Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Older Computer - Crippled by possible virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 Bobbert

Bobbert

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 20 June 2015 - 11:12 PM

So an older coworker of mine has this old computer. She wanted me to fix it because it was showing weird prompts and some other issues. When I first got it I had noticed that AVG 2013 was installed and had to then proceed to install the 2015 version so everything was up-to-date and then I was going to start my normal "fix-it" procedures... But this is where things got weird pretty quickly... AVG 2015 wouldn't properly install because the default Administrator account didn't have WRITE access to the \SOFTWARE\ area in the registry... I was able to give access to myself and install AVG but thats when I noticed that the battle wasn't over...

 

To start... The Product Key that was used to install windows is fraudulent i guess.. She bought this computer in 2009 and it hasn't seen an update since then. Its currently running Windows XP SP2. I tried getting SP3 to install but like i said, its a bad Product Key and therefore not a genuine copy of Windows XP.... even though she bought it from the store?.. idk.

 

Anyway. Chrome works just fine on that machine but IE6 (not a typo) works... semi-fine (it will NOT connect to www.google.com, it will connect to anything else though..) 

AVG will NOT update at all. It claims that it cannot connect to the update server, but I can connect to the internet.

Malwarebytes WILL connect to their update servers and connect just fine. I ran a scan and it found a few malware applications and pups and I removed them.

I also ran ESET Online Scanner and that found a few more items and I removed those.

 

Nothing I do though helps the AVG Internet Connection issue. This issue is also present on Windows "internet checker/diagnostics tool?" that you can run from IE6 (tools -> diagnose internet issues). And when using MSN Messenger the issue is present. 

 

I had a thought too that maybe the Hosts file was messed up, and it was, it had probably 3000 elements listed with in it, all pointing to 127.0.0.1 and they were all porn/malware/spyware/random sites. I used a Microsoft Fixit tool and brought that back to normal. But again, no change.

 

Sort of at my wits end.

 

Now... i know i know i shoulda waited for you guys but I did run stand-alone ComboFix. Whats really strange though is, after running it, windows update started working? But still, nothing fixed the internet issue. 

 

 

FRST Log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-06-2015
Ran by Administrator (administrator) on EXPERIENCE on 20-06-2015 23:48:18
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Loaded Profiles: Administrator (Available Profiles: Admin & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 6 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Microsoft Corporation) C:\WINDOWS\system32\netdde.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(AVG Technologies) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
() C:\Program Files\bin32\nSvcAppFlt.exe
() C:\Program Files\bin32\nSvcIp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(AVG Technologies) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\WINDOWS\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\update\update.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TeamViewer\TeamViewer_Desktop.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16860672 2007-12-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [49152 2006-04-13] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3727824 2015-06-05] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-436374069-1078145449-725345543-500\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1694208 2006-09-17] (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-436374069-1078145449-725345543-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/ie
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/ie
HKU\S-1-5-21-436374069-1078145449-725345543-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-436374069-1078145449-725345543-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-436374069-1078145449-725345543-500 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-07-21] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-07-21] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-436374069-1078145449-725345543-500 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1374406726468
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tevmdgp0.default
FF Homepage: www.msn.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [2009-07-17] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-07-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-07-21] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-21]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-21]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-21]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-17]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-21]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3461072 2015-06-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [312816 2015-06-05] (AVG Technologies CZ, s.r.o.)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\bin32\nSvcAppFlt.exe [598016 2008-01-29] () [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-07-21] (Oracle Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 nSvcIp; C:\Program Files\bin32\nSvcIp.exe [163840 2008-01-29] () [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [167936 2006-10-01] () [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [2445112 2015-05-15] (AVG Technologies)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [17801 2009-09-28] (Meetinghouse Data Communications) [File not signed]
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [213472 2015-05-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [190944 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [29664 2015-05-14] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [169440 2015-05-12] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [213984 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 BIOS; C:\WINDOWS\system32\drivers\BIOS.sys [13696 2005-03-16] (BIOSTAR Group) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-20] (Malwarebytes Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54016 2008-01-29] (NVIDIA Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [30880 2007-12-11] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-01-29] (NVIDIA Corporation)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2006-10-01] ()
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [360576 2006-10-01] (Microsoft Corporation) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [12320 2015-05-15] (TuneUp Software)
S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
S3 rt2870; system32\DRIVERS\rt2870.sys [X]
S2 Scutum50; System32\Drivers\Scutum50.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-20 23:47 - 2015-06-20 23:48 - 00000000 ____D C:\FRST
2015-06-20 23:42 - 2015-06-20 23:42 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\TeamViewer
2015-06-20 23:38 - 2015-06-20 23:49 - 00024071 _____ C:\WINDOWS\svcpack.log
2015-06-20 23:38 - 2015-06-20 23:49 - 00000000 ____D C:\WINDOWS\system32\CatRoot_bak
2015-06-20 23:36 - 2015-06-20 23:37 - 00007120 _____ C:\WINDOWS\KB929969.log
2015-06-20 23:33 - 2015-06-20 23:33 - 00000000 ____D C:\WINDOWS\LastGood
2015-06-20 23:27 - 2015-06-20 23:27 - 00000000 ____D C:\RegBackup
2015-06-20 23:21 - 2015-06-20 23:21 - 00006088 _____ C:\WINDOWS\KB961503.log
2015-06-20 23:20 - 2015-06-20 23:20 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\My Received Files
2015-06-20 23:12 - 2015-06-20 23:12 - 00000000 ____D C:\WINDOWS\system32\xircom
2015-06-20 23:12 - 2015-06-20 23:12 - 00000000 ____D C:\Program Files\xerox
2015-06-20 23:12 - 2015-06-20 23:12 - 00000000 ____D C:\Program Files\microsoft frontpage
2015-06-20 23:09 - 2015-06-20 23:11 - 00000000 ____D C:\AdwCleaner
2015-06-20 23:05 - 2015-06-20 23:05 - 00011520 _____ C:\ComboFix.txt
2015-06-20 23:05 - 2015-06-20 23:05 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-06-20 23:05 - 2015-06-20 23:05 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2015-06-20 23:05 - 2015-06-20 23:05 - 00000000 ____D C:\Documents and Settings\Admin\Local Settings\temp
2015-06-20 22:35 - 2015-06-20 22:35 - 00000000 _RSHD C:\cmdcons
2015-06-20 22:35 - 2011-01-22 07:42 - 00000211 _____ C:\Boot.bak
2015-06-20 22:35 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2015-06-20 22:31 - 2015-06-20 23:05 - 00000000 ____D C:\ComboFix
2015-06-20 22:31 - 2011-06-26 02:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-06-20 22:31 - 2010-11-07 13:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-06-20 22:31 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-06-20 22:31 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-06-20 22:31 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-06-20 22:31 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-06-20 22:31 - 2000-08-30 20:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-06-20 22:31 - 2000-08-30 20:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-06-20 22:31 - 2000-08-30 20:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-06-20 22:30 - 2015-06-20 23:05 - 00000000 ____D C:\Qoobox
2015-06-20 22:29 - 2015-06-20 23:03 - 00000000 ____D C:\WINDOWS\erdnt
2015-06-20 21:07 - 2015-06-20 21:07 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\QuickScan
2015-06-20 20:13 - 2015-06-20 20:13 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-06-20 20:13 - 2015-06-20 20:13 - 00000000 _____ C:\WINDOWS\setupact.log
2015-06-20 19:56 - 2015-06-20 19:56 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\WinRAR
2015-06-20 19:10 - 2015-06-20 19:42 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-20 19:09 - 2015-06-20 19:09 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-20 19:09 - 2015-06-20 19:09 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-20 19:09 - 2015-06-20 19:09 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-20 19:09 - 2015-04-14 09:37 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-20 19:08 - 2015-06-20 19:09 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2015-06-20 18:41 - 2015-06-20 18:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2015-06-20 17:47 - 2015-06-20 23:11 - 00065536 _____ C:\WINDOWS\system32\config\TuneUp.evt
2015-06-20 17:47 - 2015-06-20 17:47 - 00001745 _____ C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2015.lnk
2015-06-20 17:47 - 2015-06-20 17:47 - 00001745 _____ C:\Documents and Settings\All Users\Desktop\AVG 1-Click Maintenance.lnk
2015-06-20 17:47 - 2015-06-20 17:47 - 00001739 _____ C:\Documents and Settings\All Users\Desktop\AVG PC TuneUp 2015.lnk
2015-06-20 17:47 - 2015-06-20 17:47 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp 2015
2015-06-20 17:47 - 2015-05-15 10:57 - 00037176 _____ (AVG Technologies) C:\WINDOWS\system32\TURegOpt.exe
2015-06-20 17:46 - 2015-06-20 17:46 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\AVG
2015-06-20 17:45 - 2015-06-20 17:45 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-06-20 17:38 - 2015-06-20 17:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG
2015-06-20 16:14 - 2015-06-20 16:14 - 00000364 _____ C:\WINDOWS\nsw.log
2015-06-20 16:12 - 2015-06-20 16:12 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2015-06-17 19:14 - 2015-06-20 17:40 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg
2015-06-17 19:14 - 2015-06-17 19:14 - 00000000 ____D C:\Documents and Settings\Admin\Local Settings\Application Data\Avg
2015-06-17 19:07 - 2015-06-17 19:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Powertoys for Windows XP
2015-06-17 19:07 - 2003-06-25 11:05 - 00266360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TweakUI.exe
2015-06-17 17:45 - 2015-06-17 17:45 - 00000000 ____D C:\Documents and Settings\Admin\Local Settings\Application Data\Sun
2015-06-17 17:45 - 2015-06-17 17:45 - 00000000 ____D C:\Documents and Settings\Admin\Application Data\Sun
2015-06-17 17:42 - 2015-06-17 17:42 - 00000000 ____D C:\Documents and Settings\Admin\Local Settings\Application Data\MFAData
2015-06-17 17:39 - 2015-06-17 19:08 - 00000178 ___SH C:\Documents and Settings\Admin\ntuser.ini
2015-06-17 17:39 - 2015-06-17 19:08 - 00000000 ____D C:\Documents and Settings\Admin
2015-06-17 17:39 - 2015-06-17 17:39 - 00000792 _____ C:\Documents and Settings\Admin\Start Menu\Programs\Windows Media Player.lnk
2015-06-17 17:39 - 2015-06-17 17:39 - 00000767 _____ C:\Documents and Settings\Admin\Start Menu\Programs\Internet Explorer.lnk
2015-06-17 17:39 - 2015-06-17 17:39 - 00000738 _____ C:\Documents and Settings\Admin\Start Menu\Programs\Outlook Express.lnk
2015-06-17 17:39 - 2015-06-17 17:39 - 00000000 ___RD C:\Documents and Settings\Admin\Start Menu\Programs\Accessories
2015-06-17 17:39 - 2015-06-17 17:39 - 00000000 ____D C:\Documents and Settings\Admin\Start Menu\Programs\CyberLink PowerDVD
2015-06-17 17:39 - 2015-06-17 17:39 - 00000000 ____D C:\Documents and Settings\Admin\Local Settings\Application Data\Google
2015-06-17 17:39 - 2015-06-17 17:39 - 00000000 ____D C:\Documents and Settings\Admin\Local Settings\Application Data\Avg2015
2015-06-17 17:39 - 2015-06-17 17:39 - 00000000 ____D C:\Documents and Settings\Admin\Application Data\AVG2015
2015-06-17 17:39 - 2013-07-21 08:22 - 00000000 ____D C:\Documents and Settings\Admin\Application Data\Macromedia
2015-06-17 17:39 - 2012-12-11 18:41 - 00000000 ____D C:\Documents and Settings\Admin\Application Data\TuneUp Software
2015-06-17 17:39 - 2008-10-04 02:29 - 00001599 _____ C:\Documents and Settings\Admin\Start Menu\Programs\Remote Assistance.lnk
2015-06-17 17:39 - 2008-10-04 02:29 - 00000786 _____ C:\Documents and Settings\Admin\Desktop\Windows Media Player.lnk
2015-06-17 17:39 - 2008-10-03 15:13 - 00001684 _____ C:\Documents and Settings\Admin\Desktop\CyberLink PowerDVD.lnk
2015-06-17 17:39 - 2006-10-01 08:00 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpns.dll
2015-06-17 17:33 - 2015-06-17 17:33 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\WMTools Downloaded Files
2015-06-17 16:52 - 2015-06-17 16:52 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\AVG2015
2015-06-17 16:47 - 2015-06-17 19:17 - 00000702 _____ C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2015-06-17 16:44 - 2015-06-17 16:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2015
2015-06-17 16:40 - 2015-06-17 16:51 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2015
2015-06-17 16:31 - 2015-06-17 16:31 - 00000000 ____D C:\Documents and Settings\Administrator\Tracing
2015-06-02 08:03 - 2015-06-02 14:42 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-20 23:49 - 2011-01-22 08:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2015-06-20 23:49 - 2008-10-04 02:31 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-06-20 23:49 - 2008-10-04 02:27 - 01191132 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-20 23:39 - 2008-10-04 03:16 - 00632954 _____ C:\WINDOWS\setupapi.log
2015-06-20 23:38 - 2013-07-21 08:10 - 00013251 _____ C:\WINDOWS\KB980218.log
2015-06-20 23:37 - 2013-07-21 08:10 - 00024380 _____ C:\WINDOWS\KB952954.log
2015-06-20 23:37 - 2013-07-21 08:10 - 00024057 _____ C:\WINDOWS\KB960859.log
2015-06-20 23:37 - 2013-07-21 08:09 - 00023213 _____ C:\WINDOWS\KB950974.log
2015-06-20 23:37 - 2013-07-21 08:09 - 00012495 _____ C:\WINDOWS\KB978037.log
2015-06-20 23:37 - 2013-07-21 08:08 - 00013266 _____ C:\WINDOWS\KB960225.log
2015-06-20 23:37 - 2013-07-21 08:07 - 00013109 _____ C:\WINDOWS\KB961501.log
2015-06-20 23:37 - 2013-07-21 08:07 - 00013022 _____ C:\WINDOWS\KB975025.log
2015-06-20 23:37 - 2013-07-21 08:06 - 00023127 _____ C:\WINDOWS\KB952004.log
2015-06-20 23:37 - 2013-07-21 08:05 - 00020740 _____ C:\WINDOWS\KB979559.log
2015-06-20 23:37 - 2013-07-21 08:05 - 00012614 _____ C:\WINDOWS\KB977816.log
2015-06-20 23:37 - 2013-07-21 08:04 - 00019725 _____ C:\WINDOWS\KB967715.log
2015-06-20 23:37 - 2013-07-21 08:03 - 00012070 _____ C:\WINDOWS\KB977914.log
2015-06-20 23:37 - 2013-07-21 08:00 - 00020388 _____ C:\WINDOWS\KB978542.log
2015-06-20 23:37 - 2013-07-21 08:00 - 00020080 _____ C:\WINDOWS\KB970238.log
2015-06-20 23:37 - 2013-07-21 07:58 - 00011983 _____ C:\WINDOWS\KB979482.log
2015-06-20 23:36 - 2013-07-21 07:56 - 00011926 _____ C:\WINDOWS\KB978706.log
2015-06-20 23:36 - 2013-07-21 07:38 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2015-06-20 23:35 - 2008-10-04 03:18 - 00458340 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-20 23:30 - 2013-07-21 07:28 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-20 23:30 - 2008-10-04 02:45 - 00000536 _____ C:\RTHDCPL_Dump.txt
2015-06-20 23:30 - 2008-10-04 02:43 - 00160101 _____ C:\WINDOWS\system32\nvapps.xml
2015-06-20 23:30 - 2008-10-04 02:31 - 00032552 _____ C:\WINDOWS\SchedLgU.Txt
2015-06-20 23:30 - 2008-10-04 02:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-20 23:27 - 2013-07-21 07:28 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-20 23:24 - 2013-07-21 08:08 - 00012534 _____ C:\WINDOWS\KB971657.log
2015-06-20 23:24 - 2013-07-21 08:04 - 00010422 _____ C:\WINDOWS\KB974392.log
2015-06-20 23:24 - 2013-07-21 08:02 - 00019484 _____ C:\WINDOWS\KB951748.log
2015-06-20 23:23 - 2013-07-21 08:10 - 00022072 _____ C:\WINDOWS\KB959426.log
2015-06-20 23:23 - 2013-07-21 08:08 - 00011201 _____ C:\WINDOWS\KB974112.log
2015-06-20 23:23 - 2013-07-21 08:06 - 00010855 _____ C:\WINDOWS\KB974571.log
2015-06-20 23:22 - 2013-07-21 08:09 - 00022492 _____ C:\WINDOWS\KB969059.log
2015-06-20 23:22 - 2013-07-21 08:09 - 00012952 _____ C:\WINDOWS\KB974318.log
2015-06-20 23:22 - 2013-07-21 08:08 - 00020895 _____ C:\WINDOWS\KB975713.log
2015-06-20 23:22 - 2013-07-21 08:08 - 00012455 _____ C:\WINDOWS\KB978338.log
2015-06-20 23:22 - 2013-07-21 08:06 - 00011787 _____ C:\WINDOWS\KB973507.log
2015-06-20 23:22 - 2013-07-21 07:50 - 00010885 _____ C:\WINDOWS\KB960803.log
2015-06-20 23:21 - 2013-07-21 07:49 - 00010712 _____ C:\WINDOWS\KB973815.log
2015-06-20 23:21 - 2013-07-21 07:41 - 00018574 _____ C:\WINDOWS\KB968389.log
2015-06-20 23:21 - 2006-10-01 08:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-06-20 23:20 - 2013-07-21 07:48 - 00010160 _____ C:\WINDOWS\KB971032.log
2015-06-20 23:20 - 2013-07-21 07:46 - 00017859 _____ C:\WINDOWS\KB975562.log
2015-06-20 23:20 - 2013-07-21 07:43 - 00017675 _____ C:\WINDOWS\KB956802.log
2015-06-20 23:20 - 2013-07-21 07:42 - 00011196 _____ C:\WINDOWS\KB978601.log
2015-06-20 23:20 - 2013-07-21 07:38 - 00010863 _____ C:\WINDOWS\KB979309.log
2015-06-20 23:19 - 2013-07-21 07:42 - 00010609 _____ C:\WINDOWS\KB944338-v2.log
2015-06-20 23:19 - 2013-07-21 07:41 - 00010132 _____ C:\WINDOWS\KB975467.log
2015-06-20 23:13 - 2008-10-05 07:19 - 00041968 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-06-20 23:12 - 2008-10-04 03:08 - 00000000 ____D C:\WINDOWS\ime
2015-06-20 23:11 - 2008-10-04 02:31 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-06-20 23:11 - 2008-10-04 02:31 - 00000000 ____D C:\Documents and Settings\Administrator
2015-06-20 23:02 - 2006-10-01 08:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-06-20 22:35 - 2008-10-04 03:11 - 00000327 __RSH C:\boot.ini
2015-06-20 20:14 - 2008-10-04 03:18 - 00054982 _____ C:\WINDOWS\iis6.log
2015-06-20 20:14 - 2008-10-04 03:18 - 00022568 _____ C:\WINDOWS\ocgen.log
2015-06-20 20:14 - 2008-10-04 03:18 - 00018374 _____ C:\WINDOWS\comsetup.log
2015-06-20 20:14 - 2008-10-04 03:18 - 00018360 _____ C:\WINDOWS\FaxSetup.log
2015-06-20 20:14 - 2008-10-04 03:18 - 00014843 _____ C:\WINDOWS\tsoc.log
2015-06-20 20:14 - 2008-10-04 03:18 - 00009717 _____ C:\WINDOWS\ntdtcsetup.log
2015-06-20 20:14 - 2008-10-04 03:18 - 00004382 _____ C:\WINDOWS\netfxocm.log
2015-06-20 20:14 - 2008-10-04 03:18 - 00002206 _____ C:\WINDOWS\MedCtrOC.log
2015-06-20 20:14 - 2008-10-04 03:18 - 00001917 _____ C:\WINDOWS\imsins.log
2015-06-20 20:14 - 2008-10-04 03:18 - 00001563 _____ C:\WINDOWS\tabletoc.log
2015-06-20 20:14 - 2008-10-04 03:18 - 00001354 _____ C:\WINDOWS\ocmsn.log
2015-06-20 20:14 - 2008-10-04 03:18 - 00001350 _____ C:\WINDOWS\msgsocm.log
2015-06-20 20:13 - 2008-10-04 03:18 - 00012184 _____ C:\WINDOWS\msmqinst.log
2015-06-20 19:48 - 2006-10-01 08:00 - 00000021 _____ C:\WINDOWS\system32\Drivers\etc\hosts.old
2015-06-20 19:38 - 2008-10-04 03:22 - 00000216 _____ C:\WINDOWS\wiadebug.log
2015-06-20 19:09 - 2013-07-21 08:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-06-20 19:08 - 2013-07-21 08:32 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2015-06-20 18:49 - 2008-10-04 03:22 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-06-20 18:12 - 2008-10-03 15:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG Free 8.5
2015-06-20 17:52 - 2008-10-04 03:08 - 00000000 ____D C:\WINDOWS\security
2015-06-20 17:42 - 2008-10-03 15:07 - 00000000 ____D C:\Program Files\AVG
2015-06-20 17:26 - 2008-10-04 03:08 - 00000000 ____D C:\WINDOWS\system32\ias
2015-06-17 19:20 - 2008-10-04 03:12 - 00189792 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-17 19:17 - 2014-11-20 13:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-06-17 19:16 - 2011-01-22 13:06 - 00000000 ____D C:\$AVG
2015-06-17 17:39 - 2008-10-04 02:25 - 00001922 _____ C:\WINDOWS\wmsetup.log
2015-06-17 17:29 - 2013-07-21 07:29 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-06-03 06:24 - 2013-07-21 08:21 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-02 07:27 - 2008-10-04 03:17 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\Temp

Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

And dont be mad  :unsure: but here is the ComboFix Log:

ComboFix 15-06-18.01 - Administrator 06/20/2015  22:52:33.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.895.156 [GMT -4:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Cache
c:\windows\system32\Cache\013324b18af3e457.fb
c:\windows\system32\Cache\02938e60ba3e207a.fb
c:\windows\system32\Cache\0b30e6e2a3858c33.fb
c:\windows\system32\Cache\190b0398ba953018.fb
c:\windows\system32\Cache\1ba49165d2a6bbaa.fb
c:\windows\system32\Cache\24382e0116e69e71.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\2ca028eaac140f2e.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\58d8e75baf0b626a.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d5ecea0a64fc6c1e.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\db3aa80a743e7e60.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
.
.
(((((((((((((((((((((((((   Files Created from 2015-05-21 to 2015-06-21  )))))))))))))))))))))))))))))))
.
.
2015-06-21 01:10 . 2015-06-21 01:10	--------	d-----w-	c:\program files\ESET
2015-06-20 23:10 . 2015-06-20 23:42	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-20 23:09 . 2015-06-20 23:09	--------	d-----w-	c:\program files\Malwarebytes Anti-Malware
2015-06-20 23:09 . 2015-04-14 13:37	120024	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-06-20 22:41 . 2015-06-20 22:41	--------	d-----w-	c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2015-06-20 21:47 . 2015-05-15 14:57	37176	----a-w-	c:\windows\system32\TURegOpt.exe
2015-06-20 21:45 . 2015-06-20 21:45	--------	d--h--w-	c:\windows\system32\GroupPolicy
2015-06-20 21:38 . 2015-06-20 21:47	--------	d-----w-	c:\documents and settings\All Users\Application Data\AVG
2015-06-20 20:12 . 2015-06-20 20:12	--------	d-----w-	c:\windows\system32\LogFiles
2015-06-17 23:07 . 2003-06-25 15:05	266360	----a-w-	c:\windows\system32\TweakUI.exe
2015-06-17 21:39 . 2015-06-17 21:39	--------	d-----w-	c:\windows\system32\dllcache
2015-06-17 21:39 . 2006-10-01 12:00	221184	----a-w-	c:\windows\system32\wmpns.dll
2015-06-17 21:39 . 2015-06-17 23:08	--------	d-----w-	c:\documents and settings\Admin
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-19 08:57 . 2015-05-19 08:57	213472	----a-w-	c:\windows\system32\drivers\avgidsdriverlx.sys
2015-05-14 12:49 . 2013-03-01 09:32	29664	----a-w-	c:\windows\system32\drivers\avgidsshimx.sys
2015-05-12 13:46 . 2010-11-12 13:19	213984	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2015-05-12 13:45 . 2013-02-08 03:37	190944	----a-w-	c:\windows\system32\drivers\avgidshx.sys
2015-05-12 13:45 . 2010-09-07 03:48	169440	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2015-05-07 12:52 . 2013-02-08 03:37	290272	----a-w-	c:\windows\system32\drivers\avglogx.sys
2015-04-15 12:05 . 2010-12-08 04:12	206816	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2015-04-14 13:37 . 2013-07-21 12:32	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2006-10-01 . C7BE59B07C6EB74BEA6FD67C1B164015 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-19 13508608]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-19 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 16860672]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2015-06-05 3727824]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~1\AVG\AVG2015\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG311T Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311T Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WG311T Smart Wizard.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-03-19 16:04	1630208	----a-w-	c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-12-07 21:57	30208	------w-	c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AVG-Secure-Search-Update_0913a"=c:\documents and settings\Administrator\Application Data\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 31e812fb345ef04c16d54d00d4056553-ad1491be2ce6c122f6b66faa90e70c2decf7d34c --CMPID 0913a
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgui.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG PC TuneUp\\Integrator.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2/7/2013 11:37 PM 190944]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/7/2013 11:37 PM 290272]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/6/2010 11:48 PM 35808]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [3/11/2015 7:13 AM 132576]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [5/19/2015 4:57 AM 213472]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [3/1/2013 5:32 AM 29664]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 12:12 AM 206816]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 9:19 AM 213984]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [10/4/2008 2:40 AM 13696]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [6/5/2015 11:24 AM 312816]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [5/15/2015 10:57 AM 2445112]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/21/2013 8:32 AM 23256]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [5/15/2015 8:16 AM 12320]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [6/5/2015 11:32 AM 3461072]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [6/20/2015 7:09 PM 1080120]
S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\Drivers\Scutum50.sys --> c:\windows\system32\Drivers\Scutum50.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [6/20/2015 7:10 PM 119512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-06-17 21:28	986440	----a-w-	c:\program files\Google\Chrome\Application\43.0.2357.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-21 11:28]
.
2015-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-21 11:28]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tevmdgp0.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-Spyware Protection - c:\documents and settings\Administrator\Application Data\defender.exe
MSConfigStartUp-xmwlfvlr - c:\documents and settings\Administrator\Local Settings\Application Data\hbbqqcjhp\yrxcvartssd.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-06-20 23:02
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2015-06-20  23:05:03
ComboFix-quarantined-files.txt  2015-06-21 03:05
.
Pre-Run: 30,748,856,320 bytes free
Post-Run: 31,331,479,552 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - ABC704F477CA42503146A223D749806D
8F558EB6672622401DA993E1E865C861


Edited by Bobbert, 20 June 2015 - 11:14 PM.


BC AdBot (Login to Remove)

 


m

#2 Bobbert

Bobbert
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 20 June 2015 - 11:15 PM

I guess I cant modify and attach the file but heres the Addition File from FRST scan.

 

*** EDIT ***

 

Ok... Guess i cant attach any file...?

 

anyway, heres the contents:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-06-2015
Ran by Administrator at 2015-06-20 23:50:04
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-436374069-1078145449-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Admin
Administrator (S-1-5-21-436374069-1078145449-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-436374069-1078145449-725345543-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-436374069-1078145449-725345543-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-436374069-1078145449-725345543-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Out of date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6030 - AVG Technologies)
AVG 2015 (Version: 15.0.4365 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6030 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (en-US) (Version: 15.0.1001.518 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM\...\AVG PC TuneUp) (Version: 15.0.1001.518 - AVG Technologies)
AVG PC TuneUp 2015 (Version: 15.0.1001.518 - AVG Technologies) Hidden
Canon S330 (HKLM\...\CANONBJ_Deinstall_CNMCP45.DLL) (Version:  - )
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java(TM) 6 Update 14 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 (HKLM\...\Microsoft .NET Framework 2.0) (Version:  - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSN (HKLM\...\MSNINST) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA ForceWare Network Access Manager (HKLM\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.6776 - NVIDIA Corporation)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.1702.0 - CyberLink Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5532 - Realtek Semiconductor Corp.)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Tweak UI (HKLM\...\Tweak UI 2.10) (Version:  - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

23-03-2015 14:41:50 System Checkpoint
26-03-2015 14:24:09 Removed AVG 2013
02-04-2015 12:59:58 System Checkpoint
07-04-2015 14:35:41 System Checkpoint
23-04-2015 05:40:18 System Checkpoint
24-04-2015 11:42:22 System Checkpoint
12-05-2015 12:46:21 System Checkpoint
14-05-2015 05:38:46 System Checkpoint
28-05-2015 06:23:39 System Checkpoint
02-06-2015 07:01:18 System Checkpoint
09-06-2015 13:04:15 System Checkpoint
13-06-2015 20:01:56 System Checkpoint
14-06-2015 20:17:07 System Checkpoint
15-06-2015 21:18:11 System Checkpoint
16-06-2015 22:17:06 System Checkpoint
17-06-2015 16:43:14 Installed AVG 2015
17-06-2015 16:43:41 Removed AVG 2013
17-06-2015 16:44:57 Installed AVG 2015
17-06-2015 16:50:07 Removed AVG 2013
18-06-2015 17:24:01 System Checkpoint
19-06-2015 18:37:57 System Checkpoint
20-06-2015 17:41:52 Installed AVG PC TuneUp 2015
20-06-2015 19:00:21 Installed Microsoft Fix it 50608
20-06-2015 20:32:30 Installed Microsoft Fix it 50267

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-10-01 08:00 - 2015-06-20 23:02 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2008-03-19 12:04 - 2008-03-19 12:04 - 00466944 _____ () C:\WINDOWS\system32\nvshell.dll
2008-10-03 15:13 - 2006-10-01 08:00 - 00167936 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2008-01-29 07:25 - 2008-01-29 07:25 - 00598016 _____ () C:\Program Files\bin32\nSvcAppFlt.exe
2008-01-29 07:17 - 2008-01-29 07:17 - 00102400 _____ () C:\Program Files\bin32\nv_common.dll
2008-01-29 07:18 - 2008-01-29 07:18 - 00454656 _____ () C:\Program Files\bin32\SpecialCase.dll
2008-01-29 07:24 - 2008-01-29 07:24 - 00163840 _____ () C:\Program Files\bin32\nSvcIp.exe
2008-04-14 05:42 - 2008-04-14 05:42 - 00438272 _____ () C:\WINDOWS\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\update\spcompat.dll
2006-10-01 08:00 - 2006-10-01 08:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2006-10-01 08:00 - 2006-10-01 08:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2006-10-01 08:00 - 2006-10-01 08:00 - 01287680 _____ () C:\WINDOWS\system32\quartz.dll
2015-06-17 17:29 - 2015-06-05 14:22 - 15003464 _____ () C:\Program Files\Google\Chrome\Application\43.0.2357.124\PepperFlash\pepflashplayer.dll

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-436374069-1078145449-725345543-500\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG311T Smart Wizard.lnk => C:\WINDOWS\pss\NETGEAR WG311T Smart Wizard.lnkCommon Startup
MSCONFIG\startupreg: nwiz => nwiz.exe /install
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgui.exe] => Enabled:AVG 2015
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger 
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG PC TuneUp\Integrator.exe] => Enabled:AVG PC TuneUp 2015
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: {50127DC3-0F36-415E-A6CC-4CB3BE910B65}
Manufacturer: Advanced Micro Devices
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/20/2015 06:57:54 PM) (Source: MsiInstaller) (EventID: 10005) (User: EXPERIENCE)
Description: Product: Microsoft Fix it 50195 -- This Microsoft Fix it does not apply to your operating system or application version.

Error: (06/17/2015 07:12:19 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/17/2015 07:12:19 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/17/2015 06:23:50 PM) (Source: MsiInstaller) (EventID: 11406) (User: EXPERIENCE)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1406. SA_Error1406: StandardAction(0xC007057E): Could not write value CORE_ProdCode to key \SOFTWARE\AVG\AVG2015.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (06/17/2015 05:43:40 PM) (Source: MsiInstaller) (EventID: 11406) (User: EXPERIENCE)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1406. SA_Error1406: StandardAction(0xC007057E): Could not write value CORE_ProdCode to key \SOFTWARE\AVG\AVG2015.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (06/17/2015 05:31:00 PM) (Source: MsiInstaller) (EventID: 11406) (User: EXPERIENCE)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1406. SA_Error1406: StandardAction(0xC007057E): Could not write value CORE_ProdCode to key \SOFTWARE\AVG\AVG2015.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (06/17/2015 05:26:57 PM) (Source: MsiInstaller) (EventID: 11406) (User: EXPERIENCE)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1406. SA_Error1406: StandardAction(0xC007057E): Could not write value CORE_ProdCode to key \SOFTWARE\AVG\AVG2015.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (06/17/2015 04:51:57 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/17/2015 04:51:57 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/03/2015 10:20:33 AM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (1316) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (06/20/2015 11:44:17 PM) (Source: 0) (EventID: 14) (User: )
Description: \Device\VideoPdo1CMDre 00000000 00000080 00000000 00000002 00000000

Error: (06/20/2015 11:44:17 PM) (Source: 0) (EventID: 14) (User: )
Description: \Device\VideoPdo1CMDre 00000000 00000868 041a0690 00000002 00000000

Error: (06/20/2015 11:44:03 PM) (Source: 0) (EventID: 14) (User: )
Description: \Device\VideoPdo1CMDre 00000000 00000080 00000000 00000002 00000000

Error: (06/20/2015 11:44:03 PM) (Source: 0) (EventID: 14) (User: )
Description: \Device\VideoPdo1CMDre 00000000 00000868 04000500 00000002 00000000

Error: (06/20/2015 11:42:52 PM) (Source: Schannel) (EventID: 4108) (User: )
Description: The certificate received from the remote server has not validated correctly. The
error code is 0x80096004. The SSL connection request has failed. The attached data contains
the server certificate.

Error: (06/20/2015 11:30:33 PM) (Source: 0) (EventID: 14) (User: )
Description: \Device\VideoPdo1CMDre 00000000 00000080 00000000 00000002 00000000

Error: (06/20/2015 11:30:33 PM) (Source: 0) (EventID: 14) (User: )
Description: \Device\VideoPdo1CMDre 00000000 00000868 03000400 00000002 00000000

Error: (06/20/2015 11:26:53 PM) (Source: 0) (EventID: 14) (User: )
Description: \Device\VideoPdo1CMDre 00000000 00000080 00000000 00000002 00000000

Error: (06/20/2015 11:26:53 PM) (Source: 0) (EventID: 14) (User: )
Description: \Device\VideoPdo1CMDre 00000000 00000868 03000400 00000002 00000000

Error: (06/20/2015 11:13:11 PM) (Source: 0) (EventID: 14) (User: )
Description: \Device\VideoPdo1CMDre 00000000 00000080 00000000 00000002 00000000


Microsoft Office:
=========================
Error: (06/20/2015 06:57:54 PM) (Source: MsiInstaller) (EventID: 10005) (User: EXPERIENCE)
Description: Product: Microsoft Fix it 50195 -- This Microsoft Fix it does not apply to your operating system or application version.(NULL)(NULL)(NULL)

Error: (06/17/2015 07:12:19 PM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/17/2015 07:12:19 PM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/17/2015 06:23:50 PM) (Source: MsiInstaller) (EventID: 11406) (User: EXPERIENCE)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1406. SA_Error1406: StandardAction(0xC007057E): Could not write value CORE_ProdCode to key \SOFTWARE\AVG\AVG2015.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.(NULL)(NULL)(NULL)

Error: (06/17/2015 05:43:40 PM) (Source: MsiInstaller) (EventID: 11406) (User: EXPERIENCE)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1406. SA_Error1406: StandardAction(0xC007057E): Could not write value CORE_ProdCode to key \SOFTWARE\AVG\AVG2015.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.(NULL)(NULL)(NULL)

Error: (06/17/2015 05:31:00 PM) (Source: MsiInstaller) (EventID: 11406) (User: EXPERIENCE)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1406. SA_Error1406: StandardAction(0xC007057E): Could not write value CORE_ProdCode to key \SOFTWARE\AVG\AVG2015.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.(NULL)(NULL)(NULL)

Error: (06/17/2015 05:26:57 PM) (Source: MsiInstaller) (EventID: 11406) (User: EXPERIENCE)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2015 -- Error 1406. SA_Error1406: StandardAction(0xC007057E): Could not write value CORE_ProdCode to key \SOFTWARE\AVG\AVG2015.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.(NULL)(NULL)(NULL)

Error: (06/17/2015 04:51:57 PM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/17/2015 04:51:57 PM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (06/03/2015 10:20:33 AM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost1316C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) 64 Processor 4000+
Percentage of memory in use: 81%
Total physical RAM: 895.17 MB
Available physical RAM: 162.74 MB
Total Pagefile: 2167.98 MB
Available Pagefile: 1469.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1958.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.26 GB) (Free:28.16 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: B74510E2)
Partition 1: (Active) - (Size=37.3 GB) - (Type=07 NTFS)

==================== End of log ============================

Edited by Bobbert, 20 June 2015 - 11:16 PM.


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 PM

Posted 25 June 2015 - 11:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/580137 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 PM

Posted 30 June 2015 - 11:20 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users