\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-19]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Raymond Sleet\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-19]
CHR HKLM\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\Documents and Settings\All Users\Application Data\adawaretb\shortcuts\chrome\adawaretb.crx []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [267440 2014-09-10] (Adobe Systems Incorporated) [File not signed]
R3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
S2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1417160 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 brmfbags; C:\WINDOWS\System32\BrmfBAgS.exe [53248 2004-09-10] (Brother Industries, Ltd.) [File not signed]
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-07-17] (Oracle Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [65536 2002-07-12] (Sony Corporation) [File not signed]
S2 AOLService; No ImagePath
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2004-07-28] (Windows ® 2000 DDK provider) [File not signed]
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [191256 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 brfilt; C:\WINDOWS\System32\Drivers\Brfilt.sys [2944 2001-08-17] (Brother Industries Ltd.)
S3 brparimg; C:\WINDOWS\System32\DRIVERS\BrParImg.sys [3168 2001-08-17] (Brother Industries Ltd.)
S3 BrParWdm; C:\WINDOWS\System32\Drivers\BrParwdm.sys [39552 2001-08-17] (Brother Industries Ltd.)
R3 BrScnUsb; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 BrSerIf; C:\WINDOWS\System32\Drivers\BrSerIf.sys [51712 2004-09-29] (Brother Industries Ltd.) [File not signed]
S3 BrSerWDM; C:\WINDOWS\System32\Drivers\BrSerWdm.sys [61440 2004-11-23] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [11648 2004-01-10] (Brother Industries Ltd.) [File not signed]
R0 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2013-04-11] (GFI Software)
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64288 2010-08-12] (Lavasoft AB)
R3 LucentSoftModem; C:\WINDOWS\System32\DRIVERS\LTSM.sys [816043 2002-08-02] (Lucent Technologies)
R2 MaVctrl; C:\WINDOWS\System32\DRIVERS\MaVc2K.sys [11089 2004-08-23] (Mobile Action Technology Inc.) [File not signed]
S3 mf; C:\WINDOWS\System32\DRIVERS\mf.sys [63744 2008-04-13] (Microsoft Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R3 MxlW2k; C:\WINDOWS\system32\Drivers\MxlW2k.sys [28352 2006-12-29] (MusicMatch, Inc.) [File not signed]
R3 nvax; C:\WINDOWS\System32\drivers\nvax.sys [13184 2002-07-22] (NVIDIA Corporation)
R3 nvnforce; C:\WINDOWS\System32\drivers\nvapu.sys [209280 2002-07-22] (NVIDIA Corporation)
R0 nv_agp; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [13342 2002-02-06] (NVIDIA Corporation)
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [36560 2006-09-27] (Sonic Solutions) [File not signed]
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [45568 2002-06-13] (Realtek Semiconductor Corporation)
R3 SONYWBMS; C:\WINDOWS\System32\DRIVERS\SonyWBMS.SYS [31586 2002-07-03] (Sony Corporation)
S3 SWDUMon; C:\WINDOWS\System32\DRIVERS\SWDUMon.sys [13464 2014-04-19] ()
S3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [58224 2002-02-26] (Symantec Corporation) [File not signed]
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 wandrv; C:\WINDOWS\System32\DRIVERS\wandrv.sys [22608 2001-08-09] (America Online, Inc.)
S2 ADILOADER; No ImagePath
S3 adiusbaw; No ImagePath
S4 hpt3xx; No ImagePath
S4 IntelIde; No ImagePath
S3 PPPoEWin; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 08:05 - 2014-09-12 09:41 - 00000000 ____D () C:\FRST
2014-09-11 17:11 - 2014-09-11 17:11 - 00013824 _____ () C:\Documents and Settings\Raymond Sleet\My Documents\Untitled Document.wps
2014-09-11 17:01 - 2014-09-11 17:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
2014-09-11 16:35 - 2014-09-11 16:35 - 00000000 ____D () C:\Program Files\PeaZip
2014-09-11 16:35 - 2014-09-11 16:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PeaZip
2014-09-11 15:35 - 2014-09-11 15:35 - 00010752 _____ () C:\Documents and Settings\Raymond Sleet\My Documents\Tesco 11.09.14.wps
2014-09-11 14:25 - 2014-09-11 14:28 - 00000000 ____D () C:\Documents and Settings\Raymond Sleet\Application Data\PeaZip
2014-09-11 09:34 - 2014-09-11 09:34 - 00010752 _____ () C:\Documents and Settings\Raymond Sleet\My Documents\RBS Spam.wps
2014-09-09 11:24 - 2014-09-09 11:24 - 00012288 _____ () C:\Documents and Settings\Raymond Sleet\My Documents\Coin List For.wps
2014-09-05 11:20 - 2014-09-05 11:48 - 00013824 _____ () C:\Documents and Settings\Raymond Sleet\My Documents\Tesco 05.09.14.wps
2014-09-01 17:21 - 2014-09-01 17:21 - 00010240 _____ () C:\Documents and Settings\Raymond Sleet\My Documents\Window Showrooms.wps
2014-08-27 09:20 - 2014-08-27 09:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avg_Update_0814av
2014-08-25 19:23 - 2014-08-26 15:40 - 00030720 _____ () C:\Documents and Settings\Raymond Sleet\My Documents\Tesco 26.08.14.wps
2014-08-25 09:14 - 2014-08-25 09:14 - 00020992 _____ () C:\Documents and Settings\Raymond Sleet\My Documents\Ruggie.wps
2014-08-21 19:59 - 2014-08-27 18:07 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-20 11:31 - 2014-08-20 11:31 - 00000000 ____D () C:\Documents and Settings\Raymond Sleet\My Documents\Turbo Lister
2014-08-19 20:04 - 2014-08-19 20:04 - 00014336 _____ () C:\Documents and Settings\Raymond Sleet\My Documents\Tesco 19.08.14.wps
2014-08-17 18:40 - 2014-08-17 18:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avg_Update_0614a
2014-08-16 10:42 - 2014-08-16 10:42 - 00000000 ____D () C:\Documents and Settings\Raymond Sleet\Application Data\AVG2014
2014-08-16 10:38 - 2014-08-29 20:52 - 00000706 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-08-16 10:38 - 2014-08-29 20:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-08-16 10:38 - 2014-08-16 10:38 - 00000000 ____D () C:\Documents and Settings\Raymond Sleet\Application Data\TuneUp Software
2014-08-16 10:36 - 2014-08-16 10:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-08-16 10:36 - 2014-08-16 10:36 - 00000000 ___HD () C:\$AVG
2014-08-16 10:35 - 2014-08-16 10:35 - 00000000 ____D () C:\Program Files\AVG
2014-08-16 10:29 - 2014-08-16 11:39 - 00000000 ____D () C:\Documents and Settings\Raymond Sleet\Local Settings\Application Data\Avg2014
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 09:43 - 2010-12-29 16:59 - 00000000 ____D () C:\Documents and Settings\Raymond Sleet\Local Settings\Temp
2014-09-12 09:41 - 2014-09-12 08:05 - 00000000 ____D () C:\FRST
2014-09-12 09:39 - 2002-08-20 12:30 - 00000887 _____ () C:\WINDOWS\win.ini
2014-09-12 08:53 - 2010-09-04 10:47 - 00001010 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-809299238-4212676017-31143968-1005UA.job
2014-09-12 08:45 - 2014-02-16 16:18 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-12 08:31 - 2012-11-16 18:15 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-12 07:37 - 2004-08-15 09:27 - 01717914 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-12 07:34 - 2002-08-20 20:43 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-09-12 07:21 - 2013-07-14 08:51 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-09-12 07:13 - 2013-11-16 18:51 - 00000428 _____ () C:\WINDOWS\Tasks\Symantec NetDetect.job
2014-09-12 07:12 - 2002-08-20 13:36 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2014-09-12 07:12 - 2002-08-20 13:36 - 00000050 ____C () C:\WINDOWS\wiaservc.log
2014-09-12 07:11 - 2014-03-22 08:18 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-09-12 07:11 - 2012-11-16 18:15 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-12 07:11 - 2002-08-20 20:41 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-11 20:12 - 2002-08-20 20:43 - 00032402 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-11 20:11 - 2003-04-14 12:42 - 00000278 __SHC () C:\Documents and Settings\Raymond Sleet\ntuser.ini
2014-09-11 17:11 - 2014-09-11 17:11 - 00013824 _____ () C:\Documents and Settings\Raymond Sleet\My Documents\Untitled Document.wps
2014-09-11 17:01 - 2014-09-11 17:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
2014-09-11 16:35 - 2014-09-11 16:35 - 00000000 ____D () C:\Program Files\PeaZip
2014-09-11 16:35 - 2014-09-11 16:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\PeaZip
2014-09-11 15:53 - 2010-09-04 10:47 - 00000958 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-809299238-4212676017-31143968-1005Core.job
2014-09-11 15:35 - 2014-09-11 15:35 - 00010752 _____ () C:\Documents and Settings\Raymond Sleet\My Documents\Tesco 11.09.14.wps
2014-09-11 14:28 - 2014-09-11 14:25 - 00000000 ____D () C:\Documents and Settings\Raymond Sleet\Application Data\PeaZip
2014-09-11 09:34 - 2014-09-11 09:34 - 00010752 _____ () C:\Documents and Settings\Raymond Sleet\My Documents\RBS Spam.wps
2014-09-10 20:56 - 2013-08-14 20:21 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-10 20:38 - 2006-02-08 09:56 - 98758480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-10 19:00 - 2014-02-21 10:11 - 00027648 _____ () C:\Documents and Settings\Raymond Sleet\My Documents\Invoice Russia. 2014.wps
2014-09-10 09:17 - 2003-04-14 12:42 - 00000000 ____D () C:\Documents and Settings\Raymond Sleet
2014-09-10 08:46 - 2012-11-16 18:15 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-10 08:46 - 2012-11-16 18:15 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-09 14:38 - 2002-08-20 12:30 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-09 11:24 - 2014-09-09 11:24 - 00012288 _____ () C:\Documents and Settings\Raymond Sleet\My Documents\Coin List For.wps
2014-09-06 20:05 - 2014-06-18 07:28 - 00000000 ____D () C:\Documents and Settings\Raymond Sleet\My Documents\5. Netherlands - Berlin - October
2014-09-06 19:54 - 2003-12-19 20:49 - 00000754 ____C () C:\WINDOWS\WORDPAD.INI
2014-09-05 11:48 - 2014-09-05 11:20 - 00013824 _____ () C:\Documents and Settings\Raymond Sleet\My Documents\Tesco 05.09.14.wps
2014-09-01 17:29 - 2009-05-28 08:57 - 00000486 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2014-09-01 17:21 - 2014-09-01 17:21 - 00010240 _____ () C:\Documents and Settings\Raymond Sleet\My Documents\Window Showrooms.wps
2014-09-01 12:02 - 2003-09-04 21:57 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-31 19:05 - 2004-12-23 15:45 - 00000000 ____D () C:\Program Files\Common Files\AOL
2014-08-31 14:46 - 2013-08-09 18:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-08-30 16:03 - 2014-08-05 12:08 - 00000000 ____D () C:\AdwCleaner
2014-08-29 20:52 - 2014-08-16 10:38 - 00000706 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-08-29 20:52 - 2014-08-16 10:38 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-08-27 18:26 - 2002-08-20 13:34 - 00510968 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-27 18:07 - 2014-08-21 19:59 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-27 18:06 - 2002-08-21 10:58 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-08-27 09:20 - 2014-08-27 09:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avg_Update_0814av
2014-08-26 15:40 - 2014-08-25 19:23 - 00030720 _____ () C:\Documents and Settings\Raymond Sleet\My Documents\Tesco 26.08.14.wps
2014-08-25 11:05 - 2014-06-23 08:04 - 00015872 _____ () C:\Documents and Settings\Raymond Sleet\My Documents\Gold & Silver in Stock.xlr
2014-08-25 09:14 - 2014-08-25 09:14 - 00020992 _____ () C:\Documents and Settings\Raymond Sleet\My Documents\Ruggie.wps
2014-08-21 19:58 - 2007-03-04 11:41 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-08-21 19:58 - 2002-08-21 10:58 - 00000000 ____D () C:\Program Files\Adobe
2014-08-21 19:57 - 2006-08-21 12:10 - 00000000 ____D () C:\Documents and Settings\Raymond Sleet\Local Settings\Application Data\Adobe
2014-08-20 11:31 - 2014-08-20 11:31 - 00000000 ____D () C:\Documents and Settings\Raymond Sleet\My Documents\Turbo Lister
2014-08-19 20:04 - 2014-08-19 20:04 - 00014336 _____ () C:\Documents and Settings\Raymond Sleet\My Documents\Tesco 19.08.14.wps
2014-08-17 18:40 - 2014-08-17 18:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avg_Update_0614a
2014-08-16 20:06 - 2007-03-04 11:45 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-08-16 11:39 - 2014-08-16 10:29 - 00000000 ____D () C:\Documents and Settings\Raymond Sleet\Local Settings\Application Data\Avg2014
2014-08-16 11:32 - 2007-03-04 11:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Symantec
2014-08-16 10:42 - 2014-08-16 10:42 - 00000000 ____D () C:\Documents and Settings\Raymond Sleet\Application Data\AVG2014
2014-08-16 10:40 - 2014-08-16 10:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-08-16 10:38 - 2014-08-16 10:38 - 00000000 ____D () C:\Documents and Settings\Raymond Sleet\Application Data\TuneUp Software
2014-08-16 10:36 - 2014-08-16 10:36 - 00000000 ___HD () C:\$AVG
2014-08-16 10:35 - 2014-08-16 10:35 - 00000000 ____D () C:\Program Files\AVG
2014-08-14 07:31 - 2002-08-20 13:31 - 00000000 ____D () C:\WINDOWS\Help
 
Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\ginst_english.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\GsiInst.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\GsiInst.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End Of Log ============================

  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts

Hello Nately,

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Please download Junkware Removal Tool to your desktop.
 

  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

So when you return please post

  • Fixlog.txt
  • JRT.txt
  • also try a search with AOL and tell me if the problem is still there

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP