Jump to content

'Bad image' and not booting outside Safemode


Recommended Posts

If the title's vague, it's because that's all I can say about it.

 

So I've got an Acer Aspire One netbook that runs XP (can't afford to upgrade it yet) however the last few weeks it's gradually been slowing down after reinstalling XP, but I thought this was just down to it's age.

 

Two days ago I rebooted after doing a virus scan with AVG (free edition, obviously) and when it came back on, it was stuck on the loading screen for several minutes, until it just rebooted itself. And this process repeated until I force shut it down. Doing so I tried to look into booting with safe mode, which whilst still really slow, actually did work, but from there I still can't find what was causing it. Removing the auto-failed restart, I found the 'bad image' error message blue screened.

 

Adding insult to injury I am actually booting it up to find the 'bad image' error message to tell what it is exactly, but it of course actually boots up to the log in screen for once (typical, huh?) although thankfully it gave the same error message on a blue screen. However as far as I can tell, it's the same error when I've tried to load up AVG to do another scan; "The application or DLL c:\program files\AVG\AVG2014\avgntopensslx.dll is not a valid Windows image." Which is the same as what would come up on the blue screen. At the same time, no matter what I'm doing I cannot uninstall or remove this AVG just to reinstall it fresh, so I'm guessing if something's got into the computer, it's hiding in those files.

Link to comment
Share on other sites

:wp:

 

Can you boot into safe mode with networking?

 

You can try the below but no idea if it will stop the bad image errors.

There is a AVG uninstall tool that might work here. http://www.avg.com/us-en/utilities

scroll down to your version.

 

There is a high likelihood it wont work. In that event try

Please download and install Revo Uninstaller Free

  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on AVG antivirus
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
If the above is successful you'll need a different anitivirus on the machine.

Microsoft Security Essentials

Link to comment
Share on other sites

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 6 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

Link to comment
Share on other sites

Alright I deeply apologise I posted that I wanted help and sorta vanished like that. Personal stuff just took me much longer than it really should have, but it was still unavoidable and I haven't even been at any computer or able to get to one at all.

 

But I'm going to be free after tomorrow, and I'll be making sure I'm back.

 

So away from my half-baked apologies; I ran Revo, went a little unusually because it started running the actual avguninstaller and wouldn't 'scan' (or whatever it does anyway) but after retrying it it started to work, and everything related to the AVG is deleted. Just restarted like the program told me. I also already had another anti-virus, I'll be reinstalling completely in a few weeks so I got Norton full on it's 30 day trial. Restarting took a heck of a long time anyway and system's still pretty slow but I didn't need to go through safe mode. So that's good right?

Link to comment
Share on other sites

Not having to boot into safe mode to get onto your computer sounds much better.

 

 

Please download Farbar Recovery Scan Tool

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

(use correct version for your system.....Which system am I using?)

and Tutorial http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

 

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Link to comment
Share on other sites

Sadly whilst it did boot outside of Safe Mode, the reason I force closed it before this error began is the same as the computer wouldn't go into standby mode, or shut down without me holding the button down. I booted it back into safe mode though as it also made everything respond a lot faster.

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-06-2014
Ran by Sophi (administrator) on MICHAEL-BOWDEN on 11-06-2014 01:22:24
Running from C:\Documents and Settings\Sophi\My Documents\Downloads
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18702336 2009-08-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AzMixerSel] => C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [53248 2006-07-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2567192 2014-06-11] ()
HKU\.DEFAULT\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\.DEFAULT\...\RunOnce: [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\.DEFAULT\...\RunOnce: [Del166621031] - cmd.exe /Q /D /c del "C:\WINDOWS\TEMP\0.del"
HKU\S-1-5-19\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-19\...\RunOnce: [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [_nltide_3] - rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=274177107&ir=
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=274177107&ir=
SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=274177107&ir=
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=274177107&ir=
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\coIEPlg.dll (Symantec Corporation)
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1391253599906
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Sophi\Application Data\Mozilla\Firefox\Profiles\fcegjzyq.default
FF DefaultSearchEngine: Mysearchdial
FF SelectedSearchEngine: Mysearchdial
FF Homepage: hxxp://start.mysearchdial.com/?f=1&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=274177107&ir=
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll No File
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Documents and Settings\Sophi\Application Data\Mozilla\Firefox\Profiles\fcegjzyq.default\user.js
FF SearchPlugin: C:\Documents and Settings\Sophi\Application Data\Mozilla\Firefox\Profiles\fcegjzyq.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: MySearchDial - C:\Documents and Settings\Sophi\Application Data\Mozilla\Firefox\Profiles\fcegjzyq.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi [2014-04-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2014-05-25]
FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn\
FF Extension: Norton Identity Safe Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn\ []

Chrome:
=======
CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=274177107&ir=
CHR StartupUrls: "hxxp://start.mysearchdial.com/?f=1&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=274177107&ir=", "hxxp://mysearch.avg.com?cid={DDEB1B72-697B-4612-99CE-5BF46AC58BFE}&mid=Unknown&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-05-04 15:50:11&v=18.1.0.443&pid=safeguard&sg=&sap=hp"
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Wallet) - C:\Documents and Settings\Sophi\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-03]
CHR Extension: (Norton Identity Protection) - C:\Documents and Settings\Sophi\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-06-10]
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\Exts\Chrome.crx [2014-05-23]

========================== Services (Whitelisted) =================

S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-02-01] (Oracle Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S2 NAV; C:\Program Files\Norton AntiVirus\Engine\21.1.0.18\NAV.exe [262288 2013-10-08] (Symantec Corporation)
S2 NCO; C:\Program Files\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [129424 2013-10-06] (Symantec Corporation)
S2 vToolbarUpdater18.1.7; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1808408 2014-06-11] (AVG Secure Search)
S2 AVGIDSAgent; "C:\Program Files\AVG\AVG2014\avgidsagent.exe" [X]
S2 avgwd; "C:\Program Files\AVG\AVG2014\avgwdsvc.exe" [X]

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R3 AR5416; C:\WINDOWS\System32\DRIVERS\athw.sys [1566080 2009-05-18] (Atheros Communications, Inc.)
S1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [123160 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [199960 2014-04-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [150296 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22296 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [193304 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [238872 2014-03-27] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [108312 2014-03-31] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [28440 2014-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [211224 2014-03-31] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-06-11] (AVG Technologies)
S1 BHDrvx86; C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20131002.001\BHDrvx86.sys [1097304 2013-09-26] (Symantec Corporation)
S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [534312 2014-01-31] (Broadcom Corporation.)
S3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991136 2014-01-31] (Broadcom Corporation.)
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [56992 2014-01-31] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S1 ccSet_NAV; C:\WINDOWS\system32\drivers\NAV\1501000.012\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
S1 ccSet_NST; C:\WINDOWS\system32\drivers\NST\7DE06000.01B\ccSetx86.sys [127064 2013-09-27] (Symantec Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-10-04] (Symantec Corporation)
S3 EraserUtilDrv11311; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [108120 2013-10-04] (Symantec Corporation)
S3 IDSxpx86; C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20130930.001\IDSxpx86.sys [380824 2013-09-24] (Symantec Corporation)
S3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [38912 2009-03-02] (Atheros Communications, Inc.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 NAVENG; C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20131004.035\NAVENG.SYS [93272 2013-10-04] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20131004.035\NAVEX15.SYS [1612376 2013-10-04] (Symantec Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S1 SRTSP; C:\WINDOWS\system32\drivers\NAV\1501000.012\SRTSP.SYS [651352 2013-09-27] (Symantec Corporation)
S1 SRTSPX; C:\WINDOWS\system32\drivers\NAV\1501000.012\SRTSPX.SYS [32344 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NAV\1501000.012\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NAV\1501000.012\SYMEFA.SYS [935512 2013-09-27] (Symantec Corporation)
S3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2014-05-23] (Symantec Corporation)
S1 SymIRON; C:\WINDOWS\system32\drivers\NAV\1501000.012\Ironx86.SYS [206936 2013-09-27] (Symantec Corporation)
S1 SYMTDI; C:\WINDOWS\system32\drivers\NAV\1501000.012\SYMTDI.SYS [421592 2013-09-26] (Symantec Corporation)
R1 tStLib; C:\WINDOWS\System32\drivers\tStLib.sys [55224 2014-03-19] (StdLib)
R1 tStLibG; C:\WINDOWS\System32\drivers\tStLibG.sys [55224 2014-03-18] (StdLib)
S4 IntelIde; No ImagePath
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-11 01:22 - 2014-06-11 01:22 - 00000000 ____D () C:\FRST
2014-06-11 00:30 - 2014-06-11 00:30 - 00000000 ____D () C:\Documents and Settings\Sophi\Local Settings\Application Data\AVG Secure Search
2014-06-11 00:20 - 2014-06-11 00:20 - 00012328 _____ () C:\Documents and Settings\Sophi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-06-11 00:18 - 2014-06-11 00:18 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-06-11 00:18 - 2014-06-11 00:18 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-06-11 00:18 - 2014-06-11 00:18 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-06-11 00:16 - 2014-06-11 00:16 - 00004626 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-10 23:44 - 2014-06-10 23:44 - 00001153 _____ () C:\WINDOWS\setupapi.log
2014-06-10 23:44 - 2014-06-10 23:44 - 00000925 _____ () C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
2014-06-10 23:44 - 2014-06-10 23:44 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-10 23:44 - 2014-06-10 23:44 - 00000000 ____D () C:\Documents and Settings\Sophi\Local Settings\Application Data\VS Revo Group
2014-06-10 23:44 - 2014-06-10 23:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
2014-06-10 23:44 - 2014-06-10 23:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\VS Revo Group
2014-06-10 23:44 - 2009-12-30 10:20 - 00027064 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2014-06-05 01:13 - 2014-06-11 01:13 - 00000396 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1391278190.job
2014-05-26 22:53 - 2014-05-26 22:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NCOTEMP
2014-05-26 22:52 - 2014-06-11 00:47 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NST
2014-05-26 22:52 - 2014-06-11 00:34 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-05-26 22:52 - 2014-05-26 22:52 - 00000000 ____D () C:\Program Files\Symantec
2014-05-26 22:52 - 2014-05-26 22:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Norton Identity Safe
2014-05-26 22:49 - 2014-05-26 22:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus
2014-05-25 15:49 - 2014-05-25 15:49 - 00093480 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-05-25 04:19 - 2014-06-11 01:12 - 00080911 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-23 19:53 - 2014-05-26 22:52 - 00000000 ____D () C:\Program Files\Norton Identity Safe
2014-05-23 19:52 - 2014-05-23 19:52 - 00142936 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2014-05-23 19:52 - 2014-05-23 19:52 - 00008194 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT.CAT
2014-05-23 19:52 - 2014-05-23 19:52 - 00001885 _____ () C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
2014-05-23 19:48 - 2014-06-11 01:16 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NAV
2014-05-23 19:48 - 2014-05-26 22:49 - 00000000 ____D () C:\Program Files\Norton AntiVirus
2014-05-23 19:48 - 2014-05-26 22:39 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2014-05-15 02:29 - 2014-05-15 02:31 - 45137456 _____ () C:\Documents and Settings\Sophi\My Documents\Star Wars - The Force Unleashed.zip
2014-05-15 02:28 - 2014-05-15 02:30 - 54833457 _____ () C:\Documents and Settings\Sophi\My Documents\LEGO Star Wars - The Complete Saga.zip
2014-05-15 00:30 - 2014-05-15 00:31 - 00817443 _____ () C:\Documents and Settings\Sophi\My Documents\PokeGen_full (1).zip

==================== One Month Modified Files and Folders =======

2014-06-11 01:23 - 2014-02-01 19:02 - 00000000 ____D () C:\Documents and Settings\Sophi\Local Settings\Temp
2014-06-11 01:22 - 2014-06-11 01:22 - 00000000 ____D () C:\FRST
2014-06-11 01:16 - 2014-05-23 19:48 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NAV
2014-06-11 01:14 - 2014-02-01 19:42 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-06-11 01:13 - 2014-06-05 01:13 - 00000396 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1391278190.job
2014-06-11 01:12 - 2014-05-25 04:19 - 00080911 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-11 01:02 - 2014-02-01 19:23 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-11 00:47 - 2014-05-26 22:52 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NST
2014-06-11 00:34 - 2014-05-26 22:52 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-06-11 00:34 - 2014-02-15 20:34 - 00000420 _____ () C:\WINDOWS\Tasks\At3.job
2014-06-11 00:34 - 2014-01-31 12:14 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-11 00:33 - 2014-05-04 15:39 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-06-11 00:31 - 2014-02-01 19:23 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-11 00:30 - 2014-06-11 00:30 - 00000000 ____D () C:\Documents and Settings\Sophi\Local Settings\Application Data\AVG Secure Search
2014-06-11 00:27 - 2014-05-04 15:48 - 00042784 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2014-06-11 00:20 - 2014-06-11 00:20 - 00012328 _____ () C:\Documents and Settings\Sophi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-06-11 00:18 - 2014-06-11 00:18 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-06-11 00:18 - 2014-06-11 00:18 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-06-11 00:18 - 2014-06-11 00:18 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-06-11 00:16 - 2014-06-11 00:16 - 00004626 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-11 00:16 - 2014-04-11 23:14 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-06-11 00:16 - 2014-03-24 04:10 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-06-11 00:16 - 2014-01-30 19:30 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-11 00:12 - 2014-02-01 19:02 - 00000178 ___SH () C:\Documents and Settings\Sophi\ntuser.ini
2014-06-11 00:08 - 2014-04-28 03:28 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-06-11 00:00 - 2014-03-30 18:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-06-10 23:44 - 2014-06-10 23:44 - 00001153 _____ () C:\WINDOWS\setupapi.log
2014-06-10 23:44 - 2014-06-10 23:44 - 00000925 _____ () C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
2014-06-10 23:44 - 2014-06-10 23:44 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-10 23:44 - 2014-06-10 23:44 - 00000000 ____D () C:\Documents and Settings\Sophi\Local Settings\Application Data\VS Revo Group
2014-06-10 23:44 - 2014-06-10 23:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
2014-06-10 23:44 - 2014-06-10 23:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\VS Revo Group
2014-06-10 23:39 - 2008-04-14 13:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-09 01:17 - 2014-02-01 21:56 - 00000000 ____D () C:\Documents and Settings\Sophi\Application Data\Skype
2014-06-09 01:15 - 2014-03-05 20:02 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-06-09 01:15 - 2014-02-01 21:55 - 00002265 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
2014-06-09 01:12 - 2014-01-30 19:28 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-06-07 04:04 - 2014-02-14 01:17 - 00167936 ___SH () C:\Documents and Settings\Sophi\My Documents\Thumbs.db
2014-06-05 01:13 - 2014-02-01 19:09 - 00000000 ____D () C:\Program Files\Opera
2014-05-26 22:53 - 2014-05-26 22:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\NCOTEMP
2014-05-26 22:52 - 2014-05-26 22:52 - 00000000 ____D () C:\Program Files\Symantec
2014-05-26 22:52 - 2014-05-26 22:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Norton Identity Safe
2014-05-26 22:52 - 2014-05-23 19:53 - 00000000 ____D () C:\Program Files\Norton Identity Safe
2014-05-26 22:49 - 2014-05-26 22:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus
2014-05-26 22:49 - 2014-05-23 19:48 - 00000000 ____D () C:\Program Files\Norton AntiVirus
2014-05-26 22:39 - 2014-05-23 19:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2014-05-26 22:39 - 2014-02-01 19:02 - 00000000 ____D () C:\Documents and Settings\Sophi
2014-05-25 15:49 - 2014-05-25 15:49 - 00093480 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-05-24 15:06 - 2014-02-01 19:39 - 00000000 ____D () C:\Documents and Settings\Sophi\My Documents\Transfer
2014-05-23 19:52 - 2014-05-23 19:52 - 00142936 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2014-05-23 19:52 - 2014-05-23 19:52 - 00008194 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT.CAT
2014-05-23 19:52 - 2014-05-23 19:52 - 00001885 _____ () C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
2014-05-23 19:32 - 2014-04-09 01:57 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-05-23 19:32 - 2014-04-09 01:56 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-23 19:15 - 2014-01-30 18:24 - 00000000 ____D () C:\WINDOWS\twain_32
2014-05-15 02:31 - 2014-05-15 02:29 - 45137456 _____ () C:\Documents and Settings\Sophi\My Documents\Star Wars - The Force Unleashed.zip
2014-05-15 02:30 - 2014-05-15 02:28 - 54833457 _____ () C:\Documents and Settings\Sophi\My Documents\LEGO Star Wars - The Complete Saga.zip
2014-05-15 00:31 - 2014-05-15 00:30 - 00817443 _____ () C:\Documents and Settings\Sophi\My Documents\PokeGen_full (1).zip
2014-05-12 23:41 - 2014-01-31 11:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2904266$

Files to move or delete:
====================
C:\Windows\Tasks\At3.job


Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\mpam-60684bff.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-45c0fc0d.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-76035761.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-ecd30a50.exe
C:\Documents and Settings\Sophi\Local Settings\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-06-2014
Ran by Sophi at 2014-06-11 01:24:58
Running from C:\Documents and Settings\Sophi\My Documents\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton AntiVirus (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

Acer System Information (HKLM\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.16 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.7.0.312 - Atheros)
AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 18.1.7.598 - AVG Technologies)
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM\...\{F194B9D2-5BB0-4A36-912A-861DE0652181}) (Version: 1.23.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Extended Update (HKCU\...\UpdaterEX) (Version: - Extended Update) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
iTunes (HKLM\...\{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 26.0 (x86 en-GB)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
Norton AntiVirus (HKLM\...\NAV) (Version: 21.1.0.18 - Symantec Corporation)
Norton Identity Safe (HKLM\...\NST) (Version: 2014.6.0.27 - Symantec Corporation)
Opera Stable 22.0.1471.50 (HKLM\...\Opera 22.0.1471.50) (Version: 22.0.1471.50 - Opera Software ASA)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5928 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Skype™ 6.13 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.5.0.7400 - )
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden

==================== Restore Points =========================

12-02-2014 20:25:17 Software Distribution Service 3.0
13-02-2014 03:21:47 Software Distribution Service 3.0
13-02-2014 21:32:42 Software Distribution Service 3.0
14-02-2014 03:02:27 Software Distribution Service 3.0
15-02-2014 18:50:10 Software Distribution Service 3.0
15-02-2014 18:59:04 Software Distribution Service 3.0
16-02-2014 20:55:14 Software Distribution Service 3.0
17-02-2014 03:01:01 Software Distribution Service 3.0
18-02-2014 03:02:16 Software Distribution Service 3.0
18-02-2014 13:03:23 Software Distribution Service 3.0
19-02-2014 18:16:25 Software Distribution Service 3.0
21-02-2014 00:27:55 Software Distribution Service 3.0
22-02-2014 00:37:40 Software Distribution Service 3.0
23-02-2014 02:46:16 Software Distribution Service 3.0
25-02-2014 00:05:47 Software Distribution Service 3.0
26-02-2014 02:56:58 Software Distribution Service 3.0
27-02-2014 03:33:16 Software Distribution Service 3.0
28-02-2014 20:44:20 Software Distribution Service 3.0
01-03-2014 21:47:05 Software Distribution Service 3.0
03-03-2014 04:28:37 Software Distribution Service 3.0
03-03-2014 04:56:17 Software Distribution Service 3.0
13-03-2014 19:14:32 System Checkpoint
18-03-2014 00:29:01 Software Distribution Service 3.0
18-03-2014 01:11:12 Software Distribution Service 3.0
18-03-2014 03:00:50 Software Distribution Service 3.0
19-03-2014 02:26:12 Software Distribution Service 3.0
20-03-2014 02:54:46 Software Distribution Service 3.0
22-03-2014 02:55:21 Software Distribution Service 3.0
23-03-2014 02:48:34 Software Distribution Service 3.0
24-03-2014 03:00:46 Software Distribution Service 3.0
24-03-2014 03:20:18 Installed RuneScape Launcher 1.2.3
25-03-2014 02:35:11 Software Distribution Service 3.0
27-03-2014 00:45:35 Software Distribution Service 3.0
27-03-2014 01:06:39 Software Distribution Service 3.0
28-03-2014 02:15:13 Software Distribution Service 3.0
28-03-2014 03:01:40 Software Distribution Service 3.0
29-03-2014 03:01:23 Software Distribution Service 3.0
29-03-2014 03:30:45 Software Distribution Service 3.0
30-03-2014 02:16:58 Software Distribution Service 3.0
30-03-2014 17:48:28 Installed AVG 2014
30-03-2014 17:50:20 Installed AVG 2014
31-03-2014 21:33:34 Software Distribution Service 3.0
01-04-2014 22:54:27 Software Distribution Service 3.0
03-04-2014 01:55:16 Software Distribution Service 3.0
04-04-2014 21:37:16 Software Distribution Service 3.0
04-04-2014 22:29:40 Software Distribution Service 3.0
05-04-2014 02:01:32 Software Distribution Service 3.0
05-04-2014 12:09:32 Software Distribution Service 3.0
07-04-2014 02:01:29 Software Distribution Service 3.0
07-04-2014 02:25:12 Software Distribution Service 3.0
07-04-2014 02:56:46 Software Distribution Service 3.0
08-04-2014 21:29:52 Software Distribution Service 3.0
08-04-2014 22:35:44 Software Distribution Service 3.0
11-04-2014 21:43:59 Software Distribution Service 3.0
14-04-2014 23:54:36 Software Distribution Service 3.0
16-04-2014 00:41:08 Software Distribution Service 3.0
17-04-2014 01:45:43 Software Distribution Service 3.0
19-04-2014 20:35:57 Software Distribution Service 3.0
20-04-2014 00:39:26 Software Distribution Service 3.0
21-04-2014 01:25:16 Software Distribution Service 3.0
23-04-2014 00:53:46 Software Distribution Service 3.0
25-04-2014 01:28:48 Software Distribution Service 3.0
27-04-2014 03:00:53 Software Distribution Service 3.0
28-04-2014 02:02:17 Removed AVG 2014
28-04-2014 02:06:23 Removed AVG 2014
28-04-2014 02:13:44 Installed AVG 2014
28-04-2014 02:22:36 Installed AVG 2014
29-04-2014 14:37:36 Software Distribution Service 3.0
01-05-2014 00:30:18 Software Distribution Service 3.0
02-05-2014 02:46:50 Software Distribution Service 3.0
03-05-2014 02:04:41 Software Distribution Service 3.0
03-05-2014 14:54:39 Software Distribution Service 3.0
04-05-2014 02:47:06 Software Distribution Service 3.0
04-05-2014 14:43:01 Software Distribution Service 3.0
05-05-2014 15:20:18 Software Distribution Service 3.0
06-05-2014 22:03:51 Software Distribution Service 3.0
08-05-2014 00:35:14 Software Distribution Service 3.0
09-05-2014 02:20:36 Software Distribution Service 3.0
10-05-2014 14:07:23 Software Distribution Service 3.0
12-05-2014 23:17:02 System Checkpoint
13-05-2014 02:38:39 Software Distribution Service 3.0
14-05-2014 12:18:25 Software Distribution Service 3.0
16-05-2014 00:42:32 Software Distribution Service 3.0
18-05-2014 02:16:44 Software Distribution Service 3.0
20-05-2014 02:06:37 Software Distribution Service 3.0
21-05-2014 01:07:52 Software Distribution Service 3.0
26-05-2014 22:15:26 Restore Operation

==================== Hosts content: ==========================

2008-04-14 13:00 - 2008-04-14 13:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\DOCUME~1\NETWOR~1\APPLIC~1\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1391278190.job => C:\Program Files\Opera\launcher.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Atheros AR8132 PCI-E Fast Ethernet Controller
Description: Atheros AR8132 PCI-E Fast Ethernet Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Atheros
Service: L1c
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/11/2014 00:03:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgdiagex.exe, version 14.0.0.4576, faulting module avgduix.dll, version 14.0.0.4563, fault address 0x000613f0.
Processing media-specific event for [avgdiagex.exe!ws!]

Error: (06/11/2014 00:03:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgmfapx.exe, version 14.0.0.4592, faulting module avgmfapx.exe, version 14.0.0.4592, fault address 0x003d83de.
Processing media-specific event for [avgmfapx.exe!ws!]

Error: (06/10/2014 11:55:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgdiagex.exe, version 14.0.0.4576, faulting module avgduix.dll, version 14.0.0.4563, fault address 0x000613f0.
Processing media-specific event for [avgdiagex.exe!ws!]

Error: (06/10/2014 11:55:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgmfapx.exe, version 14.0.0.4592, faulting module avgmfapx.exe, version 14.0.0.4592, fault address 0x003d83de.
Processing media-specific event for [avgmfapx.exe!ws!]

Error: (05/24/2014 03:35:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 61484

Error: (05/24/2014 03:35:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 61484

Error: (05/24/2014 03:35:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2014 03:35:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 41015

Error: (05/24/2014 03:35:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 41015

Error: (05/24/2014 03:35:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (06/11/2014 01:18:55 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/11/2014 01:17:41 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgdiskx
AVGIDSDriver
AVGIDSShim
Avgldx86
BHDrvx86
ccSet_NAV
ccSet_NST
eeCtrl
Fips
intelppm
MpFilter
SRTSP
SRTSPX
SymIRON
SYMTDI

Error: (06/11/2014 01:17:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:
%%31

Error: (06/11/2014 01:17:03 AM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (06/11/2014 00:34:01 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At3.job command failed to start due to the following error:
%%2147942403

Error: (06/11/2014 00:29:22 AM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (06/11/2014 00:27:25 AM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (06/11/2014 00:23:07 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgldx86

Error: (06/11/2014 00:23:07 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Automatic Updates service hung on starting.

Error: (06/11/2014 00:21:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG WatchDog service failed to start due to the following error:
%%3


Microsoft Office Sessions:
=========================
Error: (06/11/2014 00:03:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgdiagex.exe14.0.0.4576avgduix.dll14.0.0.4563000613f0

Error: (06/11/2014 00:03:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgmfapx.exe14.0.0.4592avgmfapx.exe14.0.0.4592003d83de

Error: (06/10/2014 11:55:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgdiagex.exe14.0.0.4576avgduix.dll14.0.0.4563000613f0

Error: (06/10/2014 11:55:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgmfapx.exe14.0.0.4592avgmfapx.exe14.0.0.4592003d83de

Error: (05/24/2014 03:35:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 61484

Error: (05/24/2014 03:35:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 61484

Error: (05/24/2014 03:35:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2014 03:35:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 41015

Error: (05/24/2014 03:35:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 41015

Error: (05/24/2014 03:35:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 1013.87 MB
Available physical RAM: 779.88 MB
Total Pagefile: 2441.93 MB
Available Pagefile: 2304.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149.04 GB) (Free:128.28 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 9A0D38EA)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Link to comment
Share on other sites

OK

Not only did I see many services related to AVG still on your computer I found Microsoft Security Essentials as well.

Since you have installed Norton antivirus? we need to remove those. We can't keep all these antivirus programs on the computer or we'll run into a ton of trouble.

 

http://www.avg.com/us-en/utilities

scroll down this page to find the version you used.

 

http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/

Microsoft Security Essentials Removal Tool Download

 

~~~~~~~~~~~~~

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

 

start

HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2567192 2014-06-11] ()

SearchScopes: HKLM - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=274177107&ir=

SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=274177107&ir=

SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=274177107&ir=

SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=274177107&ir=

FF DefaultSearchEngine: Mysearchdial

FF SelectedSearchEngine: Mysearchdial

FF Homepage: hxxp://start.mysearchdial.com/?f=1&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=274177107&ir=

FF user.js: detected! => C:\Documents and Settings\Sophi\Application Data\Mozilla\Firefox\Profiles\fcegjzyq.default\user.js

FF SearchPlugin: C:\Documents and Settings\Sophi\Application Data\Mozilla\Firefox\Profiles\fcegjzyq.default\searchplugins\Mysearchdial.xml

FF Extension: MySearchDial - C:\Documents and Settings\Sophi\Application Data\Mozilla\Firefox\Profiles\fcegjzyq.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi [2014-04-08]

CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=274177107&ir=

CHR StartupUrls: "hxxp://start.mysearchdial.com/?f=1&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=274177107&ir=

", "hxxp://mysearch.avg.com?cid={DDEB1B72-697B-4612-99CE-5BF46AC58BFE}&mid=Unknown&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-05-04

15:50:11&v=18.1.0.443&pid=safeguard&sg=&sap=hp"

C:\Windows\Tasks\At3.job

C:\Documents and Settings\Administrator\Local Settings\Temp\mpam-60684bff.exe

C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-45c0fc0d.exe

C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-76035761.exe

C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-ecd30a50.exe

C:\Documents and Settings\Sophi\Local Settings\Temp\SkypeSetup.exe

Extended Update (HKCU\...\UpdaterEX) (Version: - Extended Update) <==== ATTENTION

Task: C:\WINDOWS\Tasks\At3.job => C:\DOCUME~1\NETWOR~1\APPLIC~1\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

end

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

-AdwCleaner-by Xplode

 

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

 

Do not click on any links in the top Advertisment.

 

 

adwcleaner_download.png

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
  • NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

thisisujrt.gif

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
~~~~~~~~~~~~~~~~

Please post:

fixlist.txt

C:\AdwCleaner[s1].txt

JRT.txt

Link to comment
Share on other sites

Ok, ran all of those except from the removal for Microsoft Security Essentials. I'm not able to run that removal whilst in safemode it seems.

 

Another small change I've sadly had to make since last time is uninstalling Norton because it was on a 30-day trial whilst I was trying to sort all this out, however it's expired at least a week too early. So that's really annoying.

 

Fixlist

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:11-06-2014
Ran by Sophi at 2014-06-17 01:46:58 Run:1
Running from C:\Documents and Settings\Sophi\My Documents\Downloads
Boot Mode: Safe Mode (with Networking)

==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2567192 2014-06-11] ()
SearchScopes: HKLM - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearc...r=274177107&ir=
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearc...r=274177107&ir=
SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearc...r=274177107&ir=
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearc...r=274177107&ir=
FF DefaultSearchEngine: Mysearchdial
FF SelectedSearchEngine: Mysearchdial
FF Homepage: hxxp://start.mysearchdial.com/?f=1&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=274177107&ir=
FF user.js: detected! => C:\Documents and Settings\Sophi\Application Data\Mozilla\Firefox\Profiles\fcegjzyq.default\user.js
FF SearchPlugin: C:\Documents and Settings\Sophi\Application Data\Mozilla\Firefox\Profiles\fcegjzyq.default\searchplugins\Mysearchdial.xml
FF Extension: MySearchDial - C:\Documents and Settings\Sophi\Application Data\Mozilla\Firefox\Profiles\fcegjzyq.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi [2014-04-08]
CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=274177107&ir=
CHR StartupUrls: "hxxp://start.mysearchdial.com/?f=1&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=274177107&ir=
", "hxxp://mysearch.avg.com?cid={DDEB1B72-697B-4612-99CE-5BF46AC58BFE}&mid=Unknown&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-05-04
15:50:11&v=18.1.0.443&pid=safeguard&sg=&sap=hp"
C:\Windows\Tasks\At3.job
C:\Documents and Settings\Administrator\Local Settings\Temp\mpam-60684bff.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-45c0fc0d.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-76035761.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-ecd30a50.exe
C:\Documents and Settings\Sophi\Local Settings\Temp\SkypeSetup.exe
Extended Update (HKCU\...\UpdaterEX) (Version: - Extended Update) <==== ATTENTION
Task: C:\WINDOWS\Tasks\At3.job => C:\DOCUME~1\NETWOR~1\APPLIC~1\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\vProt => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}'=> Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}'=> Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
C:\Documents and Settings\Sophi\Application Data\Mozilla\Firefox\Profiles\fcegjzyq.default\user.js => Moved successfully.
C:\Documents and Settings\Sophi\Application Data\Mozilla\Firefox\Profiles\fcegjzyq.default\searchplugins\Mysearchdial.xml => Moved successfully.
C:\Documents and Settings\Sophi\Application Data\Mozilla\Firefox\Profiles\fcegjzyq.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi => Moved successfully.
CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=274177107&ir= ==> The Chrome "Settings" can be used to fix the entry.
CHR StartupUrls: "hxxp://start.mysearchdial.com/?f=1&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=274177107&ir= ==> The Chrome "Settings" can be used to fix the entry.
C:\Windows\Tasks\At3.job => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\mpam-60684bff.exe => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-45c0fc0d.exe => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-76035761.exe => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-ecd30a50.exe => Moved successfully.
C:\Documents and Settings\Sophi\Local Settings\Temp\SkypeSetup.exe => Moved successfully.
C:\WINDOWS\Tasks\At3.job not found.

==== End of Fixlog ====

 

 

ADWcleaner

 

# AdwCleaner v3.212 - Report created 17/06/2014 at 01:53:57
# Updated 05/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Sophi - MICHAEL-BOWDEN
# Running from : C:\Documents and Settings\Sophi\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : tStLibG

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Documents and Settings\Sophi\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Sophi\Application Data\UpdaterEX
Folder Deleted : C:\Documents and Settings\Sophi\My Documents\PC Cleaner
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g3tdl61b.default\Extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g3tdl61b.default\Extensions\staged\ffxtlbr@mysearchdial.com
File Deleted : C:\WINDOWS\system32\drivers\tStLibG.sys
File Deleted : C:\DOCUME~1\Sophi\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g3tdl61b.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g3tdl61b.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\UpdaterEX
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v26.0 (en-GB)

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\g3tdl61b.default\prefs.js ]

Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDt[...]
Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");

[ File : C:\Documents and Settings\Sophi\Application Data\Mozilla\Firefox\Profiles\fcegjzyq.default\prefs.js ]

Line Deleted : user_pref("extensions.irmysearch.aflt", "dnldstr0103");
Line Deleted : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
Line Deleted : user_pref("extensions.irmysearch.cr", "274177107");
Line Deleted : user_pref("extensions.irmysearch.instlRef", "");
Line Deleted : user_pref("extensions.mysearchdial.AL", 2);
Line Deleted : user_pref("extensions.mysearchdial.aflt", "dnldstr0103");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
Line Deleted : user_pref("extensions.mysearchdial.cr", "274177107");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1Czu[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "00242C1265C8FC10");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16109");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1C[...]
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.020:31:25");

-\\ Google Chrome v35.0.1916.153

[ File : C:\Documents and Settings\Sophi\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted [search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=274177107&ir=
Deleted [search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [startup_urls] : hxxp://start.mysearchdial.com/?f=1&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=274177107&ir=
Deleted [Homepage] : hxxp://start.mysearchdial.com/?f=1&a=dnldstr0103&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtCtByCyD0Czz0F0CtCtDtN0D0Tzu0CyByBtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=274177107&ir=

*************************

AdwCleaner[R0].txt - [7037 octets] - [17/06/2014 01:51:19]
AdwCleaner[s0].txt - [7084 octets] - [17/06/2014 01:53:57]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7144 octets] ##########

 

 

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Sophi on 17/06/2014 at 2:09:43.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/06/2014 at 2:19:35.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Link to comment
Share on other sites

At this time you only have Microsoft Security Essentials?

 

I have to call it a night here, run this scan tonight if you like I wont be able to see it till morning.

 

 

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

 

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

 

How to use ComboFix

 

Download ComboFix from here:

Link 1

Link 2

Link 3

 

Place ComboFix.exe on your Desktop <--Important

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

     

     

     

    You can get help on disabling your protection programs here

  • Double click on ComboFix.exe & follow the prompts.
  • You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

     

    Note:

    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

     

    Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

     

    ---------------------------------------------------------------------------------------------

  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

     

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

    ---------------------------------------------------------------------------------------------

  • If there are Internet issues after running ComboFix:

    Internet Explorer:

    Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.

    Firefox:

    Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.

    Chrome:

    Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.

    Safari

    Launch Safari

    Go to general settings menu

    Then in Preferences/ Advanced

    Then on line click Proxies change settings ...

    Click Internet Options, then click the Connections tab, click Network Settings.

    Disable option (uncheck) for the use of proxy server ...

     

~~~~~~~~~~~~~~~~~~`
Link to comment
Share on other sites

Ok well the previous step seems to have done well because my netbook is booting up properly every time so far and with a little better speed. Still not the best for how fast it's running but it's definitely a notable improvement. And yes, currently I've only got Security Essentials on right now, turned back on after I did this ComboFix thing, didn't want to look at another free-antivirus until everything seemed good so it wouldn't be interfering with anything you told me to do.

 

ComboFixLog

 

ComboFix 14-06-16.01 - Sophi 18/06/2014 0:24.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.320 [GMT 1:00]
Running from: c:\documents and settings\Sophi\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Norton AntiVirus *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2014-05-17 to 2014-06-17 )))))))))))))))))))))))))))))))
.
.
2014-06-17 23:08 . 2014-06-17 23:08 39464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{231D29B1-DB2D-43D6-9FC1-4347BDDC555F}\MpKsl7338fadb.sys
2014-06-17 01:09 . 2014-06-17 01:09 -------- d-----w- c:\windows\ERUNT
2014-06-17 00:52 . 2010-08-30 07:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-06-17 00:50 . 2014-06-17 00:54 -------- d-----w- C:\AdwCleaner
2014-06-16 23:58 . 2014-04-30 23:37 8073384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{231D29B1-DB2D-43D6-9FC1-4347BDDC555F}\mpengine.dll
2014-06-15 00:07 . 2014-04-30 23:37 8073384 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-11 00:22 . 2014-06-17 00:46 -------- d-----w- C:\FRST
2014-06-10 22:44 . 2014-06-10 22:44 -------- d-----w- c:\documents and settings\Sophi\Local Settings\Application Data\VS Revo Group
2014-06-10 22:44 . 2014-06-10 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\VS Revo Group
2014-06-10 22:44 . 2009-12-30 09:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2014-06-10 22:44 . 2014-06-10 22:44 -------- d-----w- c:\program files\VS Revo Group
2014-05-26 21:53 . 2014-06-17 00:38 -------- d-----w- c:\documents and settings\All Users\Application Data\NCOTEMP
2014-05-26 21:52 . 2014-06-17 16:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2014-05-23 18:48 . 2014-05-26 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-10 23:27 . 2014-05-04 14:48 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-24 18702336]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-06 152392]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 951576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Del166621031"="del" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-5-8 607584]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Battle.net\\Battle.net.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.beta.2680\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.2717\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.beta.2737\\Agent.exe"=
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [04/05/2014 15:48 42784]
R1 MpKsl7338fadb;MpKsl7338fadb;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{231D29B1-DB2D-43D6-9FC1-4347BDDC555F}\MpKsl7338fadb.sys [18/06/2014 00:08 39464]
R1 tStLib;tStLib;c:\windows\system32\drivers\tStLib.sys [19/03/2014 03:47 55224]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [23/10/2013 09:15 172192]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30/01/2014 20:19 1684736]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [18/10/2011 02:43 78136]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [02/03/2009 14:03 38912]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [10/06/2014 23:44 27064]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL7338FADB
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-10 23:43 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-01 21:36]
.
2014-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-01 18:22]
.
2014-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-01 18:22]
.
2014-06-17 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2014-03-11 09:13]
.
2014-06-17 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-22 01:59]
.
2014-03-25 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-22 01:59]
.
2014-06-17 c:\windows\Tasks\Opera scheduled Autoupdate 1391278190.job
- c:\program files\Opera\launcher.exe [2014-02-01 10:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
FF - ProfilePath - c:\documents and settings\Sophi\Application Data\Mozilla\Firefox\Profiles\fcegjzyq.default\
FF - prefs.js: keyword.URL -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-18 00:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2840)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2014-06-18 00:39:49
ComboFix-quarantined-files.txt 2014-06-17 23:39
.
Pre-Run: 139,146,108,928 bytes free
Post-Run: 140,339,150,848 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B105FD2F045564BAE902B95050A090A6
8F558EB6672622401DA993E1E865C861

 

Link to comment
Share on other sites

Please look for and delete this folder

C:\Program Files\AVG\AVG2014

 

Please Run TFC by OldTimer to clear temporary files:

 

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe

and save it to your desktop.

 

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Then restart the computer.

 

~~~~~~~~~~~~~~~~

 

What we can do now is run an online scan with Eset, it is one of our most trusted scanner.

Most reliable and thorough.

The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.

 

This scan can take quite a bit of time to finish, depending on how full your computer is so please be patient.

 

 

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish
Link to comment
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...