Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Help... My Dell Computer is Infected! [Solved]


  • This topic is locked This topic is locked
57 replies to this topic

#16 Bally

Bally

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 10 August 2014 - 04:33 PM

Ken, don't know what's happened to my wife's computer, but I can't even get on ANY internet page, or my mailbox... every attemp to get on the internet pulls-up a page that say's THIS PAGE IS NOT AVAILABLE (Choices) RELOAD or MORE, apparently, have lost proxy setting whatever that means?

 

This mofo is tiring me out!


    Advertisements

Register to Remove


#17 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 August 2014 - 05:02 PM

Try This

 

You might have to use your other computer to download this program and then transfer by disk to this infected one

 

Download MiniToolBox and save it to your desktop and run it.
 
Checkmark the following checkboxes: 
Flush DNS 
Report IE Proxy Settings 
Reset IE Proxy Settings 
 
Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.
 
 
 
 
 
 
 
=============================================================
 
You already have FRST ,  run this fix
 

Open notepad (Start =>All Programs => Accessories => Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to the same directory as frst.exe (or frst64.exe) as fixlist.txt. (it has to be right next to FRST/64)
 
Start
Hosts:
End
 

 

 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
Then open FRST64 and click on fix
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#18 Bally

Bally

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 10 August 2014 - 05:14 PM

Ken, I don't quite understand? ... as stated I can not access any webpage on Mary's computer! And I have dwnld. MiniToolBox file onto my computer desktop; now, do you want me to RUN the program on my computer first, or copy to disk and transfer it to Mary's computer? 



#19 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 August 2014 - 05:17 PM

No reason to run it on your computer, what i meant was if you cant access the internet on the infected computer than download MiniTool box to the clean one, then transfer the program by disk ( USB Drive ) to the infected one and run it on the infected one



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#20 Bally

Bally

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 10 August 2014 - 05:43 PM

Ken, here is contents of the MiniTookBox file titled: RESULT, after running the prgm.. Still can't access internet?

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by MARY (administrator) on 11-08-2014 at 01:35:16
Running from "E:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
**** End of log ****


#21 Bally

Bally

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 10 August 2014 - 05:53 PM

Ken, I ran the program from the flash drive (USB), or am I to transfer it to the desktop of Mary's computer and run it from her HDD?



#22 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 August 2014 - 08:18 PM

No reason to run it on your computer, what i meant was if you cant access the internet on the infected computer than download MiniTool box to the clean one, then transfer the program by disk ( USB Drive ) to the infected one and run it on the infected one



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#23 Bally

Bally

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 11 August 2014 - 03:40 AM

Ken... I think this is what you're looking for. Was too tired and frustrated to continue last night. I am in Sweden, my time zone is CET (Central European Time) being +9 hours ahead of California (PST), however, don't know what time zone your located?

 

Don't know if I should wait for your reply, or attempt to signon to the internet? ... think I'll wait, as I don't want to screw this up!

 

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:8-08-2014
Ran by MARY at 2014-08-11 11:25:50 Run:1
Running from C:\Documents and Settings\MARY.MJABROAD\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
Start
Hosts:
End
*****************
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
 
==== End of Fixlog ====


#24 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 11 August 2014 - 03:46 AM

Curt, I am on EST

 

I am sure you have rebooted your computer lately, if you have not done so reboot it and it may fix this problem, then try the internet



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#25 Bally

Bally

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 11 August 2014 - 04:00 AM

Ken... w/o rebooting I am on the internet. Whew!!! ... thx. so much for getting me out of this mess... now where were we with getting this Dell working? ... the last program we ran before internet problem was "MalBytes Anti-Mal", which had identified 21 problems, as I recall, and you wanted me to attempt to run ComboFix, but it stalled-out as before. Awaiting instructions?

 

This is being sent from Mary's computer.


    Advertisements

Register to Remove


#26 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 11 August 2014 - 04:06 AM

Lets see if this will run, you need the 32 bit version

 

--RogueKiller--
 
  •  
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  •  For Vista or Windows 7,  right-click and select "Run as  Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
 


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#27 Bally

Bally

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 11 August 2014 - 06:20 AM

Ken, scan finished... have left the pgrm. open in-case you want me to delete items within the various tabs?

 

RKreport

 

RogueKiller V9.2.6.0 [Jul 11 2014] by Adlice Software
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : MARY [Admin rights]
Mode : Scan -- Date : 08/11/2014  14:13:30
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 8 ¤¤¤
[PUM.Https] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0  -> FOUND
[PUM.Https] HKEY_USERS\S-1-5-21-746137067-2146843231-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0  -> FOUND
[PUM.Policies] HKEY_USERS\S-1-5-21-746137067-2146843231-725345543-1010\Software\Microsoft\Windows\CurrentVersion\Policies\System | disableregistrytools : 0  -> FOUND
[PUM.Policies] HKEY_USERS\S-1-5-21-746137067-2146843231-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Desktop] HKEY_USERS\S-1-5-21-746137067-2146843231-725345543-500\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallPaper : 0  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.WallPaper] HKEY_USERS\S-1-5-21-746137067-2146843231-725345543-500\Control Panel\Desktop | Wallpaper : C:\WINDOWS\Web\Wallpaper\Bliss.bmp  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 4 (Driver: LOADED) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtEnumerateKey[71] : C:\WINDOWS\system32\drivers\avgtpx86.sys @ 0xf86f9342
[SSDT:Addr(Hook.SSDT)] NtEnumerateValueKey[73] : C:\WINDOWS\system32\drivers\avgtpx86.sys @ 0xf86f93f2
[SSDT:Addr(Hook.SSDT)] NtQueryValueKey[177] : C:\WINDOWS\system32\drivers\avgtpx86.sys @ 0xf86f922a
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP1T0L0-e : \Driver\Imapi @ Unknown (\SystemRoot\system32\DRIVERS\serial.sys)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST380011A +++++
--- User ---
[MBR] 74277111d63c138023b91fbea70231a1
[BSP] 287b11756ce79e9448e956bc13329707 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 80325 | Size: 73171 MB
2 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 149934645 | Size: 3074 MB
User = LL1 ... OK
User = LL2 ... OK
 
-END-


#28 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 11 August 2014 - 06:37 AM

Curt, go ahead and click on Delete, then reboot your computer and run a new scan with FRST



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#29 Bally

Bally

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 11 August 2014 - 07:54 AM

Ken... I checked ALL the boxes shown under the various tabs of RogueKiller, except for one tab that had no boxes to check? The results: some showed as deleted, some as replaced, and some as error! Another strange thing happened... Mary's desktop pic was replaced with one I hadn't seen in years?

 

With the FRST program I incl. the Addition file just in-case you forgot to ask for it? Mary's computer seems to be running a bit faster, but not yet to speed.

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-08-2014 01
Ran by MARY (administrator) on MJABROAD on 11-08-2014 15:38:56
Running from C:\Documents and Settings\MARY.MJABROAD\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXBCES.EXE
(Lexmark International, Inc.) C:\WINDOWS\system32\LEXPPS.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgfws.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.8\ToolbarUpdater.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.8\loggingserver.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\S-1-5-21-746137067-2146843231-725345543-500\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-746137067-2146843231-725345543-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-746137067-2146843231-725345543-500\...\Run: [Google Update] => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2013-03-08] (Google Inc.)
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Internet Explorer.lnk
ShortcutTarget: Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\dlbcserv.lnk
ShortcutTarget: dlbcserv.lnk -> C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\dlbcserv.lnk
ShortcutTarget: dlbcserv.lnk -> C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={6AFDFF64-BDD0-4394-B7BF-0EE3822E91F6}&mid=950fddbc12eb47d2bd48d15a668f715c-07ebd5bbc5ce97c161dcff7c16f8330584c5af18&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-08-08 17:40:07&v=18.1.8.643&pid=avg&sg=&sap=dsp&q={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} https://www.windowso...nSSWebAgent.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} https://support.micr...ActiveX/odc.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by107fd.bay10...es/MsnPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase8300.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.8\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.8\\npsitesafety.dll No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 -> C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-31]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-02-24]
 
Chrome: 
=======
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-11]
CHR Extension: (Skype Click to Call) - C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-11]
CHR Extension: (Google Wallet) - C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-11]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation) [File not signed]
R2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1417160 2014-07-10] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3244048 2014-07-10] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-07-10] (AVG Technologies CZ, s.r.o.)
R2 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation) [File not signed]
S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation) [File not signed]
S3 COMSysApp; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R2 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.) [File not signed]
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) [File not signed]
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation) [File not signed]
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2012-02-24] (Sun Microsystems, Inc.)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [311296 2004-03-04] (Lexmark International, Inc.)
R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation) [File not signed]
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation) [File not signed]
R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation) [File not signed]
S4 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2004-08-04] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation) [File not signed]
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Skype C2C Service; C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SwPrv; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1858360 2014-07-14] (AVG)
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) [File not signed]
R2 vToolbarUpdater18.1.8; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.8\ToolbarUpdater.exe [1813528 2014-08-08] (AVG Secure Search)
R2 W32Time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation) [File not signed]
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation) [File not signed]
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation) [File not signed]
S4 ACPIEC; C:\WINDOWS\system32\Drivers\ACPIEC.sys [11648 2004-08-04] (Microsoft Corporation) [File not signed]
S3 aec; C:\WINDOWS\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) [File not signed]
S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation) [File not signed]
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation) [File not signed]
R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R3 Avgfwdx; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
S3 Avgfwfd; C:\WINDOWS\System32\DRIVERS\avgfwdx.sys [30944 2012-01-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [190232 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-08-08] (AVG Technologies)
R1 Beep; C:\WINDOWS\system32\Drivers\Beep.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
S4 cbidf2k; C:\WINDOWS\system32\Drivers\cbidf2k.sys [13952 2004-08-04] (Microsoft Corporation) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) [File not signed]
S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2004-08-04] (Microsoft Corporation) [File not signed]
R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation) [File not signed]
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2005-03-22] (Adaptec, Inc.) [File not signed]
R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmio; C:\WINDOWS\System32\drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmload; C:\WINDOWS\System32\drivers\dmload.sys [5888 2004-08-04] (Microsoft Corp., Veritas Software.) [File not signed]
S3 DMusic; C:\WINDOWS\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\WINDOWS\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation) [File not signed]
S4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Fdc; C:\WINDOWS\System32\DRIVERS\fdc.sys [27392 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation) [File not signed]
S1 Flpydisk; C:\WINDOWS\system32\Drivers\Flpydisk.sys [20480 2008-04-13] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2004-08-04] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation) [File not signed]
R3 hidusb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation) [File not signed]
S1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation) [File not signed]
R0 IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation) [File not signed]
R1 intelppm; C:\WINDOWS\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Ip6Fw; C:\WINDOWS\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation) [File not signed]
R2 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2004-08-04] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation) [File not signed]
R1 kbdhid; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
R3 kmixer; C:\WINDOWS\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-11] (Malwarebytes Corporation)
R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
S3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12160 2004-08-04] (Microsoft Corporation) [File not signed]
R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Msfs; C:\WINDOWS\system32\Drivers\Msfs.sys [19072 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\WINDOWS\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\WINDOWS\System32\drivers\MSTEE.sys [5504 2008-04-13] (Microsoft Corporation) [File not signed]
S3 NABTSFEC; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation) [File not signed]
R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2004-08-04] (Microsoft Corporation) [File not signed]
S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2004-08-04] (Microsoft Corporation) [File not signed]
S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Parport; C:\WINDOWS\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation) [File not signed]
R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation) [File not signed]
R2 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2004-08-04] (Microsoft Corporation) [File not signed]
R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\WINDOWS\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation) [File not signed]
S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [120192 2008-04-13] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation) [File not signed]
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2004-08-04] (Parallel Technologies, Inc.) [File not signed]
R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2004-08-04] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2004-08-04] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2004-08-04] (Microsoft Corporation) [File not signed]
R3 rdpdr; C:\WINDOWS\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation) [File not signed]
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation) [File not signed]
R3 serenum; C:\WINDOWS\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Serial; C:\WINDOWS\System32\DRIVERS\serial.sys [64512 2008-04-13] (Microsoft Corporation) [File not signed]
S1 Sfloppy; C:\WINDOWS\system32\Drivers\Sfloppy.sys [11392 2008-04-13] (Microsoft Corporation) [File not signed]
S3 SLIP; C:\WINDOWS\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation) [File not signed]
S3 splitter; C:\WINDOWS\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation) [File not signed]
S3 streamip; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation) [File not signed]
R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation) [File not signed]
S3 swmidi; C:\WINDOWS\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation) [File not signed]
R3 sysaudio; C:\WINDOWS\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation) [File not signed]
R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [12320 2014-06-23] (TuneUp Software)
S4 Udfs; C:\WINDOWS\system32\Drivers\Udfs.sys [66048 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\WINDOWS\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation) [File not signed]
R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2014-08-09] (Microsoft Corporation) [File not signed]
R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation) [File not signed]
R3 wdmaud; C:\WINDOWS\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation) [File not signed]
R1 WS2IFSL; C:\WINDOWS\System32\drivers\ws2ifsl.sys [12032 2004-08-04] (Microsoft Corporation) [File not signed]
S3 WSTCODEC; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation) [File not signed]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) [File not signed]
S3 ZSMC301b; System32\Drivers\usbVM31b.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-11 15:38 - 2014-08-11 15:41 - 00033711 _____ () C:\Documents and Settings\MARY.MJABROAD\Desktop\FRST.txt
2014-08-11 15:38 - 2014-08-11 15:38 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Desktop\FRST-OlderVersion
2014-08-11 14:15 - 2014-08-11 14:15 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Application Data\Macromedia
2014-08-11 12:19 - 2014-08-11 12:19 - 00029160 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-08-11 12:18 - 2014-08-11 12:19 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\RogueKiller
2014-08-11 12:18 - 2014-08-11 12:19 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\RogueKiller
2014-08-11 12:10 - 2014-08-11 12:13 - 04817496 _____ () C:\Documents and Settings\MARY.MJABROAD\Desktop\RogueKiller.exe
2014-08-11 11:15 - 2014-08-11 01:20 - 00401920 _____ (Farbar) C:\Documents and Settings\MARY.MJABROAD\Desktop\MiniToolBox.exe
2014-08-10 22:32 - 2014-08-10 22:33 - 00000000 ___SD () C:\ComboFix
2014-08-10 22:10 - 2014-08-10 22:11 - 01944824 _____ (Bleeping Computer, LLC) C:\Documents and Settings\MARY.MJABROAD\Desktop\rkill.exe
2014-08-10 20:12 - 2014-08-10 20:12 - 00000000 ____D () C:\Program Files\Microsoft Windows OneCare Live(3)
2014-08-10 20:03 - 2014-08-10 20:04 - 00255488 ___SH () C:\Documents and Settings\Administrator\My Documents\Thumbs.db
2014-08-10 20:03 - 2014-08-10 20:03 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\Temp
2014-08-10 20:03 - 2014-08-10 20:03 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\Adobe
2014-08-10 20:00 - 2014-07-16 22:59 - 00002356 _____ () C:\Documents and Settings\MARY.MJABROAD\Desktop\Google Chrome.lnk
2014-08-10 19:59 - 2011-07-25 16:42 - 00000803 _____ () C:\Documents and Settings\MARY.MJABROAD\Desktop\Internet Explorer.lnk
2014-08-10 19:58 - 2013-06-12 18:09 - 00001720 _____ () C:\Documents and Settings\MARY.MJABROAD\Desktop\888poker.lnk
2014-08-10 16:43 - 2014-08-11 15:26 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-10 16:42 - 2014-08-10 16:42 - 00000777 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-10 16:42 - 2014-08-10 16:42 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-10 16:42 - 2014-08-10 16:42 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-10 16:42 - 2014-08-10 16:42 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-10 16:42 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-10 16:42 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-09 17:33 - 2014-08-09 17:33 - 00000000 _RSHD () C:\cmdcons
2014-08-09 17:33 - 2005-10-04 23:34 - 00000211 _____ () C:\Boot.bak
2014-08-09 17:33 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-08-09 17:26 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-08-09 17:26 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-08-09 17:26 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-08-09 17:26 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-08-09 17:26 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-08-09 17:26 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-08-09 17:26 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-08-09 17:26 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-08-09 17:26 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-08-09 17:25 - 2014-08-09 17:26 - 00000000 ____D () C:\Qoobox
2014-08-09 17:21 - 2014-08-09 17:21 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-09 17:17 - 2014-08-09 17:19 - 05568206 ____R (Swearware) C:\Documents and Settings\MARY.MJABROAD\Desktop\ComboFix.exe
2014-08-09 03:55 - 2014-08-09 03:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$
2014-08-09 03:55 - 2014-08-09 03:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2676562$
2014-08-09 03:03 - 2014-08-09 03:03 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-08-09 02:58 - 2014-08-09 02:59 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\MARY.MJABROAD\Desktop\tdsskiller.exe
2014-08-08 23:53 - 2014-08-11 15:39 - 00000000 ____D () C:\FRST
2014-08-08 23:17 - 2014-08-11 15:38 - 01091072 _____ (Farbar) C:\Documents and Settings\MARY.MJABROAD\Desktop\FRST.exe
2014-08-08 23:07 - 2014-08-08 23:08 - 05185536 _____ (AVAST Software) C:\Documents and Settings\MARY.MJABROAD\Desktop\aswMBR.exe
2014-08-08 20:51 - 2014-08-08 20:51 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Desktop\MALWARE TOOLS
2014-08-08 18:49 - 2014-08-08 18:49 - 00625664 _____ () C:\Documents and Settings\MARY.MJABROAD\Desktop\dds.scr
2014-08-08 18:48 - 2014-08-08 18:48 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\MARY.MJABROAD\Desktop\HiJackThis.exe
2014-08-08 18:46 - 2014-08-08 18:47 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\MARY.MJABROAD\Desktop\OTL.exe
2014-08-08 17:41 - 2014-08-08 21:40 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\AVG Secure Search
2014-08-08 17:40 - 2014-08-08 17:40 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Application Data\AVG Secure Search
2014-08-08 17:40 - 2014-08-08 17:40 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
2014-08-08 17:40 - 2014-08-08 17:40 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
2014-08-08 17:39 - 2014-08-08 17:37 - 00042784 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2014-08-08 17:38 - 2014-08-08 17:40 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-08-08 17:38 - 2014-08-08 17:38 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-08-08 17:38 - 2014-08-08 17:38 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\AVG Secure Search
2014-08-08 17:38 - 2014-08-08 17:38 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search
2014-08-08 17:38 - 2014-08-08 17:38 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search
2014-08-08 14:35 - 2014-08-08 14:45 - 00001370 _____ () C:\WINDOWS\setupapi.log
2014-08-08 14:06 - 2014-08-08 14:06 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\AVG
2014-08-08 14:06 - 2014-08-08 14:06 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG
2014-08-06 07:01 - 2014-08-06 07:01 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\MFAData
2014-08-06 06:59 - 2014-08-06 07:00 - 04424240 _____ (AVG Technologies) C:\Documents and Settings\MARY.MJABROAD\Desktop\avg_isct_stb_all_2014_4116_cm5.exe
2014-08-06 06:51 - 2014-08-06 06:51 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\Google
2014-08-06 06:02 - 2014-08-06 06:02 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Application Data\TuneUp Software
2014-08-06 05:25 - 2014-08-06 05:25 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\AVG
2014-08-06 05:25 - 2014-08-06 05:25 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Application Data\AVG
2014-08-06 05:20 - 2014-08-10 20:03 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Application Data\Adobe
2014-08-06 05:20 - 2014-08-06 05:20 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Start Menu\Programs\Accessories
2014-08-06 05:16 - 2014-08-06 05:16 - 00000000 __SHD () C:\Documents and Settings\MARY.MJABROAD\PrivacIE
2014-08-06 05:15 - 2014-08-06 05:15 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Application Data\AVG2014
2014-08-06 05:14 - 2014-08-06 14:13 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\Avg2014
2014-08-06 05:14 - 2014-08-06 05:14 - 00000803 _____ () C:\Documents and Settings\MARY.MJABROAD\Start Menu\Programs\Internet Explorer.lnk
2014-08-06 05:14 - 2014-08-06 05:14 - 00000738 _____ () C:\Documents and Settings\MARY.MJABROAD\Start Menu\Programs\Outlook Express.lnk
2014-08-06 05:13 - 2014-08-11 15:42 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Temp
2014-08-06 05:13 - 2014-08-11 15:23 - 00000178 ___SH () C:\Documents and Settings\MARY.MJABROAD\ntuser.ini
2014-08-06 05:13 - 2014-08-08 12:55 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD
2014-08-06 05:13 - 2014-08-06 05:14 - 00000788 _____ () C:\Documents and Settings\MARY.MJABROAD\Start Menu\Programs\Windows Media Player.lnk
2014-08-06 05:13 - 2013-10-10 21:25 - 00000000 __SHD () C:\Documents and Settings\MARY.MJABROAD\IETldCache
2014-08-06 05:13 - 2013-03-09 00:51 - 00001599 _____ () C:\Documents and Settings\MARY.MJABROAD\Start Menu\Programs\Remote Assistance.lnk
2014-08-06 02:46 - 2014-08-06 02:46 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Application Data\Macromedia
2014-08-06 01:44 - 2014-08-06 01:44 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Local Settings\Application Data\AVG
2014-08-06 01:44 - 2014-08-06 01:44 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Application Data\AVG
2014-08-06 01:39 - 2014-08-06 01:39 - 00000000 __SHD () C:\Documents and Settings\Mary's Computer\PrivacIE
2014-08-06 01:39 - 2014-08-06 01:39 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Application Data\Adobe
2014-08-06 01:31 - 2014-08-06 01:31 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Application Data\TuneUp Software
2014-08-06 01:23 - 2014-08-06 01:23 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Local Settings\Application Data\MFAData
2014-08-06 01:19 - 2014-08-06 01:19 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Local Settings\Application Data\Google
2014-08-06 01:18 - 2014-08-06 05:20 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Local Settings\Temp
2014-08-06 01:18 - 2014-08-06 05:13 - 00000178 ___SH () C:\Documents and Settings\Mary's Computer\ntuser.ini
2014-08-06 01:18 - 2014-08-06 05:13 - 00000000 ____D () C:\Documents and Settings\Mary's Computer
2014-08-06 01:18 - 2014-08-06 01:58 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Local Settings\Application Data\Avg2014
2014-08-06 01:18 - 2014-08-06 01:18 - 00000803 _____ () C:\Documents and Settings\Mary's Computer\Start Menu\Programs\Internet Explorer.lnk
2014-08-06 01:18 - 2014-08-06 01:18 - 00000788 _____ () C:\Documents and Settings\Mary's Computer\Start Menu\Programs\Windows Media Player.lnk
2014-08-06 01:18 - 2014-08-06 01:18 - 00000738 _____ () C:\Documents and Settings\Mary's Computer\Start Menu\Programs\Outlook Express.lnk
2014-08-06 01:18 - 2014-08-06 01:18 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Start Menu\Programs\Accessories
2014-08-06 01:18 - 2014-08-06 01:18 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Application Data\AVG2014
2014-08-06 01:18 - 2013-10-10 21:25 - 00000000 __SHD () C:\Documents and Settings\Mary's Computer\IETldCache
2014-08-06 01:18 - 2013-03-09 00:51 - 00001599 _____ () C:\Documents and Settings\Mary's Computer\Start Menu\Programs\Remote Assistance.lnk
2014-08-05 22:59 - 2014-08-11 15:23 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-08-05 22:58 - 2014-08-05 22:58 - 00001745 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-08-05 22:58 - 2014-08-05 22:58 - 00001745 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-08-05 22:58 - 2014-08-05 22:58 - 00001745 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG 1-Click Maintenance.lnk
2014-08-05 22:58 - 2014-08-05 22:58 - 00001739 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG PC TuneUp 2014.lnk
2014-08-05 22:58 - 2014-08-05 22:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG PC TuneUp 2014
2014-08-05 22:58 - 2014-08-05 22:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG PC TuneUp 2014
2014-08-05 22:58 - 2014-07-14 12:26 - 00036152 _____ (AVG) C:\WINDOWS\system32\TURegOpt.exe
2014-08-05 22:57 - 2014-08-05 22:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG
2014-08-05 22:57 - 2014-08-05 22:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\AVG
2014-08-05 22:52 - 2014-08-05 22:52 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\AVG2014
2014-08-05 22:28 - 2014-08-05 23:33 - 00000000 __SHD () C:\Documents and Settings\All Users.WINDOWS\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-05 22:28 - 2014-08-05 23:33 - 00000000 __SHD () C:\Documents and Settings\All Users.WINDOWS\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-05 22:24 - 2014-08-05 22:59 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG
2014-08-05 22:24 - 2014-08-05 22:59 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG
2014-08-05 22:10 - 2014-08-05 22:10 - 00810198 _____ () C:\Documents and Settings\Administrator\Desktop\AVGInstLog.cab
2014-08-05 22:05 - 2014-08-06 07:13 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG
2014-08-05 22:05 - 2014-08-06 07:13 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG
2014-08-05 22:05 - 2014-08-05 22:05 - 00000702 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG 2014.lnk
2014-08-05 22:05 - 2014-08-05 22:05 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2014-08-05 22:03 - 2014-08-05 22:07 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2014
2014-08-05 22:03 - 2014-08-05 22:07 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2014
2014-08-05 22:03 - 2014-08-05 22:03 - 00000000 ___HD () C:\$AVG
2014-08-05 22:01 - 2014-08-05 22:54 - 00000000 ____D () C:\Program Files\AVG
2014-08-05 21:39 - 2014-08-05 22:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
2014-08-05 21:39 - 2014-08-05 21:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\MFAData
2014-07-27 13:26 - 2014-07-27 13:26 - 00000000 ____D () C:\WINDOWS\LastGood(3)
2014-07-27 01:41 - 2014-07-27 01:45 - 00002048 _____ () C:\Documents and Settings\Administrator\My Documents\Backup.bkf
2014-07-19 16:07 - 2014-07-19 16:08 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071914-01.dmp
2014-07-18 22:21 - 2014-07-18 22:21 - 00276848 _____ () C:\Documents and Settings\Administrator\Desktop\download.htm
2014-07-16 23:53 - 2014-07-16 23:51 - 00287423 _____ () C:\Documents and Settings\Administrator\Desktop\grandpa and his boys.htm
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-11 15:42 - 2014-08-06 05:13 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Temp
2014-08-11 15:41 - 2014-08-11 15:38 - 00033711 _____ () C:\Documents and Settings\MARY.MJABROAD\Desktop\FRST.txt
2014-08-11 15:41 - 2009-08-12 16:39 - 00000438 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{7D0F0C55-E4E8-48A5-8365-85495DCEA754}.job
2014-08-11 15:39 - 2014-08-08 23:53 - 00000000 ____D () C:\FRST
2014-08-11 15:38 - 2014-08-11 15:38 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Desktop\FRST-OlderVersion
2014-08-11 15:38 - 2014-08-08 23:17 - 01091072 _____ (Farbar) C:\Documents and Settings\MARY.MJABROAD\Desktop\FRST.exe
2014-08-11 15:34 - 2013-03-08 19:24 - 00001010 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2146843231-725345543-500UA.job
2014-08-11 15:31 - 2011-03-26 14:49 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
2014-08-11 15:31 - 2011-03-26 14:49 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
2014-08-11 15:26 - 2014-08-10 16:43 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-11 15:26 - 2005-10-04 23:38 - 02028243 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-11 15:25 - 2005-10-04 16:30 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2014-08-11 15:24 - 2014-03-27 18:23 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-08-11 15:24 - 2013-03-10 21:46 - 00000616 ____H () C:\WINDOWS\Tasks\ConfigExec.job
2014-08-11 15:24 - 2005-10-04 23:57 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-11 15:24 - 2005-10-04 16:30 - 00000049 ____C () C:\WINDOWS\wiaservc.log
2014-08-11 15:23 - 2014-08-06 05:13 - 00000178 ___SH () C:\Documents and Settings\MARY.MJABROAD\ntuser.ini
2014-08-11 15:23 - 2014-08-05 22:59 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt
2014-08-11 15:23 - 2005-10-04 23:57 - 00032556 _____ () C:\WINDOWS\SchedLgU.Txt
2014-08-11 14:56 - 2012-04-07 17:02 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-11 14:15 - 2014-08-11 14:15 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Application Data\Macromedia
2014-08-11 12:46 - 2013-03-10 21:46 - 00000580 ____H () C:\WINDOWS\Tasks\DataUpload.job
2014-08-11 12:19 - 2014-08-11 12:19 - 00029160 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-08-11 12:19 - 2014-08-11 12:18 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\RogueKiller
2014-08-11 12:19 - 2014-08-11 12:18 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\RogueKiller
2014-08-11 12:13 - 2014-08-11 12:10 - 04817496 _____ () C:\Documents and Settings\MARY.MJABROAD\Desktop\RogueKiller.exe
2014-08-11 01:20 - 2014-08-11 11:15 - 00401920 _____ (Farbar) C:\Documents and Settings\MARY.MJABROAD\Desktop\MiniToolBox.exe
2014-08-10 22:33 - 2014-08-10 22:32 - 00000000 ___SD () C:\ComboFix
2014-08-10 22:11 - 2014-08-10 22:10 - 01944824 _____ (Bleeping Computer, LLC) C:\Documents and Settings\MARY.MJABROAD\Desktop\rkill.exe
2014-08-10 20:12 - 2014-08-10 20:12 - 00000000 ____D () C:\Program Files\Microsoft Windows OneCare Live(3)
2014-08-10 20:12 - 2010-06-17 21:27 - 00000000 ____D () C:\Program Files\Microsoft Windows OneCare Live
2014-08-10 20:04 - 2014-08-10 20:03 - 00255488 ___SH () C:\Documents and Settings\Administrator\My Documents\Thumbs.db
2014-08-10 20:03 - 2014-08-10 20:03 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\Temp
2014-08-10 20:03 - 2014-08-10 20:03 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\Adobe
2014-08-10 20:03 - 2014-08-06 05:20 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Application Data\Adobe
2014-08-10 20:03 - 2005-10-05 01:37 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\My Received Files
2014-08-10 17:34 - 2013-03-08 19:24 - 00000958 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2146843231-725345543-500Core.job
2014-08-10 16:42 - 2014-08-10 16:42 - 00000777 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-10 16:42 - 2014-08-10 16:42 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-10 16:42 - 2014-08-10 16:42 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-10 16:42 - 2014-08-10 16:42 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-10 16:35 - 2013-03-12 19:49 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2014-08-10 16:35 - 2013-03-12 19:49 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2014-08-10 08:29 - 2005-10-04 23:58 - 00000278 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-08-10 08:28 - 2004-08-04 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-08-09 17:33 - 2014-08-09 17:33 - 00000000 _RSHD () C:\cmdcons
2014-08-09 17:33 - 2005-09-18 10:18 - 00000327 __RSH () C:\boot.ini
2014-08-09 17:26 - 2014-08-09 17:25 - 00000000 ____D () C:\Qoobox
2014-08-09 17:21 - 2014-08-09 17:21 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-09 17:19 - 2014-08-09 17:17 - 05568206 ____R (Swearware) C:\Documents and Settings\MARY.MJABROAD\Desktop\ComboFix.exe
2014-08-09 03:55 - 2014-08-09 03:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$
2014-08-09 03:55 - 2014-08-09 03:55 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2676562$
2014-08-09 03:55 - 2013-08-14 07:55 - 04878677 _____ () C:\WINDOWS\KB2859537.log
2014-08-09 03:55 - 2013-03-11 03:00 - 07133110 _____ () C:\WINDOWS\KB2676562.log
2014-08-09 03:55 - 2005-10-04 16:28 - 02761811 ____C () C:\WINDOWS\FaxSetup.log
2014-08-09 03:55 - 2005-10-04 16:28 - 01349355 ____C () C:\WINDOWS\ocgen.log
2014-08-09 03:55 - 2005-10-04 16:28 - 01272137 ____C () C:\WINDOWS\tsoc.log
2014-08-09 03:55 - 2005-10-04 16:28 - 01132372 ____C () C:\WINDOWS\iis6.log
2014-08-09 03:55 - 2005-10-04 16:28 - 00937088 _____ () C:\WINDOWS\comsetup.log
2014-08-09 03:55 - 2005-10-04 16:28 - 00864910 ____C () C:\WINDOWS\msmqinst.log
2014-08-09 03:55 - 2005-10-04 16:28 - 00572796 ____C () C:\WINDOWS\ntdtcsetup.log
2014-08-09 03:55 - 2005-10-04 16:28 - 00484384 ____C () C:\WINDOWS\netfxocm.log
2014-08-09 03:55 - 2005-10-04 16:28 - 00191640 ____C () C:\WINDOWS\MedCtrOC.log
2014-08-09 03:55 - 2005-10-04 16:28 - 00153497 ____C () C:\WINDOWS\ocmsn.log
2014-08-09 03:55 - 2005-10-04 16:28 - 00138912 ____C () C:\WINDOWS\tabletoc.log
2014-08-09 03:55 - 2005-10-04 16:28 - 00138894 ____C () C:\WINDOWS\msgsocm.log
2014-08-09 03:55 - 2005-10-04 16:28 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-08-09 03:55 - 2005-10-04 16:28 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-08-09 03:07 - 2004-08-04 14:00 - 00052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-08-09 03:03 - 2014-08-09 03:03 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-08-09 02:59 - 2014-08-09 02:58 - 04181856 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\MARY.MJABROAD\Desktop\tdsskiller.exe
2014-08-08 23:08 - 2014-08-08 23:07 - 05185536 _____ (AVAST Software) C:\Documents and Settings\MARY.MJABROAD\Desktop\aswMBR.exe
2014-08-08 21:40 - 2014-08-08 17:41 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\AVG Secure Search
2014-08-08 20:51 - 2014-08-08 20:51 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Desktop\MALWARE TOOLS
2014-08-08 18:49 - 2014-08-08 18:49 - 00625664 _____ () C:\Documents and Settings\MARY.MJABROAD\Desktop\dds.scr
2014-08-08 18:48 - 2014-08-08 18:48 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\MARY.MJABROAD\Desktop\HiJackThis.exe
2014-08-08 18:47 - 2014-08-08 18:46 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\MARY.MJABROAD\Desktop\OTL.exe
2014-08-08 17:40 - 2014-08-08 17:40 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Application Data\AVG Secure Search
2014-08-08 17:40 - 2014-08-08 17:40 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
2014-08-08 17:40 - 2014-08-08 17:40 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
2014-08-08 17:40 - 2014-08-08 17:38 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-08-08 17:38 - 2014-08-08 17:38 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-08-08 17:38 - 2014-08-08 17:38 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\AVG Secure Search
2014-08-08 17:38 - 2014-08-08 17:38 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search
2014-08-08 17:38 - 2014-08-08 17:38 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search
2014-08-08 17:37 - 2014-08-08 17:39 - 00042784 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2014-08-08 15:00 - 2014-03-27 18:23 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-08-08 14:45 - 2014-08-08 14:35 - 00001370 _____ () C:\WINDOWS\setupapi.log
2014-08-08 14:45 - 2013-03-11 04:10 - 00000343 _____ () C:\WINDOWS\setuperr.log
2014-08-08 14:45 - 2005-10-04 23:35 - 00000000 ____D () C:\Program Files\Messenger
2014-08-08 14:45 - 2005-10-04 16:26 - 00178287 _____ () C:\WINDOWS\setupact.log
2014-08-08 14:06 - 2014-08-08 14:06 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\AVG
2014-08-08 14:06 - 2014-08-08 14:06 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG
2014-08-08 12:55 - 2014-08-06 05:13 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD
2014-08-06 14:13 - 2014-08-06 05:14 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\Avg2014
2014-08-06 07:13 - 2014-08-05 22:05 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG
2014-08-06 07:13 - 2014-08-05 22:05 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG
2014-08-06 07:12 - 2005-10-04 16:27 - 01027237 _____ () C:\WINDOWS\setupapi.log.0.old
2014-08-06 07:01 - 2014-08-06 07:01 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\MFAData
2014-08-06 07:00 - 2014-08-06 06:59 - 04424240 _____ (AVG Technologies) C:\Documents and Settings\MARY.MJABROAD\Desktop\avg_isct_stb_all_2014_4116_cm5.exe
2014-08-06 06:51 - 2014-08-06 06:51 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\Google
2014-08-06 06:02 - 2014-08-06 06:02 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Application Data\TuneUp Software
2014-08-06 05:25 - 2014-08-06 05:25 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Local Settings\Application Data\AVG
2014-08-06 05:25 - 2014-08-06 05:25 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Application Data\AVG
2014-08-06 05:20 - 2014-08-06 05:20 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Start Menu\Programs\Accessories
2014-08-06 05:20 - 2014-08-06 01:18 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Local Settings\Temp
2014-08-06 05:16 - 2014-08-06 05:16 - 00000000 __SHD () C:\Documents and Settings\MARY.MJABROAD\PrivacIE
2014-08-06 05:15 - 2014-08-06 05:15 - 00000000 ____D () C:\Documents and Settings\MARY.MJABROAD\Application Data\AVG2014
2014-08-06 05:14 - 2014-08-06 05:14 - 00000803 _____ () C:\Documents and Settings\MARY.MJABROAD\Start Menu\Programs\Internet Explorer.lnk
2014-08-06 05:14 - 2014-08-06 05:14 - 00000738 _____ () C:\Documents and Settings\MARY.MJABROAD\Start Menu\Programs\Outlook Express.lnk
2014-08-06 05:14 - 2014-08-06 05:13 - 00000788 _____ () C:\Documents and Settings\MARY.MJABROAD\Start Menu\Programs\Windows Media Player.lnk
2014-08-06 05:14 - 2005-10-04 23:35 - 00029918 ____C () C:\WINDOWS\wmsetup.log
2014-08-06 05:13 - 2014-08-06 01:18 - 00000178 ___SH () C:\Documents and Settings\Mary's Computer\ntuser.ini
2014-08-06 05:13 - 2014-08-06 01:18 - 00000000 ____D () C:\Documents and Settings\Mary's Computer
2014-08-06 05:02 - 2010-08-29 14:01 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2014-08-06 03:04 - 2005-10-04 23:57 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temp
2014-08-06 03:03 - 2005-09-27 16:05 - 00000000 ____D () C:\Documents and Settings\Mary Butler\Skrivbord
2014-08-06 02:46 - 2014-08-06 02:46 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Application Data\Macromedia
2014-08-06 01:58 - 2014-08-06 01:18 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Local Settings\Application Data\Avg2014
2014-08-06 01:44 - 2014-08-06 01:44 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Local Settings\Application Data\AVG
2014-08-06 01:44 - 2014-08-06 01:44 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Application Data\AVG
2014-08-06 01:39 - 2014-08-06 01:39 - 00000000 __SHD () C:\Documents and Settings\Mary's Computer\PrivacIE
2014-08-06 01:39 - 2014-08-06 01:39 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Application Data\Adobe
2014-08-06 01:31 - 2014-08-06 01:31 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Application Data\TuneUp Software
2014-08-06 01:23 - 2014-08-06 01:23 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Local Settings\Application Data\MFAData
2014-08-06 01:19 - 2014-08-06 01:19 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Local Settings\Application Data\Google
2014-08-06 01:18 - 2014-08-06 01:18 - 00000803 _____ () C:\Documents and Settings\Mary's Computer\Start Menu\Programs\Internet Explorer.lnk
2014-08-06 01:18 - 2014-08-06 01:18 - 00000788 _____ () C:\Documents and Settings\Mary's Computer\Start Menu\Programs\Windows Media Player.lnk
2014-08-06 01:18 - 2014-08-06 01:18 - 00000738 _____ () C:\Documents and Settings\Mary's Computer\Start Menu\Programs\Outlook Express.lnk
2014-08-06 01:18 - 2014-08-06 01:18 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Start Menu\Programs\Accessories
2014-08-06 01:18 - 2014-08-06 01:18 - 00000000 ____D () C:\Documents and Settings\Mary's Computer\Application Data\AVG2014
2014-08-06 01:04 - 2011-07-25 14:16 - 00001945 _____ () C:\WINDOWS\epplauncher.mif
2014-08-05 23:49 - 2005-10-04 23:58 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-08-05 23:48 - 2005-10-04 23:58 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-08-05 23:33 - 2014-08-05 22:28 - 00000000 __SHD () C:\Documents and Settings\All Users.WINDOWS\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-05 23:33 - 2014-08-05 22:28 - 00000000 __SHD () C:\Documents and Settings\All Users.WINDOWS\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-05 23:31 - 2010-06-17 21:27 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Second Life
2014-08-05 23:31 - 2010-06-17 21:27 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Second Life
2014-08-05 23:31 - 2010-06-17 21:27 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\American Airlines TravelDesk
2014-08-05 23:31 - 2010-06-17 21:27 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\American Airlines TravelDesk
2014-08-05 22:59 - 2014-08-05 22:24 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG
2014-08-05 22:59 - 2014-08-05 22:24 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG
2014-08-05 22:58 - 2014-08-05 22:58 - 00001745 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-08-05 22:58 - 2014-08-05 22:58 - 00001745 _____ () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-08-05 22:58 - 2014-08-05 22:58 - 00001745 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG 1-Click Maintenance.lnk
2014-08-05 22:58 - 2014-08-05 22:58 - 00001739 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG PC TuneUp 2014.lnk
2014-08-05 22:58 - 2014-08-05 22:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG PC TuneUp 2014
2014-08-05 22:58 - 2014-08-05 22:58 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG PC TuneUp 2014
2014-08-05 22:57 - 2014-08-05 22:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG
2014-08-05 22:57 - 2014-08-05 22:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\AVG
2014-08-05 22:54 - 2014-08-05 22:01 - 00000000 ____D () C:\Program Files\AVG
2014-08-05 22:52 - 2014-08-05 22:52 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\AVG2014
2014-08-05 22:12 - 2014-08-05 21:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
2014-08-05 22:10 - 2014-08-05 22:10 - 00810198 _____ () C:\Documents and Settings\Administrator\Desktop\AVGInstLog.cab
2014-08-05 22:07 - 2014-08-05 22:03 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2014
2014-08-05 22:07 - 2014-08-05 22:03 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2014
2014-08-05 22:05 - 2014-08-05 22:05 - 00000702 _____ () C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG 2014.lnk
2014-08-05 22:05 - 2014-08-05 22:05 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2014-08-05 22:03 - 2014-08-05 22:03 - 00000000 ___HD () C:\$AVG
2014-08-05 21:39 - 2014-08-05 21:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\MFAData
2014-08-04 17:49 - 2010-06-01 17:40 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\888poker
2014-07-28 19:48 - 2012-05-08 21:43 - 00000000 ____D () C:\Documents and Settings\mary
2014-07-28 19:48 - 2005-10-04 23:57 - 00000000 ____D () C:\Documents and Settings\NetworkService.NT AUTHORITY
2014-07-28 19:48 - 2005-10-04 23:57 - 00000000 ____D () C:\Documents and Settings\LocalService.NT AUTHORITY
2014-07-28 19:47 - 2004-09-16 10:53 - 00000000 ____D () C:\WINDOWS\Registration
2014-07-27 13:26 - 2014-07-27 13:26 - 00000000 ____D () C:\WINDOWS\LastGood(3)
2014-07-27 13:25 - 2004-09-16 10:44 - 00000000 ____D () C:\WINDOWS\repair
2014-07-27 01:45 - 2014-07-27 01:41 - 00002048 _____ () C:\Documents and Settings\Administrator\My Documents\Backup.bkf
2014-07-24 22:18 - 2013-09-05 18:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 22:16 - 2013-09-05 18:46 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Silverlight
2014-07-24 22:16 - 2013-09-05 18:46 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Microsoft Silverlight
2014-07-22 17:47 - 2013-04-20 16:57 - 00000000 ____D () C:\Program Files\PacificPoker
2014-07-19 16:08 - 2014-07-19 16:07 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071914-01.dmp
2014-07-19 16:07 - 2011-05-14 16:41 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-19 16:07 - 2005-10-04 15:58 - 534855680 _____ () C:\WINDOWS\MEMORY.DMP
2014-07-18 22:21 - 2014-07-18 22:21 - 00276848 _____ () C:\Documents and Settings\Administrator\Desktop\download.htm
2014-07-16 23:51 - 2014-07-16 23:53 - 00287423 _____ () C:\Documents and Settings\Administrator\Desktop\grandpa and his boys.htm
2014-07-16 22:59 - 2014-08-10 20:00 - 00002356 _____ () C:\Documents and Settings\MARY.MJABROAD\Desktop\Google Chrome.lnk
2014-07-16 22:59 - 2013-03-08 19:37 - 00002344 _____ () C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
2014-07-14 12:26 - 2014-08-05 22:58 - 00036152 _____ (AVG) C:\WINDOWS\system32\TURegOpt.exe
 
Some content of TEMP:
====================
C:\Documents and Settings\MARY.MJABROAD\Local Settings\Temp\{40B8EBF5-D49D-4208-B72E-5E38BFDAE85C}.exe
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temp\mpam-876bb297.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
 
ADDITION.txt
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-08-2014 01
Ran by MARY at 2014-08-11 15:43:08
Running from C:\Documents and Settings\MARY.MJABROAD\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: PC Cleaner Pro (Disabled - Up to date) {737A8864-C2D9-4337-B49A-B5E35815B9BB}
AV: AVG Internet Security 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2014 (Disabled) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
888poker (HKLM\...\888poker) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe® Photoshop® Album Starter Edition 3.2 (HKLM\...\Adobe® Photoshop® Album Starter Edition 3.2) (Version: 3.2.0 - http://www.adobe.com)
Adobe® Photoshop® Album Starter Edition 3.2 (Version: 3.2.0 - Adobe Systems, Inc.) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4744 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4744 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-US) (Version: 14.0.1001.519 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM\...\AVG PC TuneUp) (Version: 14.0.1001.519 - AVG)
AVG PC TuneUp 2014 (Version: 14.0.1001.519 - AVG) Hidden
AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.1.8.643 - AVG Technologies)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Dell Photo Printer 720 (HKLM\...\Dell Photo Printer 720) (Version:  - )
Dell Photo Printer 720 Logger (HKLM\...\Dell Photo Printer 720 Logger) (Version: 1.0 - Dell)
Dr Watson for Microsoft Windows OneCare Live v1.1.1067.14 (Version: 1.1.1067.14 - Microsoft) Hidden
DSL-300 Family Configuration Utility (HKLM\...\DSL-300 Family Configuration Utility) (Version:  - )
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Jasc Paint Shop Photo Album (HKLM\...\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}) (Version: 4.0.4 - Jasc Software, Inc.)
Jasc Paint Shop Pro 8 Dell Edition (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.10.0000 - Jasc Software Inc)
Java™ 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Java™ 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Java™ 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Java™ 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Java™ SE Runtime Environment 6 Update 1 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
Little Registry Cleaner (HKLM\...\Little Registry Cleaner) (Version:  - Little Apps)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
MemTurbo 4 (HKLM\...\{CD4D567E-44D7-4CDA-977D-C918D88FA3D9}_is1) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Automated Troubleshooting Services Shim (HKLM\...\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb) (Version:  - )
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSN (HKLM\...\MSNINST) (Version:  - )
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenOffice.org Installer 1.0 (HKLM\...\{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}) (Version: 1.0.9221 - Sun Microsystems)
SAMSUNG CDMA Modem Driver Set (HKLM\...\SAMSUNG CDMA Modem) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio (HKLM\...\{C4A4722E-79F9-417C-BD72-8D359A090C97}) (Version: 3.0.1.60510 - Samsung Electronics Co., Ltd.)
Samsung PC Studio (Version: 3.0.0.60510 - Samsung Electronics Co., Ltd.) Hidden
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB972636) (HKLM\...\KB972636-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951072-v2) (HKLM\...\KB951072-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB961503) (HKLM\...\KB961503) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vodafone 804SS USB driver Software (HKLM\...\Vodafone 804SS USB driver) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0 - Microsoft) Hidden
Windows Internet Explorer 7 (Version: 20061027.150806 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live OneCare safety scanner (HKLM\...\Windows Live OneCare safety scanner) (Version:  - )
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
24-07-2014 07:29:39 Software Distribution Service 3.0
24-07-2014 14:35:17 Software Distribution Service 3.0
24-07-2014 14:41:04 Restore Operation
24-07-2014 20:13:58 Software Distribution Service 3.0
24-07-2014 21:52:44 Software Distribution Service 3.0
25-07-2014 05:13:43 Software Distribution Service 3.0
25-07-2014 11:52:17 Software Distribution Service 3.0
25-07-2014 12:14:44 Software Distribution Service 3.0
25-07-2014 13:11:15 Restore Operation
25-07-2014 13:14:43 Restore Operation
25-07-2014 13:33:32 Software Distribution Service 3.0
25-07-2014 21:33:01 Software Distribution Service 3.0
25-07-2014 22:57:36 Software Distribution Service 3.0
26-07-2014 05:54:55 Software Distribution Service 3.0
26-07-2014 06:58:32 Restore Operation
26-07-2014 07:01:36 Restore Operation
26-07-2014 20:40:04 Software Distribution Service 3.0
26-07-2014 22:32:07 Restore Operation
26-07-2014 22:45:12 Restore Operation
26-07-2014 23:49:14 Restore Operation
26-07-2014 23:58:36 Software Distribution Service 3.0
27-07-2014 11:10:46 Restore Operation
27-07-2014 11:23:16 Restore Operation
27-07-2014 11:28:19 Restore Operation
27-07-2014 12:09:23 Software Distribution Service 3.0
27-07-2014 13:57:08 Software Distribution Service 3.0
27-07-2014 20:20:26 Software Distribution Service 3.0
28-07-2014 02:12:36 Software Distribution Service 3.0
28-07-2014 06:54:05 Software Distribution Service 3.0
28-07-2014 15:29:48 Restore Operation
28-07-2014 15:35:42 Software Distribution Service 3.0
28-07-2014 16:38:07 Software Distribution Service 3.0
28-07-2014 17:13:31 Restore Operation
28-07-2014 17:23:31 Restore Operation
28-07-2014 17:24:03 Restore Operation
28-07-2014 17:46:19 Restore Operation
28-07-2014 18:01:36 Software Distribution Service 3.0
28-07-2014 18:24:37 Software Distribution Service 3.0
28-07-2014 20:34:15 Software Distribution Service 3.0
29-07-2014 05:49:41 Software Distribution Service 3.0
29-07-2014 07:21:21 Software Distribution Service 3.0
29-07-2014 12:37:47 Software Distribution Service 3.0
29-07-2014 19:05:03 Software Distribution Service 3.0
29-07-2014 19:15:34 Restore Operation
29-07-2014 19:21:23 Restore Operation
29-07-2014 19:26:38 Restore Operation
29-07-2014 20:44:55 Software Distribution Service 3.0
30-07-2014 03:30:22 Software Distribution Service 3.0
30-07-2014 07:30:16 Software Distribution Service 3.0
30-07-2014 20:21:36 Software Distribution Service 3.0
31-07-2014 00:25:28 Software Distribution Service 3.0
31-07-2014 02:41:25 Software Distribution Service 3.0
31-07-2014 20:05:05 Software Distribution Service 3.0
01-08-2014 05:36:45 Software Distribution Service 3.0
01-08-2014 05:59:43 Software Distribution Service 3.0
01-08-2014 07:19:32 Software Distribution Service 3.0
01-08-2014 14:18:49 Software Distribution Service 3.0
01-08-2014 19:55:05 Software Distribution Service 3.0
01-08-2014 23:25:36 Software Distribution Service 3.0
02-08-2014 01:01:54 Software Distribution Service 3.0
02-08-2014 01:15:53 Software Distribution Service 3.0
02-08-2014 03:53:01 Software Distribution Service 3.0
02-08-2014 08:06:11 Software Distribution Service 3.0
02-08-2014 08:14:38 Software Distribution Service 3.0
02-08-2014 16:37:06 Software Distribution Service 3.0
02-08-2014 16:42:15 Restore Operation
02-08-2014 19:44:39 Software Distribution Service 3.0
03-08-2014 01:05:28 Software Distribution Service 3.0
03-08-2014 01:31:10 Software Distribution Service 3.0
03-08-2014 07:52:12 Software Distribution Service 3.0
03-08-2014 11:25:31 Software Distribution Service 3.0
03-08-2014 12:50:33 Software Distribution Service 3.0
03-08-2014 14:10:38 Software Distribution Service 3.0
03-08-2014 16:47:29 Restore Operation
03-08-2014 16:48:43 Software Distribution Service 3.0
03-08-2014 20:28:41 Software Distribution Service 3.0
03-08-2014 22:09:06 Software Distribution Service 3.0
04-08-2014 01:00:30 Software Distribution Service 3.0
04-08-2014 01:43:43 Software Distribution Service 3.0
04-08-2014 02:35:06 Software Distribution Service 3.0
04-08-2014 07:45:15 Software Distribution Service 3.0
04-08-2014 16:05:18 Software Distribution Service 3.0
05-08-2014 19:16:19 Software Distribution Service 3.0
05-08-2014 20:01:50 Installed AVG 2014
05-08-2014 20:02:40 Installed AVG 2014
05-08-2014 20:53:41 Installed AVG PC TuneUp 2014
06-08-2014 01:05:43 Software Distribution Service 3.0
06-08-2014 03:23:15 Restore Operation
06-08-2014 03:54:33 Restore Operation
06-08-2014 03:59:14 Restore Operation
06-08-2014 05:32:45 Software Distribution Service 3.0
06-08-2014 12:42:21 Software Distribution Service 3.0
08-08-2014 12:23:12 System Checkpoint
08-08-2014 19:04:26 Software Distribution Service 3.0
09-08-2014 01:01:38 Software Distribution Service 3.0
09-08-2014 01:53:20 Software Distribution Service 3.0
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-04 14:00 - 2014-08-11 15:15 - 00000000 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ConfigExec.job => C:\Program Files\Microsoft Fix it Center\MatsApi.dll
Task: C:\WINDOWS\Tasks\DataUpload.job => C:\Program Files\Microsoft Fix it Center\MatsApi.dll
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2146843231-725345543-500Core.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2146843231-725345543-500UA.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{7D0F0C55-E4E8-48A5-8365-85495DCEA754}.job => C:\WINDOWS\system32\msfeedssync.exe
 
==================== Loaded Modules (whitelisted) =============
 
2003-07-29 16:27 - 2003-07-29 16:27 - 00078336 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\DLBCPP5C.dll
2014-08-08 17:38 - 2014-08-08 17:37 - 01645592 _____ () C:\Program Files\AVG Secure Search\TBAPI.dll
2014-08-08 17:38 - 2014-08-08 17:37 - 02571288 _____ () C:\Program Files\AVG Secure Search\vprot.exe
2014-08-08 17:38 - 2014-08-08 17:37 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.8\log4cplusU.dll
2014-07-14 12:26 - 2014-07-14 12:26 - 00357176 _____ () C:\Program Files\AVG\AVG PC TuneUp\tuavgx.dll
2014-08-08 17:38 - 2014-08-08 17:36 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.8\loggingserver.exe
2004-08-04 14:00 - 2008-04-14 02:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 14:00 - 2008-04-14 02:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-07-16 22:59 - 2014-07-15 11:24 - 08537928 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-16 22:59 - 2014-07-15 11:24 - 00353096 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-16 22:59 - 2014-07-15 11:24 - 01732936 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\65225340.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\65225340.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/11/2014 03:24:28 PM) (Source: MatSvc) (EventID: 15) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0x80070422
.
 
Error: (08/11/2014 03:24:26 PM) (Source: MatSvc) (EventID: 15) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0x80070422
.
 
Error: (08/11/2014 03:20:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (08/11/2014 02:28:09 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 1180947459.
 
Error: (08/11/2014 02:26:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (08/11/2014 02:05:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (08/11/2014 11:10:18 AM) (Source: MatSvc) (EventID: 15) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0x80070422
.
 
Error: (08/11/2014 11:10:16 AM) (Source: MatSvc) (EventID: 15) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0x80070422
.
 
Error: (08/11/2014 10:49:49 AM) (Source: MatSvc) (EventID: 15) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0x80070422
.
 
Error: (08/11/2014 10:49:47 AM) (Source: MatSvc) (EventID: 15) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0x80070422
.
 
 
System errors:
=============
Error: (08/11/2014 03:26:08 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (08/11/2014 03:24:28 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service MatSvc with arguments ""
in order to run the server:
{109DB0ED-7C89-416B-AC66-6D0323941464}
 
Error: (08/11/2014 03:24:26 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service MatSvc with arguments ""
in order to run the server:
{109DB0ED-7C89-416B-AC66-6D0323941464}
 
Error: (08/11/2014 00:46:26 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service MatSvc with arguments ""
in order to run the server:
{8843B4A2-A3CB-4CB9-9CCE-F443F641009F}
 
Error: (08/11/2014 11:12:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (08/11/2014 11:10:18 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service MatSvc with arguments ""
in order to run the server:
{109DB0ED-7C89-416B-AC66-6D0323941464}
 
Error: (08/11/2014 11:10:16 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service MatSvc with arguments ""
in order to run the server:
{109DB0ED-7C89-416B-AC66-6D0323941464}
 
Error: (08/11/2014 11:04:25 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.
 
Error: (08/11/2014 11:03:23 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.
 
Error: (08/11/2014 10:49:49 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service MatSvc with arguments ""
in order to run the server:
{109DB0ED-7C89-416B-AC66-6D0323941464}
 
 
Microsoft Office Sessions:
=========================
Error: (08/11/2014 03:24:28 PM) (Source: MatSvc) (EventID: 15) (User: )
Description: hr=0x80070422
 
Error: (08/11/2014 03:24:26 PM) (Source: MatSvc) (EventID: 15) (User: )
Description: hr=0x80070422
 
Error: (08/11/2014 03:20:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (08/11/2014 02:28:09 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: 1180947459
 
Error: (08/11/2014 02:26:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (08/11/2014 02:05:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000
 
Error: (08/11/2014 11:10:18 AM) (Source: MatSvc) (EventID: 15) (User: )
Description: hr=0x80070422
 
Error: (08/11/2014 11:10:16 AM) (Source: MatSvc) (EventID: 15) (User: )
Description: hr=0x80070422
 
Error: (08/11/2014 10:49:49 AM) (Source: MatSvc) (EventID: 15) (User: )
Description: hr=0x80070422
 
Error: (08/11/2014 10:49:47 AM) (Source: MatSvc) (EventID: 15) (User: )
Description: hr=0x80070422
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 83%
Total physical RAM: 509.98 MB
Available physical RAM: 84.54 MB
Total Pagefile: 1245.16 MB
Available Pagefile: 379.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.99 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:71.46 GB) (Free:44.59 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 11B10323)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=71 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)
 
==================== End Of Log ============================
 
-END-


#30 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,219 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 11 August 2014 - 08:58 AM

I am removing Enigma because its not the best of programs

 

Open notepad (Start =>All Programs => Accessories => Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to the same directory as frst.exe (or frst64.exe) as fixlist.txt. (it has to be right next to FRST/64)
 

Start
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\Program Files\Enigma Software Group
C:\Documents and Settings\MARY.MJABROAD\Local Settings\Temp\{40B8EBF5-D49D-4208-B72E-5E38BFDAE85C}.exe
Hosts:
End
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
Then open FRST64 and click on fix
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 
 
 
====================================================
 
 
Then reboot and give Combofix another go


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users