Jump to content

Police virus (Ukash?) - removal help request


Recommended Posts

Dear Malwarebytes,

I've got an PC infection that takes over the desktop when starting the computer - Windows XP operating system.  I've searched and found that a start point to getting this solved is to get the Farbar recovery scan tool onto the desktop, run the scan and then to post the results of the scan.  I managed to get to the desktop eventually by trying various things - however the result is I've run FRST.exe from the desktop and the result was two text files FRST.txt and Addition.txt which I've posted the result of below.  

 

Can you help me with the next steps?

 

Regards,

Paul

 

Here is FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-04-2014
Ran by Paul (administrator) on HOMEDESKTOP on 12-04-2014 13:39:09
Running from C:\Documents and Settings\Paul\Desktop
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
() C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTsvcCDA.EXE
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
(Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-08-05] (ATI Technologies, Inc.)
HKLM\...\Run: [CTSysVol] - C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe [57344 2003-09-17] (Creative Technology Ltd)
HKLM\...\Run: [P17Helper] - C:\WINDOWS\system32\P17.dll [60928 2004-06-10] ()
HKLM\...\Run: [updReg] - C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [DVDLauncher] - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [53248 2005-02-23] (CyberLink Corp.)
HKLM\...\Run: [RealTray] - C:\Program Files\Real\RealPlayer\RealPlay.exe [26112 2005-10-18] (RealNetworks, Inc.)
HKLM\...\Run: [DMXLauncher] - C:\Program Files\Dell\Media Experience\DMXLauncher.exe [86016 2005-01-27] ()
HKLM\...\Run: [dla] - C:\WINDOWS\system32\dla\tfswctrl.exe [127035 2004-12-06] (Sonic Solutions)
HKLM\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [iSUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1352272 2010-10-29] (Logitech, Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)
HKLM\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [54672 2009-11-25] (OLYMPUS IMAGING CORP.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-06-05] (Apple Inc.)
HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3521464 2012-05-29] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [wltray.exe] - C:\WINDOWS\system32\wltray.exe [696422 2005-01-29] (BT Voyager Corporation)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [vProt] - C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2544664 2014-03-21] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoSimpleStartMenu] 0
HKLM\...\Policies\Explorer: [NoComputersNearMe] 0
HKLM\...\Policies\Explorer: [NoSetTaskBar] 0
HKLM\...\Policies\Explorer: [NoFileMenu] 0
HKLM\...\Policies\Explorer: [NoNetworkConnections] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0x00000000
HKLM\...\Policies\Explorer: [MaxRecentDocs] 0
HKLM\...\Policies\Explorer: [NoNetConnectDisconnect] 0
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 0
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 0x00000000
HKLM\...\Policies\Explorer: [ClearRecentDocsOnExit] 0x00000000
HKLM\...\Policies\Explorer: [NoStartBanner] 0x00000000
HKLM\...\Policies\Explorer: [NoWinKey] 0
HKLM\...\Policies\Explorer: [NoNetConnextDisconnect] 0
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 0
HKLM\...\Policies\Explorer: [NoControlPanle] 0
HKU\.DEFAULT\...\RunOnce: [RunNarrator] - C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
HKU\.DEFAULT\...\Policies\system: [NoAdminPage] 0
HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [306688 2004-07-19] (Gteko Ltd.)
HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95632 2009-11-25] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [KiesHelper] - C:\Program Files\Samsung\Kies\KiesHelper.exe [958392 2012-05-29] (Samsung)
HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-05-29] ()
HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [FBackup Scheduler] - C:\Program Files\Softland\FBackup 4\fbaSched.exe [2532232 2012-09-12] (Softland)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk
ShortcutTarget: Wireless USB 2.0 WLAN Card Utility.lnk -> C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)
Startup: C:\Documents and Settings\Paul\Start Menu\Programs\Startup\vhh47tod.lnk
ShortcutTarget: vhh47tod.lnk -> C:\Documents and Settings\All Users\Application Data\2992199F9A\dot74hhv.cpp (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - (No Name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll No File
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKCU - {D20AAB8B-6887-40DB-B7B7-10600B97623C} URL = http://search.avg.com/?d=4dc19d4b&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: No Name - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll No File
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\ChromeExt\17.3.0.49\avg.crx [2014-01-06]
 
========================== Services (Whitelisted) =================
 
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-11-13] (Oracle Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation)
S4 PRISMSVC; C:\WINDOWS\system32\PRISMSVC.EXE [57344 2004-10-04] (Conexant Systems, Inc.)
R2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-21] (AVG Secure Search)
S2 winmgmt; C:\Documents and Settings\All Users\Application Data\2992199F9A\dot74hhv.cpp [186441 2014-04-11] (Microsoft Corporation)
S2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [876649 2005-01-29] (BT Voyager Corporation)
R2 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2005-10-18] (Windows ® 2000 DDK provider)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42272 2014-03-21] (AVG Technologies)
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
R3 P17; C:\WINDOWS\System32\drivers\P17.sys [840960 2004-06-09] (Creative Technology Ltd.)
R2 PfModNT; C:\WINDOWS\system32\drivers\PfModNT.sys [15840 2003-03-05] (Creative Technology Ltd.)
R1 RapportCerberus_59849; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-10-18] ()
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)
S3 ss_bbus; C:\WINDOWS\System32\DRIVERS\ss_bbus.sys [98432 2010-12-21] (MCCI)
S3 ss_bmdfl; C:\WINDOWS\System32\DRIVERS\ss_bmdfl.sys [14848 2010-12-21] (MCCI Corporation)
S3 ss_bmdm; C:\WINDOWS\System32\DRIVERS\ss_bmdm.sys [123648 2010-12-21] (MCCI Corporation)
S3 ss_bserd; C:\WINDOWS\System32\DRIVERS\ss_bserd.sys [100224 2010-12-21] (MCCI Corporation)
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25883 2004-12-06] (Sonic Solutions)
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34843 2004-12-06] (Sonic Solutions)
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4123 2004-12-06] (Sonic Solutions)
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2239 2004-12-06] (Sonic Solutions)
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86586 2004-12-06] (Sonic Solutions)
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15227 2004-12-06] (Sonic Solutions)
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6363 2004-12-06] (Sonic Solutions)
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98714 2004-12-06] (Sonic Solutions)
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100603 2004-12-06] (Sonic Solutions)
S3 bvrp_pci; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; 
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-12 13:39 - 2014-04-12 13:39 - 00017439 _____ () C:\Documents and Settings\Paul\Desktop\FRST.txt
2014-04-12 13:39 - 2014-04-12 13:39 - 00000000 ____D () C:\FRST
2014-04-12 13:38 - 2014-04-12 12:51 - 02157056 _____ (Farbar) C:\Documents and Settings\Paul\Desktop\FRST64.exe
2014-04-12 13:38 - 2014-04-12 12:49 - 01145856 _____ (Farbar) C:\Documents and Settings\Paul\Desktop\FRST.exe
2014-04-11 16:07 - 2014-04-12 13:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\2992199F9A
2014-04-03 19:21 - 2014-04-03 19:21 - 00000000 ____D () C:\Documents and Settings\Lydia\Local Settings\Application Data\AVG SafeGuard toolbar
2014-03-31 14:23 - 2014-03-31 14:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-03-30 11:06 - 2014-03-30 11:08 - 00528456 _____ () C:\WINDOWS\system32\PerfStringBackup.TMP
 
==================== One Month Modified Files and Folders =======
 
2014-04-12 13:39 - 2014-04-12 13:39 - 00017439 _____ () C:\Documents and Settings\Paul\Desktop\FRST.txt
2014-04-12 13:39 - 2014-04-12 13:39 - 00000000 ____D () C:\FRST
2014-04-12 13:37 - 2004-08-10 13:02 - 01778330 ____H () C:\WINDOWS\WindowsUpdate.log
2014-04-12 13:32 - 2014-04-11 16:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\2992199F9A
2014-04-12 13:31 - 2014-02-05 20:53 - 00000362 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rmv.job
2014-04-12 13:31 - 2014-02-05 20:53 - 00000360 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rel.job
2014-04-12 13:31 - 2013-12-07 11:40 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-12 13:31 - 2004-08-10 13:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-12 13:31 - 2004-08-10 12:59 - 00000049 ____H () C:\WINDOWS\wiaservc.log
2014-04-12 13:23 - 2012-06-12 08:16 - 01262850 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1704726271-934105146-3214749785-1007-0.dat
2014-04-12 13:23 - 2012-06-12 08:16 - 00303514 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-04-12 13:23 - 2004-08-10 13:08 - 00032590 ____H () C:\WINDOWS\SchedLgU.Txt
2014-04-12 13:21 - 2011-02-21 21:39 - 00000178 ___SH () C:\Documents and Settings\Paul\ntuser.ini
2014-04-12 12:56 - 2012-09-06 06:57 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-12 12:53 - 2013-11-29 07:49 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-12 12:51 - 2014-04-12 13:38 - 02157056 _____ (Farbar) C:\Documents and Settings\Paul\Desktop\FRST64.exe
2014-04-12 12:49 - 2014-04-12 13:38 - 01145856 _____ (Farbar) C:\Documents and Settings\Paul\Desktop\FRST.exe
2014-04-12 12:04 - 2011-02-21 22:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-04-11 21:30 - 2013-11-21 08:20 - 00000494 _____ () C:\WINDOWS\Tasks\fba_Outlook Express Backup.job
2014-04-11 21:00 - 2013-11-21 08:19 - 00000478 _____ () C:\WINDOWS\Tasks\fba_General Backup.job
2014-04-11 14:34 - 2011-02-21 23:38 - 00000000 ____D () C:\Documents and Settings\Paul\Application Data\MailWasherFree
2014-04-10 23:43 - 2011-07-17 11:31 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-04-10 23:43 - 2011-02-21 21:39 - 00000000 ____D () C:\Documents and Settings\Paul
2014-04-10 23:32 - 2011-02-21 23:14 - 00000178 ___SH () C:\Documents and Settings\Amanda\ntuser.ini
2014-04-06 22:42 - 2011-02-21 23:14 - 00000000 ____D () C:\Documents and Settings\Amanda
2014-04-05 13:43 - 2011-02-21 22:39 - 00000000 ____D () C:\Documents and Settings\Paul\My Documents\Paul's
2014-04-03 23:22 - 2011-02-21 23:43 - 00000000 ____D () C:\Documents and Settings\Amanda\My Documents\General
2014-04-03 19:27 - 2011-02-21 23:49 - 00000178 ___SH () C:\Documents and Settings\Lydia\ntuser.ini
2014-04-03 19:21 - 2014-04-03 19:21 - 00000000 ____D () C:\Documents and Settings\Lydia\Local Settings\Application Data\AVG SafeGuard toolbar
2014-03-31 14:23 - 2014-03-31 14:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-03-31 14:23 - 2013-09-27 15:29 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-03-30 11:08 - 2014-03-30 11:06 - 00528456 _____ () C:\WINDOWS\system32\PerfStringBackup.TMP
2014-03-29 19:53 - 2004-08-10 12:51 - 00002206 ____H () C:\WINDOWS\system32\wpa.dbl
2014-03-22 07:39 - 2004-08-10 13:01 - 00000000 ___HD () C:\WINDOWS\system32\FxsTmp
2014-03-21 00:30 - 2013-12-09 15:58 - 00042272 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2014-03-21 00:30 - 2013-12-09 15:58 - 00000000 ____D () C:\WINDOWS\system32\cache
2014-03-21 00:30 - 2013-12-09 15:57 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-03-16 17:43 - 2012-02-07 20:40 - 00000000 ____D () C:\Documents and Settings\Amanda\My Documents\My Scans
2014-03-15 12:03 - 2014-02-28 21:55 - 00000000 ____D () C:\Documents and Settings\Paul\My Documents\VW golf
 
Some content of TEMP:
====================
C:\Documents and Settings\Amanda\Local Settings\Temp\uninst.dll
C:\Documents and Settings\Paul\Local Settings\Temp\qhxib.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-04-2014
Ran by Paul at 2014-04-12 13:39:53
Running from C:\Documents and Settings\Paul\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
 
==================== Installed Programs ======================
 
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.7.0.19530 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
AOL You've Got Pictures Screensaver (HKLM\...\AOL YGP Screensaver) (Version:  - )
Apple Application Support (HKLM\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C23CD6DA-1958-43A5-ADD0-59396572E02E}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ARTEuro (HKLM\...\{1D3C662A-F6C6-4767-A788-7AA43A9A1317}) (Version: 1.00.0000 - Dell)
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5160 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.162-050803a2-025672C-Dell - )
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4355 - AVG Technologies)
AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4355 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 18.0.5.292 - AVG Technologies)
Bonjour (HKLM\...\{C2E4B5BD-32DB-4817-A060-341AB17C3F90}) (Version: 2.0.5.0 - Apple Inc.)
BT Voyager Wireless Utility (HKLM\...\{0FD0FF9D-C87C-47C4-AEC5-98C760E783E7}) (Version: 1.00.010 - )
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CoffeeCup Free FTP (HKLM\...\{66F43DBE-6D46-4BCE-831D-0D4C13639BE8}) (Version: 4.4.4 - CoffeeCup Software Inc.)
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
Copy (Version: 130.0.366.000 - Hewlett-Packard) Hidden
Creative MediaSource (HKLM\...\{56F3E1FF-54FE-4384-A153-6CCABA097814}) (Version:  - )
Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
Dell Media Experience (HKLM\...\{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}) (Version: 3.00 - Dell)
Dell Picture Studio v3.0 (HKLM\...\{AF06CAE4-C134-44B1-B699-14FBDB63BD37}) (Version: 3.0.0 - Jasc Software, Inc.)
Dell Support 5.0.0 (630) (HKLM\...\DellSupport) (Version:  - )
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc)
DJ_AIO_06_F4500_SW_MIN (Version: 130.0.406.000 - Hewlett-Packard) Hidden
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
F4500 (Version: 130.0.406.000 - Hewlett-Packard) Hidden
FBackup 4 (HKLM\...\FBackup 4_is1) (Version:  -  Softland)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F4500 Printer Driver Software 13.0 Rel .6 (HKLM\...\{7F08A772-2816-4F46-84F1-49578502AD28}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
hpPrintProjects (Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Intel® PROSet for Wired Connections (HKLM\...\{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}) (Version: 9.20.0000 - Dell)
Internet Explorer Default Page (Version: 1.00.03 - Dell Inc.) Hidden
iTunes (HKLM\...\{D6B5B017-7643-46A5-AC4D-E58A7B4798A0}) (Version: 10.3.0.54 - Apple Inc.)
Jasc Paint Shop Photo Album 5 (HKLM\...\{4192EAC0-6B36-4723-B216-D0E86E7757AC}) (Version: 5.22 - Jasc Software, Inc.)
Jasc Paint Shop Pro Studio, Dell Editon (HKLM\...\{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}) (Version: 1.01.0000 - Jasc Software Inc)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version:  - )
Logitech SetPoint 6.20 (HKLM\...\sp6) (Version: 6.20.64 - Logitech)
MailWasher Free 6.5.2 (HKLM\...\MailWasher Free_is1) (Version:  - FireTrust Limited)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2416447) (HKLM\...\M2416447) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders  (English) 14 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0620 - Microsoft Corporation)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 2.40 - BVRP Software)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyWay Search Assistant (HKLM\...\{E7559288-223B-453C-9F06-340E3BE21E39}) (Version: 1.0.1 - MyWay)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.12 - BVRP Software, Inc)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
OLYMPUS Master 2 (HKLM\...\{45FCADDB-0B29-457E-83A1-D245C62A716C}) (Version: 1.0.6 - OLYMPUS IMAGING CORP.)
PowerDVD 5.5 (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Rapport (Version: 3.5.1304.15 - Trusteer) Hidden
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version:  - )
Safari (HKLM\...\{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}) (Version: 5.33.18.5 - Apple Inc.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12054_19 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.3.2.12054_19 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.5.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.95 - Sonic Solutions)
Sonic MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.1 - Sonic Solutions)
Sonic RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.0 - Sonic Solutions)
Sonic RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.0 - Sonic Solutions)
Sonic RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.0 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Sound Blaster Live! 24-bit (HKLM\...\{CEB481CC-F57C-4397-81A0-DADD22257047}) (Version:  - )
Spell Checker For OE 2.1 (HKLM\...\Spell Checker For OE 2.1) (Version:  - )
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Tiscali Internet (HKLM\...\{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}) (Version: 1.0.0.25 - Tiscali)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
TrueCrypt (HKLM\...\TrueCrypt) (Version: 6.1a - TrueCrypt Foundation)
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1304.15 - Trusteer)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
USB 2.0 Wireless LAN Card Utility (HKLM\...\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}) (Version: 8.1.20 - Dell Inc.)
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version:  - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wanadoo Europe Installer (HKLM\...\{B7AC5A96-C8BC-431C-B661-27A09781DFA8}) (Version: 1.02.008 - Wanadoo)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Backup Utility (HKLM\...\{76EFFC7C-17A6-479D-9E47-8E658C1695AE}) (Version: 5.1 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows PowerShell 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - )
 
==================== Restore Points  =========================
 
Could not list Restore Points. Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
2004-08-10 12:51 - 2013-11-11 22:55 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rel.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rmv.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: C:\WINDOWS\Tasks\fba_General Backup.job => C:\Program Files\Softland\FBackup 4\fbaSchedStarter.exe
Task: C:\WINDOWS\Tasks\fba_Outlook Express Backup.job => C:\Program Files\Softland\FBackup 4\fbaSchedStarter.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-10-18 20:39 - 2013-10-18 20:39 - 01127152 _____ () C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2014-02-05 20:53 - 2014-02-05 20:52 - 02606616 _____ () C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-03-21 00:30 - 2014-03-21 00:30 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
2014-03-21 00:30 - 2014-03-21 00:30 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll
2012-06-27 16:09 - 2012-06-27 16:09 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0CFF5F08
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/12/2014 10:40:23 AM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.75.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/11/2014 03:59:42 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/09/2014 04:58:07 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/07/2014 10:30:32 PM) (Source: Microsoft Office 14) (User: )
Description: EventType officelifeboathang, P1 winword.exe, P2 14.0.4762.1000, P3 ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 officelifeboathang0, P10 officelifeboathang1.
 
Error: (04/05/2014 04:08:48 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/05/2014 03:01:42 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/04/2014 03:10:09 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/03/2014 11:24:29 PM) (Source: Microsoft Office 14) (User: )
Description: EventType officelifeboathang, P1 winword.exe, P2 14.0.4762.1000, P3 ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 officelifeboathang0, P10 officelifeboathang1.
 
Error: (04/03/2014 05:48:15 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (04/03/2014 05:46:46 PM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.
 
 
System errors:
=============
Error: (04/12/2014 01:46:20 PM) (Source: DCOM) (User: HOMEDESKTOP)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.
 
Error: (04/12/2014 01:45:50 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.
 
Error: (04/12/2014 01:45:20 PM) (Source: DCOM) (User: HOMEDESKTOP)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.
 
Error: (04/12/2014 01:44:50 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.
 
Error: (04/12/2014 01:44:20 PM) (Source: DCOM) (User: HOMEDESKTOP)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.
 
Error: (04/12/2014 01:43:50 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.
 
Error: (04/12/2014 01:43:20 PM) (Source: DCOM) (User: HOMEDESKTOP)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.
 
Error: (04/12/2014 01:42:50 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.
 
Error: (04/12/2014 01:42:20 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.
 
Error: (04/12/2014 01:41:50 PM) (Source: DCOM) (User: HOMEDESKTOP)
Description: The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 27%
Total physical RAM: 2046.07 MB
Available physical RAM: 1473.24 MB
Total Pagefile: 3938.52 MB
Available Pagefile: 3439.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.07 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:229.76 GB) (Free:153.23 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive j: () (Removable) (Total:3.89 GB) (Free:2.45 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: D0F4738C)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 5 (Size: 4 GB) (Disk ID: B193A6D3)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
 
 
 

 

Link to post
Share on other sites

Hello Malwarebytes,

I've made some progress with my problem.  I've run Malwarebytes Anti-Malware and got ride of a couple of threats.  On restart there is a .dll file error, but the PC starts without the lockout screen.  I've also run AVG to scan for viruses - nothing found.  I've run FRST.exe again and got one txt file - copied below.

 

Any advice you could offer would be gratefully received. 

 

Regards,

Paul

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-04-2014
Ran by Paul (administrator) on HOMEDESKTOP on 12-04-2014 23:31:24
Running from C:\Documents and Settings\Paul\Desktop
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTsvcCDA.EXE
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
(Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
(Conexant Systems, Inc.) C:\WINDOWS\system32\PRISMSVR.EXE
() C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(Creative Technology Ltd) C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\RealPlay.exe
() C:\Program Files\Dell\Media Experience\DMXLauncher.exe
(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(BT Voyager Corporation) C:\WINDOWS\system32\wltray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
() C:\Program Files\AVG SafeGuard toolbar\vprot.exe
(Gteko Ltd.) C:\Program Files\Dell Support\DSAgnt.exe
() C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Softland) C:\Program Files\Softland\FBackup 4\fbaSched.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(BVRP Software) C:\Program Files\Digital Line Detect\DLG.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Dell Inc.) C:\Program Files\Dell Wireless\PRISMCFG.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-08-05] (ATI Technologies, Inc.)
HKLM\...\Run: [CTSysVol] - C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe [57344 2003-09-17] (Creative Technology Ltd)
HKLM\...\Run: [P17Helper] - C:\WINDOWS\system32\P17.dll [60928 2004-06-10] ()
HKLM\...\Run: [updReg] - C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [DVDLauncher] - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [53248 2005-02-23] (CyberLink Corp.)
HKLM\...\Run: [RealTray] - C:\Program Files\Real\RealPlayer\RealPlay.exe [26112 2005-10-18] (RealNetworks, Inc.)
HKLM\...\Run: [DMXLauncher] - C:\Program Files\Dell\Media Experience\DMXLauncher.exe [86016 2005-01-27] ()
HKLM\...\Run: [dla] - C:\WINDOWS\system32\dla\tfswctrl.exe [127035 2004-12-06] (Sonic Solutions)
HKLM\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [iSUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1352272 2010-10-29] (Logitech, Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)
HKLM\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [54672 2009-11-25] (OLYMPUS IMAGING CORP.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-06-05] (Apple Inc.)
HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3521464 2012-05-29] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [wltray.exe] - C:\WINDOWS\system32\wltray.exe [696422 2005-01-29] (BT Voyager Corporation)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [vProt] - C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2544664 2014-03-21] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoSimpleStartMenu] 0
HKLM\...\Policies\Explorer: [NoComputersNearMe] 0
HKLM\...\Policies\Explorer: [NoSetTaskBar] 0
HKLM\...\Policies\Explorer: [NoFileMenu] 0
HKLM\...\Policies\Explorer: [NoNetworkConnections] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0x00000000
HKLM\...\Policies\Explorer: [MaxRecentDocs] 0
HKLM\...\Policies\Explorer: [NoNetConnectDisconnect] 0
HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 0
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 0x00000000
HKLM\...\Policies\Explorer: [ClearRecentDocsOnExit] 0x00000000
HKLM\...\Policies\Explorer: [NoStartBanner] 0x00000000
HKLM\...\Policies\Explorer: [NoWinKey] 0
HKLM\...\Policies\Explorer: [NoNetConnextDisconnect] 0
HKLM\...\Policies\Explorer: [NoSMConfigurePrograms] 0
HKLM\...\Policies\Explorer: [NoControlPanle] 0
HKU\.DEFAULT\...\RunOnce: [RunNarrator] - C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation)
HKU\.DEFAULT\...\Policies\system: [NoAdminPage] 0
HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [306688 2004-07-19] (Gteko Ltd.)
HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95632 2009-11-25] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [KiesHelper] - C:\Program Files\Samsung\Kies\KiesHelper.exe [958392 2012-05-29] (Samsung)
HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-05-29] ()
HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1704726271-934105146-3214749785-1007\...\Run: [FBackup Scheduler] - C:\Program Files\Softland\FBackup 4\fbaSched.exe [2532232 2012-09-12] (Softland)
HKU\S-1-5-21-1704726271-934105146-3214749785-1008\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [306688 2004-07-19] (Gteko Ltd.)
HKU\S-1-5-21-1704726271-934105146-3214749785-1008\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1704726271-934105146-3214749785-1008\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95632 2009-11-25] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-1704726271-934105146-3214749785-1008\...\Run: [AVG-Secure-Search-Update_1113a] - C:\Documents and Settings\Amanda\Application Data\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=1f4a4ae2700047d68bc4d14acce4e9e6-61470c91c26475264c0397ea84a464d7cb6913ab /CMPID=1113a
HKU\S-1-5-21-1704726271-934105146-3214749785-1008\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe [26112 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1704726271-934105146-3214749785-1009\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [306688 2004-07-19] (Gteko Ltd.)
HKU\S-1-5-21-1704726271-934105146-3214749785-1009\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95632 2009-11-25] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-1704726271-934105146-3214749785-1009\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe [26112 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1704726271-934105146-3214749785-1010\...\Run: [DellSupport] - C:\Program Files\Dell Support\DSAgnt.exe [306688 2004-07-19] (Gteko Ltd.)
HKU\S-1-5-21-1704726271-934105146-3214749785-1010\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKU\S-1-5-21-1704726271-934105146-3214749785-1010\...\Run: [OM2_Monitor] - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95632 2009-11-25] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-1704726271-934105146-3214749785-1010\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-09-06] (Google Inc.)
HKU\S-1-5-21-1704726271-934105146-3214749785-1010\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe [26112 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless USB 2.0 WLAN Card Utility.lnk
ShortcutTarget: Wireless USB 2.0 WLAN Card Utility.lnk -> C:\Program Files\Dell Wireless\PRISMCFG.exe (Dell Inc.)
Startup: C:\Documents and Settings\Paul\Start Menu\Programs\Startup\vhh47tod.lnk
ShortcutTarget: vhh47tod.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\299219~1\dot74hhv.cpp (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - (No Name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll No File
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKCU - {D20AAB8B-6887-40DB-B7B7-10600B97623C} URL = http://search.avg.com/?d=4dc19d4b&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: No Name - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll No File
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Chrome:
=======

CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\ChromeExt\17.3.0.49\avg.crx [2014-01-06]

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-13] (Creative Technology Ltd)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-11-13] (Oracle Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation)
S4 PRISMSVC; C:\WINDOWS\system32\PRISMSVC.EXE [57344 2004-10-04] (Conexant Systems, Inc.)
R2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-21] (AVG Secure Search)
S2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [876649 2005-01-29] (BT Voyager Corporation)
R2 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation)
S2 winmgmt; C:\DOCUME~1\ALLUSE~1\APPLIC~1\2992199F9A\dot74hhv.cpp [X]

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2005-10-18] (Windows ® 2000 DDK provider)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42272 2014-03-21] (AVG Technologies)
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
R3 P17; C:\WINDOWS\System32\drivers\P17.sys [840960 2004-06-09] (Creative Technology Ltd.)
R2 PfModNT; C:\WINDOWS\system32\drivers\PfModNT.sys [15840 2003-03-05] (Creative Technology Ltd.)
R1 RapportCerberus_59849; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-10-18] ()
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)
S3 ss_bbus; C:\WINDOWS\System32\DRIVERS\ss_bbus.sys [98432 2010-12-21] (MCCI)
S3 ss_bmdfl; C:\WINDOWS\System32\DRIVERS\ss_bmdfl.sys [14848 2010-12-21] (MCCI Corporation)
S3 ss_bmdm; C:\WINDOWS\System32\DRIVERS\ss_bmdm.sys [123648 2010-12-21] (MCCI Corporation)
S3 ss_bserd; C:\WINDOWS\System32\DRIVERS\ss_bserd.sys [100224 2010-12-21] (MCCI Corporation)
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25883 2004-12-06] (Sonic Solutions)
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34843 2004-12-06] (Sonic Solutions)
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4123 2004-12-06] (Sonic Solutions)
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2239 2004-12-06] (Sonic Solutions)
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86586 2004-12-06] (Sonic Solutions)
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [15227 2004-12-06] (Sonic Solutions)
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6363 2004-12-06] (Sonic Solutions)
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98714 2004-12-06] (Sonic Solutions)
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100603 2004-12-06] (Sonic Solutions)
S3 bvrp_pci; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr;
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-12 13:39 - 2014-04-12 23:31 - 00021569 _____ () C:\Documents and Settings\Paul\Desktop\FRST.txt
2014-04-12 13:39 - 2014-04-12 23:31 - 00000000 ____D () C:\FRST
2014-04-12 13:39 - 2014-04-12 13:46 - 00024142 _____ () C:\Documents and Settings\Paul\Desktop\Addition.txt
2014-04-12 13:38 - 2014-04-12 12:51 - 02157056 _____ (Farbar) C:\Documents and Settings\Paul\Desktop\FRST64.exe
2014-04-12 13:38 - 2014-04-12 12:49 - 01145856 _____ (Farbar) C:\Documents and Settings\Paul\Desktop\FRST.exe
2014-04-11 16:07 - 2014-04-12 19:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\2992199F9A
2014-04-03 19:21 - 2014-04-03 19:21 - 00000000 ____D () C:\Documents and Settings\Lydia\Local Settings\Application Data\AVG SafeGuard toolbar
2014-03-31 14:23 - 2014-03-31 14:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-03-30 11:06 - 2014-03-30 11:08 - 00528456 _____ () C:\WINDOWS\system32\PerfStringBackup.TMP

==================== One Month Modified Files and Folders =======

2014-04-12 23:31 - 2014-04-12 13:39 - 00021569 _____ () C:\Documents and Settings\Paul\Desktop\FRST.txt
2014-04-12 23:31 - 2014-04-12 13:39 - 00000000 ____D () C:\FRST
2014-04-12 22:56 - 2012-09-06 06:57 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-12 22:53 - 2013-11-29 07:49 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-12 21:18 - 2011-02-21 22:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-04-12 20:56 - 2013-12-07 11:40 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-12 20:35 - 2004-08-10 13:02 - 01791856 ____H () C:\WINDOWS\WindowsUpdate.log
2014-04-12 19:13 - 2014-02-05 20:53 - 00000362 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rmv.job
2014-04-12 19:13 - 2014-02-05 20:53 - 00000360 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rel.job
2014-04-12 19:11 - 2004-08-10 12:59 - 00000049 ____H () C:\WINDOWS\wiaservc.log
2014-04-12 19:10 - 2011-02-15 15:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB951376-v2_0$
2014-04-12 19:10 - 2004-08-10 13:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-12 19:09 - 2012-06-12 08:16 - 01262850 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1704726271-934105146-3214749785-1007-0.dat
2014-04-12 19:09 - 2012-06-12 08:16 - 00303514 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-04-12 19:09 - 2011-02-21 21:39 - 00000178 ___SH () C:\Documents and Settings\Paul\ntuser.ini
2014-04-12 19:09 - 2004-08-10 13:08 - 00032590 ____H () C:\WINDOWS\SchedLgU.Txt
2014-04-12 19:04 - 2014-04-11 16:07 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\2992199F9A
2014-04-12 13:46 - 2014-04-12 13:39 - 00024142 _____ () C:\Documents and Settings\Paul\Desktop\Addition.txt
2014-04-12 12:51 - 2014-04-12 13:38 - 02157056 _____ (Farbar) C:\Documents and Settings\Paul\Desktop\FRST64.exe
2014-04-12 12:49 - 2014-04-12 13:38 - 01145856 _____ (Farbar) C:\Documents and Settings\Paul\Desktop\FRST.exe
2014-04-11 21:30 - 2013-11-21 08:20 - 00000494 _____ () C:\WINDOWS\Tasks\fba_Outlook Express Backup.job
2014-04-11 21:00 - 2013-11-21 08:19 - 00000478 _____ () C:\WINDOWS\Tasks\fba_General Backup.job
2014-04-11 14:34 - 2011-02-21 23:38 - 00000000 ____D () C:\Documents and Settings\Paul\Application Data\MailWasherFree
2014-04-10 23:43 - 2011-07-17 11:31 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-04-10 23:43 - 2011-02-21 21:39 - 00000000 ____D () C:\Documents and Settings\Paul
2014-04-10 23:32 - 2011-02-21 23:14 - 00000178 ___SH () C:\Documents and Settings\Amanda\ntuser.ini
2014-04-06 22:42 - 2011-02-21 23:14 - 00000000 ____D () C:\Documents and Settings\Amanda
2014-04-05 13:43 - 2011-02-21 22:39 - 00000000 ____D () C:\Documents and Settings\Paul\My Documents\Paul's
2014-04-03 23:22 - 2011-02-21 23:43 - 00000000 ____D () C:\Documents and Settings\Amanda\My Documents\General
2014-04-03 19:27 - 2011-02-21 23:49 - 00000178 ___SH () C:\Documents and Settings\Lydia\ntuser.ini
2014-04-03 19:21 - 2014-04-03 19:21 - 00000000 ____D () C:\Documents and Settings\Lydia\Local Settings\Application Data\AVG SafeGuard toolbar
2014-03-31 14:23 - 2014-03-31 14:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-03-31 14:23 - 2013-09-27 15:29 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-03-30 11:08 - 2014-03-30 11:06 - 00528456 _____ () C:\WINDOWS\system32\PerfStringBackup.TMP
2014-03-29 19:53 - 2004-08-10 12:51 - 00002206 ____H () C:\WINDOWS\system32\wpa.dbl
2014-03-22 07:39 - 2004-08-10 13:01 - 00000000 ___HD () C:\WINDOWS\system32\FxsTmp
2014-03-21 00:30 - 2013-12-09 15:58 - 00042272 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2014-03-21 00:30 - 2013-12-09 15:58 - 00000000 ____D () C:\WINDOWS\system32\cache
2014-03-21 00:30 - 2013-12-09 15:57 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-03-16 17:43 - 2012-02-07 20:40 - 00000000 ____D () C:\Documents and Settings\Amanda\My Documents\My Scans
2014-03-15 12:03 - 2014-02-28 21:55 - 00000000 ____D () C:\Documents and Settings\Paul\My Documents\VW golf

Some content of TEMP:
====================
C:\Documents and Settings\Amanda\Local Settings\Temp\uninst.dll

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Link to post
Share on other sites

I've run malwarebytes Anti-Malware again which didn't find anything else.  When I log on I still get a RUNDLL error message which reads:

"Error loading C:\DOCUME~1\ALLUSE~1\APPLIC~1\299219~1\dot74hhv.cpp"

 

Can anyone advise how this can be fixed.  Can anyone tell if there is anything malicious that still needs to be corrected from the FRST.txt file posted above?

 

Regards,

Paul

Link to post
Share on other sites

Hi paul66h

Please follow the directions in the order listed, and don't run any other removal tools other than the instructions provided as it could confuse issues.

 

I managed to get to the desktop eventually by trying various things

 

Please list what actions you already took, what tools you ran to try to resolve this.



Please go to Control Panel's Add or Remove programs and uninstall the following program:
MyWay Search Assistant

 

 

Please download AdwCleaner by Xplode onto your Desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found.  Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner

 

Please download Junkware Removal Tool to your Desktop.

  • Disconnect from the Internet (unplug your connection to your router or modem).
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Restart your security software and reconnect to the Internet.
  • Please post the contents of JRT.txt into your reply.

 

Please scan your system with ESET Online Scanner

  • Click the "Run ESET Online Scanner" button.
    • For browsers other than Internet Explorer such as Firefox, Chrome, or Opera (Microsoft Internet Explorer users can skip this step) another page will open to download the ESET Smart Installer
    • Click on esetsmartinstaller_enu.exe
    • Save it to your desktop, and double-click to run it.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Please post the logs from AdwCleaner, Junkware Removal Tool, ESET Online Scanner, and note any errors encountered and list what other actions/tools you previously ran to try to correct your problem..

Link to post
Share on other sites

Hi TheJoker,

Thanks for your post.

 

The actions I have taken so far:  When the computer started and the lock screen appeared I could briefly get the start button by keying Ctrl+Alt+Delete.  I managed to click on this and started MalwareBytes Anti Malware and got it running.  Problem was that it was running but I couldn't see it even if it was the live window.  I used another computer to work out what key presses to use to start a scan, and then to deal with any threats it might have found.  I couldn't see if there were any threats found, or if I managed to remove them.  I then used AVG to scan for viruses managing to start this from the icons bottom right - again I couldn't see the result.

 

Also when shutting down I managed to stop the computer from shutting down by getting an error using MalwareBytes Anti Malware.  I can't remember the sequence of events I used to achieve this.  This gave me back the desktop as the lock screen had closed.  At this point I downloaded FRST.exe and ran it (having seen this was often requested in other posts I had searched).  I posted (above) the result of the two files it created FRST.txt and addition.txt.

 

Then as I had the desktop back I ran MalwareBytes Anti Malware again - it found two threats which I asked it to remove.    I think it needed the computer to restart to complete the removal.  At this point the computer started without the lock screen.

 

I also ran an AVG scan which didn't find anything.

 

I then ran FRST.exe again and posted (also above) the new FRST.txt file (no addition.txt that time).

 

 

Now I have removed 'MyWay Search Assistant'

 

...and here are the results you asked for:

 

AdwCleaner produced two files, AdwCleaner[R0] and Adwcleaner[s0].  I've copied both below in that order:

 

# AdwCleaner v3.023 - Report created 13/04/2014 at 16:08:36
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Paul - HOMEDESKTOP
# Running from : C:\Documents and Settings\Paul\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Lydia\Start Menu\Programs\iLivid.lnk
Folder Found C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
Folder Found C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Found C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found C:\Documents and Settings\Amanda\Application Data\AVG SafeGuard toolbar
Folder Found C:\Documents and Settings\Amanda\Local Settings\Application Data\AVG SafeGuard toolbar
Folder Found C:\Documents and Settings\Lydia\Application Data\AVG SafeGuard toolbar
Folder Found C:\Documents and Settings\Lydia\Local Settings\Application Data\AVG SafeGuard toolbar
Folder Found C:\Documents and Settings\Lydia\Local Settings\Application Data\iLivid
Folder Found C:\Documents and Settings\Paul\Application Data\AVG SafeGuard toolbar
Folder Found C:\Documents and Settings\Paul\Application Data\iWin
Folder Found C:\Documents and Settings\Paul\Local Settings\Application Data\AVG SafeGuard toolbar
Folder Found C:\Documents and Settings\Paul\Start Menu\Programs\Free Ride Games
Folder Found C:\Program Files\AVG SafeGuard toolbar
Folder Found C:\Program Files\Common Files\AVG Secure Search
Folder Found C:\Program Files\Viewpoint

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\MyWaySA
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Viewpoint
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Google Chrome v

[ File : C:\Documents and Settings\Paul\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [8953 octets] - [13/04/2014 16:08:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9013 octets] ##########

 

 

 

 

 

# AdwCleaner v3.023 - Report created 13/04/2014 at 16:31:33
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Paul - HOMEDESKTOP
# Running from : C:\Documents and Settings\Paul\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[!] Folder Deleted : C:\Documents and Settings\Paul\Local Settings\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Paul\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Paul\Application Data\iWin
Folder Deleted : C:\Documents and Settings\Paul\Start Menu\Programs\Free Ride Games
Folder Deleted : C:\Documents and Settings\Amanda\Local Settings\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Amanda\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Lydia\Local Settings\Application Data\AVG SafeGuard toolbar
Folder Deleted : C:\Documents and Settings\Lydia\Local Settings\Application Data\iLivid
Folder Deleted : C:\Documents and Settings\Lydia\Application Data\AVG SafeGuard toolbar
File Deleted : C:\Documents and Settings\Lydia\Start Menu\Programs\iLivid.lnk

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\MyWaySA
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

*************************

AdwCleaner[R0].txt - [9093 octets] - [13/04/2014 16:08:36]
AdwCleaner[s0].txt - [9106 octets] - [13/04/2014 16:31:33]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [9166 octets] ##########

 

 

 

Here is JRT.txt

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Paul on 13/04/2014 at 17:29:11.07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D20AAB8B-6887-40DB-B7B7-10600B97623C}

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/04/2014 at 17:42:48.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

ESET found no threats having scanned 280051 files.  There was no option to list threats or to export.

 

 

Thanks very much for you help so far.

 

Best regards,

Paul

Link to post
Share on other sites

Download Security Check by screen317 from http://search.avg.co...23&tp=chrome&q={searchTerms}&lng={language}&nt=1
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: No Name - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll No File
HO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\ChromeExt\17.3.0.49\avg.crx [2014-01-06]
S3 bvrp_pci; No ImagePath
U3 TlntSvr;
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
2014-04-11 16:07 - 2014-04-12 19:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\2992199F9A
2014-04-12 13:31 - 2014-02-05 20:53 - 00000362 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rmv.job
2014-04-12 13:31 - 2014-02-05 20:53 - 00000360 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rel.job
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0CFF5F08

end

 

Save the file as fixlist.txt in to the same folder as FRST
Run FRST.exe and click Fix only once and wait
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will create a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Check all the boxes.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 

Please post the logs from Security Check (checkup.txt), Farbar Recovery Scan Tool (Fixlog.txt) and Farbar Service Scanner (FSS.txt), and note any errors encountered.

Link to post
Share on other sites

Here are the logs from Security Check (checkup.txt), Farbar Recovery Scan Tool (Fixlog.txt) and Farbar Service Scanner (FSS.txt).

 

I encounted one error when running the Security Check. 

 

The title of the pop up box was:

"Autolt Error"

and in the pop up was:

Line -1:

followed by:

Error: Variable must be of type "Object".

I clicked OK in the pop up box and the Security Check appeared to continue and prodiced the log file.

 

 

 

Here is checkup.txt

 

 

 

 

 Results of screen317's Security Check version 0.99.81 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 AVG 2014    
 ESET Online Scanner v3  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 7 Update 45 
 Java version out of Date!
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````

 

 

 

 

 

Here is Fixlog.txt

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-04-2014
Ran by Paul at 2014-04-14 20:22:48 Run:1
Running from C:\Documents and Settings\Paul\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Quote
start

Startup: C:\Documents and Settings\Paul\Start Menu\Programs\Startup\vhh47tod.lnk
ShortcutTarget: vhh47tod.lnk -> C:\Documents and Settings\All Users\Application Data\2992199F9A\dot74hhv.cpp (Microsoft Corporation)
S2 winmgmt; C:\Documents and Settings\All Users\Application Data\2992199F9A\dot74hhv.cpp [186441 2014-04-11] (Microsoft Corporation)
Startup: C:\Documents and Settings\Paul\Start Menu\Programs\Startup\vhh47tod.lnk
ShortcutTarget: vhh47tod.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\299219~1\dot74hhv.cpp (No File)
S2 winmgmt; C:\DOCUME~1\ALLUSE~1\APPLIC~1\2992199F9A\dot74hhv.cpp [X]
URLSearchHook: HKCU - (No Name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll No File
SearchScopes: HKCU - {D20AAB8B-6887-40DB-B7B7-10600B97623C} URL = http://search.avg.co...{language}&nt=1
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: No Name - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll No File
HO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\ChromeExt\17.3.0.49\avg.crx [2014-01-06]
S3 bvrp_pci; No ImagePath
U3 TlntSvr;
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
2014-04-11 16:07 - 2014-04-12 19:04 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\2992199F9A
2014-04-12 13:31 - 2014-02-05 20:53 - 00000362 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rmv.job
2014-04-12 13:31 - 2014-02-05 20:53 - 00000360 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rel.job
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0CFF5F08

end

*****************

C:\Documents and Settings\Paul\Start Menu\Programs\Startup\vhh47tod.lnk => Moved successfully.
C:\Documents and Settings\All Users\Application Data\2992199F9A\dot74hhv.cpp not found.
winmgmt => Service restored successfully.
C:\Documents and Settings\Paul\Start Menu\Programs\Startup\vhh47tod.lnk not found.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\299219~1\dot74hhv.cpp not found.
winmgmt => Service restored successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{4D25F926-B9FE-4682-BF72-8AB8210D6D75} => Value not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D20AAB8B-6887-40DB-B7B7-10600B97623C} => Key not found.
HKCR\Wow6432Node\CLSID\{D20AAB8B-6887-40DB-B7B7-10600B97623C} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} => Key not found.
HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
HKCR\PROTOCOLS\Handler\linkscanner => Key deleted successfully.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key deleted successfully.
HKCR\PROTOCOLS\Handler\viprotocol => Key not found.
HKCR\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => Key not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof => Key not found.
"C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\ChromeExt\17.3.0.49\avg.crx" => File/Directory not found.
bvrp_pci => Service deleted successfully.
TlntSvr => Service deleted successfully.
wanatw => Service deleted successfully.
C:\Documents and Settings\All Users\Application Data\2992199F9A => Moved successfully.
C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rmv.job => Moved successfully.
C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0214b_rel.job => Moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":0CFF5F08" ADS removed successfully.

The system needed a reboot.

==== End of Fixlog ====

 

 

 

 

Here is FSS.txt

 

Farbar Service Scanner Version: 25-02-2014
Ran by Paul (administrator) on 14-04-2014 at 20:30:31
Running from "C:\Documents and Settings\Paul\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2004-08-10 12:50] - [2008-10-16 15:43] - 0138496 ___AH (Microsoft Corporation) 7618D5218F2A614672EC61A80D854A37

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x09000000040000000100000002000000030000000900000005000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

 

 

When the computer restarted during the reboot there was no DLL error message.

 

Once again thanks for your help.

Paul

Link to post
Share on other sites

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:
http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).
Please go here to see a list of programs that need to be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**
**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

 

Your Java version is outdated and vulnerable.
Please go to Start > Control Panel > Programs and Features, and uninstall the following:
Java 7 Update 45
 
Next, because Java has had so many vulnerabilities, if you don't have a program that requires Java, or a web site you visit that requires it, I recommend leaving it uninstalled. Your system will be more secure. If you decide to reinstall, or find that a program or website requires it, you can download the latest version from here:
http://java.com/en/download/manual.jsp
If you reinstall it because a program requires Java, you can increase your security by going to the Java Control Panel (Start > Control Panel > Java), selecting the Security tab, and Unchecking "Enable Java content in the browser".

 

Please post the log from ComboFix at C:\ComboFix.txt, and note any errors encountered.

Link to post
Share on other sites

I followed all your instruction and didn't encounter any errors.

 

Here is the Combofix.txt log file:

 

ComboFix 14-04-12.01 - Paul 15/04/2014  20:41:16.4.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1384 [GMT 1:00]
Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Paul\LOCALS~1\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Paul\Local Settings\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\192ecc15269d783a.fb
c:\windows\system32\Cache\1d6d69772083fc7c.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\237bc3559711a902.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\5924fd01e764774f.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\e8bf9bd4dabc0613.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-15 to 2014-04-15  )))))))))))))))))))))))))))))))
.
.
2014-04-13 16:48 . 2014-04-13 16:48 -------- d-----w- c:\program files\ESET
2014-04-13 16:29 . 2014-04-13 16:29 -------- d-----w- c:\windows\ERUNT
2014-04-13 15:08 . 2014-04-13 15:33 -------- d-----w- C:\AdwCleaner
2014-04-12 12:39 . 2014-04-14 19:22 -------- d-----w- C:\FRST
2014-03-30 10:06 . 2014-03-30 10:08 528456 ----a-w- c:\windows\system32\PerfStringBackup.TMP
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-20 23:30 . 2013-12-09 14:58 42272 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-03-11 17:53 . 2012-03-30 05:35 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-11 17:53 . 2011-05-13 19:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-19 21:46 . 2011-12-23 12:32 22808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-05-29 958392]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-29 21432]
"FBackup Scheduler"="c:\program files\Softland\FBackup 4\fbaSched.exe" [2012-09-12 2532232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"P17Helper"="P17.dll" [2004-06-10 60928]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-10-18 26112]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-25 54672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-05 421160]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-05-29 3521464]
"wltray.exe"="c:\windows\system32\wltray.exe" [2005-01-29 696422]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-03-19 4971024]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-10-18 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe /START [2005-10-18 917611]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoAdminPage"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
"NoChangeStartMenu"= 00000000
"MaxRecentDocs"= 0 (0x0)
"NoWinKey"= 0 (0x0)
"NoNetConnextDisconnect"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoControlPanle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 04:50 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 04:46 222520]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 04:48 27448]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [25/10/2013 03:34 108816]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [01/08/2013 16:06 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 13:32 210712]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 13:32 22808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08/12/2010 05:12 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12/11/2010 14:19 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [09/12/2013 15:58 42272]
R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [18/10/2013 20:39 340432]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [25/10/2013 03:34 157264]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [25/10/2013 03:34 230448]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [23/02/2014 22:22 3782672]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [24/09/2013 02:33 348008]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [15/02/2011 21:56 10448]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [25/10/2013 03:34 1444120]
S2 vToolbarUpdater18.0.5;vToolbarUpdater18.0.5;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [?]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [12/06/2012 07:51 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [12/06/2012 07:51 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [12/06/2012 07:51 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [12/06/2012 07:51 100224]
S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [18/10/2005 09:12 57344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ    HPSLPSVC
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:53]
.
2014-04-11 c:\windows\Tasks\fba_General Backup.job
- c:\program files\Softland\FBackup 4\fbaSchedStarter.exe [2012-09-14 16:25]
.
2014-04-11 c:\windows\Tasks\fba_Outlook Express Backup.job
- c:\program files\Softland\FBackup 4\fbaSchedStarter.exe [2012-09-14 16:25]
.
2014-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-06 05:57]
.
2014-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-06 05:57]
.
.
------- Supplementary Scan -------
.

uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-15 21:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(4340)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\PRISMSVR.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\Rundll32.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Dell Wireless\PRISMCFG.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2014-04-15  21:13:51 - machine was rebooted
ComboFix-quarantined-files.txt  2014-04-15 20:13
.
Pre-Run: 168,636,637,184 bytes free
Post-Run: 169,269,506,048 bytes free
.
- - End Of File - - A082FFEA846D6626B8592E761A05E45C
A03E065717CB65F3034AD33AD58B6BBA
 

 

Regards,

Paul

Link to post
Share on other sites

We need to make sure you have the most recent version of ComboFix.
Delete your current copy of ComboFix.exe.
Download ComboFix© by sUBs from this link:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Save the file to your Desktop.
Close any open browsers.
Close your AntiVirus and any anti-spyware programs you may be running.
For this next step, please ensure that ComboFix.exe is on your desktop:

Please open Notepad *Do Not Use Wordpad!* (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt" and change the "Save as type" to "All Files" and place it on your desktop.
 

Driver::
vToolbarUpdater18.0.5

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe

 

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that log in your next reply and note any errors encountered.

 

Link to post
Share on other sites

I followed your instruction, didn't get any errors.

 

Here is the ComboFix.txt log file:

 

ComboFix 14-04-12.01 - Paul 16/04/2014   6:59.5.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1244 [GMT 1:00]
Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Paul\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Paul\LOCALS~1\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\documents and settings\Paul\Local Settings\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_VTOOLBARUPDATER18.0.5
-------\Service_vToolbarUpdater18.0.5
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-16 to 2014-04-16  )))))))))))))))))))))))))))))))
.
.
2014-04-13 16:48 . 2014-04-13 16:48 -------- d-----w- c:\program files\ESET
2014-04-13 16:29 . 2014-04-13 16:29 -------- d-----w- c:\windows\ERUNT
2014-04-13 15:08 . 2014-04-13 15:33 -------- d-----w- C:\AdwCleaner
2014-04-12 12:39 . 2014-04-14 19:22 -------- d-----w- C:\FRST
2014-03-30 10:06 . 2014-03-30 10:08 528456 ----a-w- c:\windows\system32\PerfStringBackup.TMP
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-20 23:30 . 2013-12-09 14:58 42272 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-03-11 17:53 . 2012-03-30 05:35 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-11 17:53 . 2011-05-13 19:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-19 21:46 . 2011-12-23 12:32 22808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-05-29 958392]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-29 21432]
"FBackup Scheduler"="c:\program files\Softland\FBackup 4\fbaSched.exe" [2012-09-12 2532232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"P17Helper"="P17.dll" [2004-06-10 60928]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-10-18 26112]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-25 54672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-05 421160]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-05-29 3521464]
"wltray.exe"="c:\windows\system32\wltray.exe" [2005-01-29 696422]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-03-19 4971024]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-10-18 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Wireless USB 2.0 WLAN Card Utility.lnk - c:\program files\Dell Wireless\PRISMCFG.exe /START [2005-10-18 917611]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoAdminPage"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
"NoChangeStartMenu"= 00000000
"MaxRecentDocs"= 0 (0x0)
"NoWinKey"= 0 (0x0)
"NoNetConnextDisconnect"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoControlPanle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 04:50 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 04:46 222520]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 04:48 27448]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [25/10/2013 03:34 108816]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [01/08/2013 16:06 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 13:32 210712]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 13:32 22808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08/12/2010 05:12 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12/11/2010 14:19 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [09/12/2013 15:58 42272]
R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [18/10/2013 20:39 340432]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [25/10/2013 03:34 157264]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [25/10/2013 03:34 230448]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [23/02/2014 22:22 3782672]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [24/09/2013 02:33 348008]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [15/02/2011 21:56 10448]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [25/10/2013 03:34 1444120]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [12/06/2012 07:51 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [12/06/2012 07:51 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [12/06/2012 07:51 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [12/06/2012 07:51 100224]
S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [18/10/2005 09:12 57344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ    HPSLPSVC
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:53]
.
2014-04-11 c:\windows\Tasks\fba_General Backup.job
- c:\program files\Softland\FBackup 4\fbaSchedStarter.exe [2012-09-14 16:25]
.
2014-04-11 c:\windows\Tasks\fba_Outlook Express Backup.job
- c:\program files\Softland\FBackup 4\fbaSchedStarter.exe [2012-09-14 16:25]
.
2014-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-06 05:57]
.
2014-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-06 05:57]
.
.
------- Supplementary Scan -------
.

uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-16 07:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(864)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(3452)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\PRISMSVR.EXE
c:\windows\system32\Rundll32.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Dell Wireless\PRISMCFG.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2014-04-16  07:22:21 - machine was rebooted
ComboFix-quarantined-files.txt  2014-04-16 06:22
ComboFix2.txt  2014-04-15 20:13
.
Pre-Run: 169,355,567,104 bytes free
Post-Run: 169,245,585,408 bytes free
.
- - End Of File - - A648D83516519D33B9252495E13004B9
A03E065717CB65F3034AD33AD58B6BBA
 

 

Best regards,

Paul

Link to post
Share on other sites

OK, everything looks good. :)

Go to start > run and copy and paste the next command in the field:
ComboFix /uninstall

Make sure there's a space between ComboFix and /
Then hit Enter.
This will uninstall ComboFix, implement some cleanup procedures, and reset System Restore points.

You can now delete some of the other utilities that were used to clean the system, and any logs they created:
Farbar Recovery Scan Tool
AdwCleaner
(run the program and click Uninstall)
Junkware Removal Tool
Security Check
Fixlog.txt

 

Using Windows Explorer, delete the following folder:

C:\FRST

 

Your version of Windows (XP) is no longer supported by Microsoft. As time goes on and more vulnerabilities are identified that Microsoft will no longer fix, your system will become less secure. I highly recommend that you consider upgrading your operating system to Windows 7 if it's capable of being upgraded. You can download and run the Windows 7 Upgrade Advisor to see if your PC is ready for Windows 7.
 

To help keep malware off your system:

  • Keep Windows updated at Windows Update or Microsoft Update.
  • Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.
  • Run a program like Secunia Online Software Inspector or FileHippo Update Checker to see what programs need to be updated.
  • Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.
  • Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
  • Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
  • Don't click on links received in instant message programs.
  • In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons.
  • A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/winhelp2002/hosts.htm
  • A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at http://www.javacoolsoftware.com/products.html
  • I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://www.spywareinfoforum.com/index.php?showtopic=60955

Does your problem appear resolved?

 

 

Link to post
Share on other sites

Hi,

Yes it looks like the problem is resolved.  Thanks very much for guiding me through all the various clean up tools.

 

I've downloaded Firefox and I'm using this now.  I'll have a look to see if this computer could be upgraded to Windows 7.

 

Once again thank you for all you help and advice.

 

Best regards,
Paul

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.