1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved AVG Antivirus - Sotware Restriction Policy

Discussion in 'Malware and Virus Removal Archive' started by Dazzaboy, 2014/11/18.

  1. 2014/11/18
    Dazzaboy

    Dazzaboy Inactive Thread Starter

    Joined:
    2014/11/18
    Messages:
    33
    Likes Received:
    0
    [Solved] AVG Antivirus - Sotware Restriction Policy

    Hello, My AVG was working, And now it flashes up

    "Windows cannot open this program because it has been prevented by a software restriction policy, Open Event viewer...etc

    When you go into "Event Viewer"

    Access to C:\Program Files\AVG\AVG2015\avgui.exe has been restricted by your Administrator by location with policy rule {e7b57c3e-fcb7-4f32-809b-864fa0f1d92e} placed on path C:\Program Files\AVG\

    Ive tried my best and i cant seem to get my head around this

    Ive tryed downloading and resinstalling the program and the same thing happens so now im surfing the world wide web without any protection!!! lol Has anyone else had this trouble on this site? Also any programs you recommend i hate to sound cheap but are they free lol

    Cheers Darren
     
  2. 2014/11/18
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard [​IMG]

    Let's see if your computer is clean.
    Please, complete all steps listed HERE

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     

  3. to hide this advert.

  4. 2014/11/19
    Dazzaboy

    Dazzaboy Inactive Thread Starter

    Joined:
    2014/11/18
    Messages:
    33
    Likes Received:
    0
    Hello there thank you very much for a reply, I downloaded and installed Malwarebytes Anti-Malware, Ran and found 41 threats, Log as follows,

    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 19/11/2014
    Scan Time: 14:26:59
    Logfile: Recent Scan.txt
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.11.19.04
    Rootkit Database: v2014.11.18.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: DAZ

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 334447
    Time Elapsed: 41 min, 15 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 21
    PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarantined, [1c846ecf7309290df2e020d3eb176898],
    PUP.Optional.Babylon.A, HKU\S-1-5-21-448539723-746137067-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [9e02f24b1d5f70c6590d3a80dc266f91],
    PUP.Optional.Delta.A, HKU\S-1-5-21-448539723-746137067-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{82E1477C-B154-48D3-9891-33D83C26BCD3}, Quarantined, [3868300d2e4e5cda785abd3552b003fd],
    PUP.Optional.Delta.A, HKU\S-1-5-21-448539723-746137067-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{82E1477C-B154-48D3-9891-33D83C26BCD3}, Quarantined, [3868300d2e4e5cda785abd3552b003fd],
    PUP.Optional.Iminent.A, HKU\S-1-5-21-448539723-746137067-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, Quarantined, [8b1545f8cdaf58dee758a84b89795ba5],
    PUP.Optional.Iminent.A, HKU\S-1-5-21-448539723-746137067-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, Quarantined, [8b1545f8cdaf58dee758a84b89795ba5],
    PUP.Optional.Delta.A, HKU\S-1-5-21-448539723-746137067-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, Quarantined, [f2ae0c319edeb185ab262fc3a06258a8],
    PUP.Optional.Delta.A, HKU\S-1-5-21-448539723-746137067-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, Quarantined, [f2ae0c319edeb185ab262fc3a06258a8],
    PUP.Optional.Iminent.A, HKU\S-1-5-21-448539723-746137067-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, Quarantined, [ebb5f4496b1152e4ebc2a74cb64c35cb],
    PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, Quarantined, [ebb5f4496b1152e4ebc2a74cb64c35cb],
    PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, Quarantined, [dcc4a9945d1fa78f9088955f738fa060],
    PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, Quarantined, [5d43f34ae69646f088919d57b151f10f],
    PUP.Optional.Spigot, HKU\S-1-5-21-448539723-746137067-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Search Protection, Quarantined, [9b05a19cbac28fa7e7124c68f110b14f],
    PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, Quarantined, [b1ef1924b4c8da5cddaa4332d62d7090],
    PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent, Quarantined, [d8c8db62c2ba93a3a70e9d022bd93bc5],
    PUP.Optional.DataMangr.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DatamngrCoordinator.exe, Quarantined, [dbc592ab601cbd7918414ffe7093f40c],
    PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-448539723-746137067-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, Quarantined, [f2ae98a5126ab284d19b137ba55fa35d],
    PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-448539723-746137067-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Protection, Quarantined, [cbd52f0ea7d53bfb25540070b94afb05],
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-448539723-746137067-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [6c34ef4e2656d5614650363e47bcda26],
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-448539723-746137067-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [c7d9e25bc6b668cedcef3951d52f11ef],
    PUP.Optional.Softonic.A, HKU\S-1-5-21-448539723-746137067-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [dac636078af24fe728b397cc1ee50cf4],

    Registry Values: 5
    Trojan.Kovter, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|{9b2033aa-6333-9e68-b89f-0abfe4a3cb09}, "C:\Documents and Settings\All Users\Application Data\Microsoft\{9b2033aa-6333-9e68-b89f-0abfe4a3cb09}\{9b2033aa-6333-9e68-b89f-0abfe4a3cb09}.exe ", Quarantined, [99075ae36c10a0969403e9fdac558878]
    Trojan.Kovter, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|{9b2033aa-6333-9e68-b89f-0abfe4a3cb09}, "C:\Documents and Settings\All Users\Application Data\Microsoft\{9b2033aa-6333-9e68-b89f-0abfe4a3cb09}\{9b2033aa-6333-9e68-b89f-0abfe4a3cb09}.exe ", Quarantined, [99075ae36c10a0969403e9fdac558878]
    PUP.Optional.Iminent.A, HKU\S-1-5-21-448539723-746137067-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, Quarantined, [ebb5f4496b1152e4ebc2a74cb64c35cb],
    PUP.Optional.Iminent.A, HKU\S-1-5-21-448539723-746137067-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, Quarantined, [f8a86bd2d9a37eb82d8028cb0002db25],
    PUP.Optional.InstallCore.A, HKU\S-1-5-21-448539723-746137067-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0L1N1H2O1S, Quarantined, [c7d9e25bc6b668cedcef3951d52f11ef]

    Registry Data: 2
    Windows.Tool.Disabled, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig, 1, Good: (0), Bad: (1),Replaced,[7a2641fc4339a49242b8ed5d798c2ad6]
    PUM.Hijack.HomePageControl, HKU\S-1-5-21-448539723-746137067-839522115-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|Homepage, 1, Good: (0), Bad: (1),Replaced,[5050d469f28a0e28a0ed3710f31237c9]

    Folders: 5
    PUP.Optional.Iminent.A, C:\Documents and Settings\DAZ\Local Settings\Temp\Iminent, Quarantined, [336da499b1cb1e18564ade29ea199769],
    PUP.Optional.Delta.A, C:\Documents and Settings\DAZ\Local Settings\Temp\mt_ffx\Delta, Quarantined, [0d9394a9e49844f23c680601729140c0],
    PUP.Optional.Delta.A, C:\Documents and Settings\DAZ\Local Settings\Temp\mt_ffx\Delta\delta, Quarantined, [0d9394a9e49844f23c680601729140c0],
    PUP.Optional.Delta.A, C:\Documents and Settings\DAZ\Local Settings\Temp\mt_ffx\Delta\delta\1.8.16.16, Quarantined, [0d9394a9e49844f23c680601729140c0],
    PUP.Optional.Conduit.A, C:\Documents and Settings\DAZ\Local Settings\Temp\CT3319612, Quarantined, [514f63daf48843f3e7139d6a1de6dc24],

    Files: 13
    Trojan.Kovter, C:\Documents and Settings\All Users\Application Data\Microsoft\{9b2033aa-6333-9e68-b89f-0abfe4a3cb09}\{9b2033aa-6333-9e68-b89f-0abfe4a3cb09}.exe, Quarantined, [99075ae36c10a0969403e9fdac558878],
    PUP.Optional.Spigot, C:\Documents and Settings\DAZ\Application Data\Search Protection\SearchProtection.exe, Quarantined, [762a06373d3f82b49e5d2391c43da35d],
    PUP.Optional.Spigot, C:\Documents and Settings\DAZ\Application Data\Search Protection\Uninstall.exe, Quarantined, [9b05a19cbac28fa7e7124c68f110b14f],
    PUP.Optional.OutBrowse, C:\RECYCLER\S-1-5-21-448539723-746137067-839522115-1004\Dc1.exe, Quarantined, [8b15ed502359d660f7804a6dd32f9b65],
    PUP.Optional.Spigot, C:\Documents and Settings\DAZ\Local Settings\Temp\SearchProtectionSetup.exe, Quarantined, [326e55e8c9b3da5c4faa2c883dc49f61],
    PUP.Optional.GenericExt.A, C:\Documents and Settings\DAZ\Local Settings\Temp\igdhbblpcellaljokkpfhcjlagemhgjl1a515487\MinibarChrome.exe, Quarantined, [544c9da0b8c4fc3adc8fcb72ed134cb4],
    PUP.Optional.Delta.A, C:\Documents and Settings\DAZ\Local Settings\Temp\is1275519350\DeltaTB.exe, Quarantined, [524eba83106c6ec84318a27f10f1bf41],
    PUP.Optional.Babylon.A, C:\Documents and Settings\DAZ\Local Settings\Temp\E38204A8-BAB0-7891-B708-3FE2C2E5AEE2\CrxInstaller.dll, Quarantined, [287871ccc7b53df96c9fdc57837ef60a],
    PUP.Optional.Delta.A, C:\Documents and Settings\DAZ\Local Settings\Temp\E38204A8-BAB0-7891-B708-3FE2C2E5AEE2\MyBabylonTB.exe, Quarantined, [356b5fde3844b87eba9084065aa7e11f],
    PUP.Optional.Iminent.A, C:\Documents and Settings\DAZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehhlaekjfiiojlddgndcnefflngfmhen_0.localstorage, Quarantined, [8c141b22afcdd95d13bb2123df2407f9],
    PUP.Optional.Iminent.A, C:\Documents and Settings\DAZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jdkokpcldhneihjdhigfjmoeojkdcbmg_0.localstorage, Quarantined, [8c14211ce399b086d17b490409faf907],
    PUP.Optional.Iminent.A, C:\Documents and Settings\DAZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, Quarantined, [2d73d96469138ea8a6cd293512f16799],
    PUP.Optional.Conduit.A, C:\Documents and Settings\DAZ\Local Settings\Temp\CT3319612\ddt.csf, Quarantined, [514f63daf48843f3e7139d6a1de6dc24],

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    Followed Step 2, Results of Attached

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume3
    Install Date: 05/05/2013 18:22:27
    System Uptime: 19/11/2014 15:12:06 (0 hours ago)
    .
    Motherboard: ASUSTeK COMPUTER INC. | | M5A97 LE R2.0
    Processor: AMD FX(tm)-8320 Eight-Core Processor | Socket 942 | 3511/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 747 GiB total, 357.267 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 466 GiB total, 75.624 GiB free.
    F: is FIXED (NTFS) - 466 GiB total, 52.781 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe Flash Player 15 ActiveX
    Adobe Reader X (10.1.11) MUI
    AI Suite II
    AMD Catalyst Install Manager
    AMD Processor Driver
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Asmedia ASM104x USB 3.0 Host Controller Driver
    ASUS Boot Setting
    ASUS GPU Tweak
    ASUS Product Register Program
    ASUS Update
    AVG 2014
    AVG 2015
    AVG SafeGuard toolbar
    AVS Video Converter 8.5
    CPUID ASUS CPU-Z 1.61
    Disk Unlocker
    FSAutoStart
    Google Chrome
    Google Update Helper
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976002-v5)
    iolo technologies' System Mechanic
    iTunes
    K-Lite Mega Codec Pack 10.4.0
    Malwarebytes Anti-Malware version 2.0.3.1025
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2833941)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
    Nero Burning Core
    Nero Burning ROM
    Nero Burning ROM 2014
    Nero Burning ROM Help (CHM)
    Nero ControlCenter
    Nero ControlCenter Help (CHM)
    Nero Core Components
    Nero SharedVideoCodecs
    Nero Update
    NVIDIA Control Panel 314.22
    NVIDIA Graphics Driver 314.22
    NVIDIA HD Audio Driver 1.3.23.1
    NVIDIA Install Application
    NVIDIA nView 136.53
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.1031
    NVIDIA Update 1.12.12
    NVIDIA Update Components
    Prerequisite installer
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    SeaTools for Windows
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2817183)
    Security Update for Windows Internet Explorer 8 (KB2829530)
    Security Update for Windows Internet Explorer 8 (KB2838727)
    Security Update for Windows Internet Explorer 8 (KB2846071)
    Security Update for Windows Internet Explorer 8 (KB2847204)
    Security Update for Windows Internet Explorer 8 (KB2862772)
    Security Update for Windows Internet Explorer 8 (KB2870699)
    Security Update for Windows Internet Explorer 8 (KB2879017)
    Security Update for Windows Internet Explorer 8 (KB2888505)
    Security Update for Windows Internet Explorer 8 (KB2898785)
    Security Update for Windows Internet Explorer 8 (KB2909210)
    Security Update for Windows Internet Explorer 8 (KB2909921)
    Security Update for Windows Internet Explorer 8 (KB2925418)
    Security Update for Windows Internet Explorer 8 (KB2936068)
    Security Update for Windows Internet Explorer 8 (KB2964358)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB2834904-v2)
    Security Update for Windows Media Player (KB2834904)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219-v2)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135-v2)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB2807986)
    Security Update for Windows XP (KB2808735)
    Security Update for Windows XP (KB2813170)
    Security Update for Windows XP (KB2813345)
    Security Update for Windows XP (KB2820197)
    Security Update for Windows XP (KB2820917)
    Security Update for Windows XP (KB2829361)
    Security Update for Windows XP (KB2834886)
    Security Update for Windows XP (KB2839229)
    Security Update for Windows XP (KB2845187)
    Security Update for Windows XP (KB2847311)
    Security Update for Windows XP (KB2849470)
    Security Update for Windows XP (KB2850851)
    Security Update for Windows XP (KB2850869)
    Security Update for Windows XP (KB2859537)
    Security Update for Windows XP (KB2862152)
    Security Update for Windows XP (KB2862330)
    Security Update for Windows XP (KB2862335)
    Security Update for Windows XP (KB2864063)
    Security Update for Windows XP (KB2868038)
    Security Update for Windows XP (KB2868626)
    Security Update for Windows XP (KB2876217)
    Security Update for Windows XP (KB2876315)
    Security Update for Windows XP (KB2876331)
    Security Update for Windows XP (KB2883150)
    Security Update for Windows XP (KB2892075)
    Security Update for Windows XP (KB2893294)
    Security Update for Windows XP (KB2893984)
    Security Update for Windows XP (KB2898715)
    Security Update for Windows XP (KB2900986)
    Security Update for Windows XP (KB2914368)
    Security Update for Windows XP (KB2916036)
    Security Update for Windows XP (KB2922229)
    Security Update for Windows XP (KB2929961)
    Security Update for Windows XP (KB2930275)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    SpywareBlaster 5.0
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows Internet Explorer 8 (KB2632503)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB2808679)
    Update for Windows XP (KB2863058)
    Update for Windows XP (KB2904266)
    Update for Windows XP (KB2934207)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB973815)
    Viewpoint Media Player
    Visual Studio 2012 x86 Redistributables
    VLC media player
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Search 4.0
    Windows XP Service Pack 3
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    19/11/2014 15:18:06, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
    18/11/2014 17:40:16, error: Service Control Manager [7024] - The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).
    18/11/2014 16:52:07, error: Service Control Manager [7000] - The ASUS Com Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    18/11/2014 16:52:06, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ASUS Com Service service to connect.
    17/11/2014 10:29:57, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
    17/11/2014 10:27:18, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume.
    .
    ==== End Of File ===========================


    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    Results of DSS as follows...

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702
    Run by DAZ at 15:30:40 on 2014-11-19
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2989.2047 [GMT 0:00]
    .
    AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ASUS\AAHM\1.00.20\aaHMSvc.exe
    C:\Program Files\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
    C:\Program Files\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files\Nero\Update\NASvc.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files\ASUS\AI Suite II\AsRoutineController.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
    C:\Program Files\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
    C:\Program Files\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
    C:\Program Files\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
    C:\Program Files\AVG SafeGuard toolbar\vprot.exe
    C:\Program Files\ASUS\AI Suite II\EPU\EPUHelp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ASUS\AI Suite II\AI Suite II.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
    C:\Program Files\ASUS\AXSP\1.00.19\atkexComSvc.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
    uRun: [GPU Tweak Main] c:\program files\asus\gpu tweak\GPUTweak.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [ASUS AI Suite II Execute] c:\program files\asus\ai suite ii\AsRoutineController.exe -open
    mRun: [ASUS EZUpdate] "c:\program files\asus\ai suite ii\easyupdate\EzUpdt.exe" -onlytray
    mRun: [ASUS AiChargerPlus Execute] c:\program files\installshield installation information\{e6931688-da2b-4e16-8539-3d323d69c677}\AiChargerPlus.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [AVG_UI] "c:\program files\avg\avg2015\avgui.exe" /TRAYONLY
    mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe "
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1367778325546
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1367779198828
    DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
    DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} - hxxps://as.photoprintit.com/ips-opdata/activex/ImageUploader6.cab
    DPF: {E55B74AB-0B51-4BAE-A5B5-2531AB5EA4D9} - hxxp://assets.photobox.com/assets/v/9wMLrL7vFWyhXJey6PFIGDYHwIs.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{02055F7C-E008-436A-BD2C-1D5B0C59FEB6} : DHCPNameServer = 192.168.0.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\18.1.9\ViProtocol.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.111\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 ASATAFLT;ASATAFLT;c:\windows\system32\drivers\ASATAFLT.sys [2013-5-5 20768]
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 147736]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 230680]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 98584]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 27416]
    R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2013-5-5 11832]
    R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-9-25 121624]
    R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [2014-6-17 198936]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 21272]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 192792]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 200984]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-12-9 42784]
    R1 VDiskBus;ASUS Disk Unlocker;c:\windows\system32\drivers\VDiskBus32.sys [2012-6-1 37664]
    R2 asComSvc;ASUS Com Service;c:\program files\asus\axsp\1.00.19\atkexComSvc.exe [2013-5-5 920736]
    R2 asHmComSvc;ASUS HM Com Service;c:\program files\asus\aahm\1.00.20\aaHMSvc.exe [2013-5-5 951936]
    R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.13\AsSysCtrlService.exe [2013-5-5 149120]
    R2 AsusFanControlService;AsusFanControlService;c:\program files\asus\asusfancontrolservice\1.01.10\AsusFanControlService.exe [2013-5-5 1475744]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2015\avgidsagent.exe [2014-11-9 3488784]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2015\avgwdsvc.exe [2014-11-9 298080]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-11-19 1871160]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-11-19 968504]
    R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2013-7-18 762192]
    R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files\common files\avg secure search\vtoolbarupdater\18.1.9\ToolbarUpdater.exe [2014-8-12 1820184]
    R3 AiChargerPlus;AiChargerPlus;c:\windows\system32\drivers\AiChargerPlus.sys [2013-5-5 13952]
    R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2013-5-5 102888]
    R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2013-5-5 313832]
    R3 ASUSFILTER;ASUSFILTER;c:\windows\system32\drivers\ASUSFILTER.sys [2013-5-5 37448]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-19 23256]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-19 114904]
    R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2013-5-5 43392]
    R4 IOMap;IOMap;\??\c:\windows\system32\drivers\iomap.sys --> c:\windows\system32\drivers\IOMap.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2013-5-5 1691480]
    S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-28 25112]
    S3 NVFLASH;NVFLASH;c:\windows\system32\drivers\nvflash.sys [2014-6-14 12864]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
    .
    =============== Created Last 30 ================
    .
    2014-11-19 14:26:01 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-11-19 14:24:43 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-11-19 14:24:43 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-11-19 14:24:42 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-11-19 14:24:42 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2014-11-18 18:03:17 -------- d-----w- c:\documents and settings\daz\application data\AVG2015
    2014-11-18 17:28:26 -------- d-----w- c:\documents and settings\daz\local settings\application data\Avg
    2014-11-18 17:27:40 -------- d-----w- c:\documents and settings\all users\application data\AVG2015
    2014-11-18 17:18:05 -------- d-----w- c:\documents and settings\daz\local settings\application data\Avg2015
    2014-11-18 17:11:11 -------- d-----w- c:\documents and settings\daz\local settings\application data\Avg2013
    2014-11-06 22:01:50 -------- d-----w- c:\documents and settings\all users\application data\Avg_Update_1114tb
    .
    ==================== Find3M ====================
    .
    2014-10-29 21:35:14 198936 ----a-w- c:\windows\system32\drivers\avgidsdriverlx.sys
    2014-10-10 14:13:58 200984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2014-09-28 07:49:47 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-09-28 07:49:44 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-08-28 20:43:36 192792 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    .
    ============= FINISH: 15:31:48.35 ===============

    I Still get the same message when i try and open AVG any ideas on a fix,

    Thanks

    Darren
     
  5. 2014/11/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan ".
    • When the scan is finished and no malware has been found select "Exit ".
    • If malware was detected, make sure to check all the items and click "Cleanup ". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt "
      • "system-log.txt "
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes icon in the system tray and click on Exit.
     
  6. 2014/11/19
    Dazzaboy

    Dazzaboy Inactive Thread Starter

    Joined:
    2014/11/18
    Messages:
    33
    Likes Received:
    0
    Hello, And once again thanks for replying, I download and ran Step 1, It went throw its scan stage and loaded up a webpage with

    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    If you land here from RogueKiller…
    …This is because RogueKiller has detected a Kernel filter. Don’t panic. Most of the time, they are made by legit drivers to filter IRPs. This method is in the best practices, and is widely used. RogueKiller watches a few sensitive drivers (keyboard, disk, atapi, …) and lists the kernel filters attached to them.

    However, most of these drivers are whitelisted in RogueKiller, so either the driver is not known (please verify by typing it on Google, -example: klif.sys = Kaspersky-) or the module is a real malware (if you didn’t find anything on it on Google, or worst, you found bad things), or because the module has not been identified (shellcoded outside of any module), the module is named “Unknown”. In this last case, If nothing else has been found by RogueKiller, just skip it.

    Another thing to know is it’s USELESS in most of the cases to remove a filter, because if you’re able to restore it, it will be back at reboot. You have to target the persistence item instead (registry key, patched file, …). In RogueKiller, Kernel filters are just listed for diagnostic and will not be restored.

    ++++++++++++++++++++++++++++++++++++++++++++++++++++++

    It did go on and on but i thought that would make more sence? Anyways clicked on "Delete" then "Report" as Follows

    RogueKiller V10.0.6.0 [Nov 13 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : DAZ [Administrator]
    Mode : Delete -- Date : 11/19/2014 22:10:56

    ¤¤¤ Processes : 1 ¤¤¤
    [PUP] (SVC) vToolbarUpdater18.1.9 -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe[7] -> Stopped

    ¤¤¤ Registry : 27 ¤¤¤
    [PUP] HKEY_CLASSES_ROOT\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -> Not selected
    [PUP] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} -> Not selected
    [PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Not selected
    [PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | vProt : "C:\Program Files\AVG SafeGuard toolbar\vprot.exe" -> Not selected
    [PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vToolbarUpdater18.1.9 (C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Not selected
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr (\??\C:\DOCUME~1\DAZ\LOCALS~1\Temp\mbr.sys) -> Not selected
    [PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vToolbarUpdater18.1.9 (C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Not selected
    [Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr (\??\C:\DOCUME~1\DAZ\LOCALS~1\Temp\mbr.sys) -> Not selected
    [PUP] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vToolbarUpdater18.1.9 (C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Not selected
    [PUM.HomePage] HKEY_USERS\S-1-5-21-448539723-746137067-839522115-1004\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.aol.co.uk/ -> Not selected
    [PUM.Desktop] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore | DisableSR : 1 -> Not selected
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-448539723-746137067-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Not selected
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-448539723-746137067-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2 -> Not selected
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-448539723-746137067-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2 -> Not selected
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-448539723-746137067-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 2 -> Not selected
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-448539723-746137067-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 2 -> Not selected
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-448539723-746137067-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Not selected
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-448539723-746137067-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2 -> Not selected
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
    [Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP2T1L0-22 : \Driver\ASATAFLT @ Unknown (ASATAFLT.sys)

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: SAMSUNG HD501LJ +++++
    --- User ---
    [MBR] 28d5c0d76dcc74dc9d3e8a4126198151
    [BSP] 72db9dcee2f93c7139de9c1b0002be0a : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 16065 | Size: 476929 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: SAMSUNG HD501LJ +++++
    --- User ---
    [MBR] a0bae78e107fe813b3cb6c98d36f6009
    [BSP] a146690564459edccaf3ae6bf73bcd3e : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 16065 | Size: 476929 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive2: WDC WD30EZRX-00DC0B0 +++++
    --- User ---
    [MBR] 836ce33260de132d35c6fd3fa441bdea
    [BSP] ee5a4dc29225f628c3ae75e3ef7ff2b8 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 764420 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_11192014_220743.log - RKreport_DEL_11192014_221049.log

    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    Trying to do create a system restore i recieve the following message


    System Restore has been turned off by group policy. To turn on system Restore, Contact your domain Administrator


    There for im working on sorting this out for the moment and will post when ive managed to find the "More Information" Section???

    Ill post back with a update if i can find it or not lol

    Thanks

    Darren
     
  7. 2014/11/19
    Dazzaboy

    Dazzaboy Inactive Thread Starter

    Joined:
    2014/11/18
    Messages:
    33
    Likes Received:
    0
    (My Message that needs approveing when approved will be above this one)

    But in responce to my previous post, I cant seem to create a system restore, And i cant seem to see the more information part on that thread, Any ideas? I didnt wanna go any further without waiting for a responce back from you, I have admin rights so im a little confused.

    Thanks

    Darren
     
  8. 2014/11/19
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Skip restore point.
     
  9. 2014/11/20
    Dazzaboy

    Dazzaboy Inactive Thread Starter

    Joined:
    2014/11/18
    Messages:
    33
    Likes Received:
    0
    "Scan Finished: No Malware Found! "

    System Log as follows:


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.1.1001

    (c) Malwarebytes Corporation 2011-2012




    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
    CPU speed: 3.511000 GHz
    Memory total: 3134386176, free: 1263730688

    Downloaded database version: v2014.11.19.07
    Downloaded database version: v2014.11.18.01
    =======================================
    Initializing...
    This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.08.1.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
    CPU speed: 3.511000 GHz
    Memory total: 3134386176, free: 1570234368

    Initializing...
    =======================================
    ------------ Kernel report ------------
    11/19/2014 22:48:48
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntkrnlpa.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    guph.sys
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    MountMgr.sys
    ftdisk.sys
    ACPIEC.sys
    \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    PartMgr.sys
    ASATAFLT.sys
    VolSnap.sys
    atapi.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    Mup.sys
    avgrkx86.sys
    avglogx.sys
    avgmfx86.sys
    avgidshx.sys
    \SystemRoot\system32\DRIVERS\nv4_mini.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rtenicxp.sys
    \SystemRoot\system32\drivers\AiChargerPlus.sys
    \SystemRoot\system32\DRIVERS\asmtxhci.sys
    \SystemRoot\system32\DRIVERS\usbfilter.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\drivers\cmudax3.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\AmdPPM.sys
    \SystemRoot\system32\DRIVERS\VDiskBus32.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\nvhda32.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\drivers\RtkHDAud.sys
    \SystemRoot\system32\DRIVERS\asmthub3.sys
    \SystemRoot\system32\drivers\ASUSFILTER.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\WINDOWS\system32\drivers\avgtpx86.sys
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\system32\DRIVERS\avgtdix.sys
    \SystemRoot\system32\DRIVERS\ipnat.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\avgldx86.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\avgidsshimx.sys
    \SystemRoot\system32\DRIVERS\avgidsdriverlx.sys
    \SystemRoot\system32\DRIVERS\avgdiskx.sys
    \SystemRoot\system32\drivers\AsUpIO.sys
    \SystemRoot\system32\drivers\AsIO.sys
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\nv4_disp.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\mrxdav.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \??\C:\WINDOWS\system32\drivers\IOMap.sys
    \SystemRoot\system32\DRIVERS\ipfltdrv.sys
    \??\C:\DOCUME~1\DAZ\LOCALS~1\Temp\mbr.sys
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xffffffff8acf1ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP2T1L0-22\
    Lower Device Object: 0xffffffff8ad49b00
    Lower Device Driver Name: \Driver\atapi\
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xffffffff8ad44ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP1T1L0-e\
    Lower Device Object: 0xffffffff8ad4ed98
    Lower Device Driver Name: \Driver\atapi\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff8ad45ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-6\
    Lower Device Object: 0xffffffff8ad50d98
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 2, DevicePointer: 0xffffffff8acf1ab8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8ad43bd8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8acf1ab8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8ad44958, DeviceName: Unknown, DriverName: \Driver\ASATAFLT\
    DevicePointer: 0xffffffff8ad49b00, DeviceName: \Device\Ide\IdeDeviceP2T1L0-22\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff8ad45ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8acf49b0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8ad45ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8add09e8, DeviceName: \Device\0000006e\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8ad50d98, DeviceName: \Device\Ide\IdeDeviceP1T0L0-6\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 6F22CB51

    Partition information:

    Partition 0 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 16065 Numsec = 976752000

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xffffffff8ad44ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8acf2e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8ad44ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff8ad868a8, DeviceName: \Device\0000006f\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8ad4ed98, DeviceName: \Device\Ide\IdeDeviceP1T1L0-e\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: EFD6AD91

    Partition information:

    Partition 0 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 16065 Numsec = 976752000

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Done!
    Drive 2
    This is a System drive
    Scanning MBR on drive 2...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: ABF5ABF5

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 1565534187
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 2199023255040 bytes
    Sector size: 512 bytes

    Done!
    File "c:\documents and settings\all users\application data\avg2015\chjw\80588f15588f095c.dat:7edcbd18-a0a0-4a1d-90bd-185a1d44915d" is sparse (flags = 32768)
    File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg2015\log\avgcfg.log.1" is compressed (flags = 1)
    File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg2015\log\avgcore.log.1" is compressed (flags = 1)
    Scan finished

    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


    Im afraid i found that file to open and copy however the other you ask

    "mbar-log-{date} (xx-xx-xx).txt"

    I cant find anything like that in the folder?
     
  10. 2014/11/20
    Dazzaboy

    Dazzaboy Inactive Thread Starter

    Joined:
    2014/11/18
    Messages:
    33
    Likes Received:
    0
    LOL, Swear soon as i closed the app it showed it self,

    Malwarebytes Anti-Rootkit BETA 1.08.1.1001
    www.malwarebytes.org

    Database version: v2014.11.19.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    DAZ :: DAZ-0E6916DD309 [administrator]

    19/11/2014 22:49:07
    mbar-log-2014-11-19 (22-49-07).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 345075
    Time elapsed: 3 hour(s), 36 minute(s), 23 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)

    Thanks

    Darren
     
  11. 2014/11/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  12. 2014/11/20
    Dazzaboy

    Dazzaboy Inactive Thread Starter

    Joined:
    2014/11/18
    Messages:
    33
    Likes Received:
    0
    Ok haveing a few problems. I tryed to close down AVG (Its not in my toolbar) so tryed "Task manger" Way, Click on and "End Process" All i get is "Access Denied" messages, I tryed going into "Add/Remove programs" And when i cliked on it it auto removed it from list thought hmm ok must be done clicked on that program and detected it was running said close it so ive just downloaded the AVG removal tool that says it may need a number of reboots to remove AVG and had to close that program "Combofix" down as there no way of exit it as soon as it hit the "Blue screen" I hope i havent messed my computer up but there was no way when you click on the "X" to close the program down, Im about to run the AVG tool and hopefully remove it so i can hopefully fingers crossed run the program again, So im going to give it a go and report back thought ill just update you if i havent messed my computer up.

    Thanks for you help again.

    Darren
     
  13. 2014/11/20
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Always read my instructions carefully.
    You were supposed to uninstall AVG prior to running Combofix.

    Restart computer manually (power button).
    Uninstall AVG using AppRemover.
    Run Combofix.
     
  14. 2014/11/20
    Dazzaboy

    Dazzaboy Inactive Thread Starter

    Joined:
    2014/11/18
    Messages:
    33
    Likes Received:
    0
    Mate, Seriously, I did, I downloaded and ran "App Remover" after i unistalled it (Well it deleted itself from Add/Remove) And it didnt show it on the list i swear... But i was stupid enough to belive it uninstalled, Anyways appoiligise, After running that AVG Removal tool i downloaded after a few reboots it removed AVG fully.

    I then Ran "Combo Fix" again, All worked however it said i never had some microsoft recovery tool, Downloaded it and "Combo Fix" finally ran, It opened up this log so im guessing this is what you are after

    +++++++++++++++++++++++++++++++++++++++++++++++++++++++

    ComboFix 14-11-18.01 - DAZ 20/11/2014 23:03:04.1.8 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2989.2170 [GMT 0:00]
    Running from: c:\documents and settings\DAZ\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\RAIDTest
    c:\documents and settings\DAZ\Templates\1028.msi
    c:\documents and settings\DAZ\Templates\1031.msi
    c:\documents and settings\DAZ\Templates\1033.msi
    c:\documents and settings\DAZ\Templates\1036.msi
    c:\documents and settings\DAZ\Templates\1041.msi
    c:\documents and settings\DAZ\Templates\2052.msi
    c:\windows\system32\Cache
    c:\windows\system32\Cache\075884af680ff6dc.fb
    c:\windows\system32\Cache\160ae7d8e4de3c17.fb
    c:\windows\system32\Cache\1b9321c9cae093d8.fb
    c:\windows\system32\Cache\227113dfa1ca894d.fb
    c:\windows\system32\Cache\49fbbc5a8678d502.fb
    c:\windows\system32\Cache\613e8ce7ab7106af.fb
    c:\windows\system32\Cache\633a76311867bd11.fb
    c:\windows\system32\Cache\691f14230153a9e1.fb
    c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
    c:\windows\system32\Cache\6d1f4219a451b113.fb
    c:\windows\system32\Cache\7614bd6cfa99e546.fb
    c:\windows\system32\Cache\77664b6ccc36be9f.fb
    c:\windows\system32\Cache\832ec4d449181b85.fb
    c:\windows\system32\Cache\881b3593316772f0.fb
    c:\windows\system32\Cache\9295e26476b4074a.fb
    c:\windows\system32\Cache\98657d0579ae1930.fb
    c:\windows\system32\Cache\99cb9d38e1ff6b07.fb
    c:\windows\system32\Cache\9eff61cac1e03070.fb
    c:\windows\system32\Cache\a56495aada9f0591.fb
    c:\windows\system32\Cache\c2dfae909924c436.fb
    c:\windows\system32\Cache\c4e10d1be905349b.fb
    c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
    c:\windows\system32\Cache\d9ca663388d21ec0.fb
    c:\windows\system32\Cache\f2cda51fd108941f.fb
    c:\windows\system32\Cache\f34d8db84131d925.fb
    .
    c:\windows\system32\drivers\i8042prt.sys was missing
    Restored copy from - c:\windows\ServicePackFiles\i386\i8042prt.sys
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-10-20 to 2014-11-20 )))))))))))))))))))))))))))))))
    .
    .
    2014-11-20 23:20 . 2010-03-05 09:49 33280 ----a-w- c:\windows\system32\drivers\IOMap.sys
    2014-11-20 23:10 . 2008-04-13 23:48 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
    2014-11-20 23:10 . 2008-04-13 23:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
    2014-11-19 22:48 . 2014-11-20 06:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2014-11-19 21:59 . 2014-11-19 21:59 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-11-19 21:59 . 2014-11-19 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\RogueKiller
    2014-11-19 14:26 . 2014-11-20 23:20 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-11-19 14:24 . 2014-11-19 22:43 55000 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-11-19 14:24 . 2014-10-01 11:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-11-19 14:24 . 2014-11-19 14:25 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-11-19 14:24 . 2014-11-19 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2014-11-18 17:28 . 2014-11-18 17:28 -------- d-----w- c:\documents and settings\DAZ\Local Settings\Application Data\Avg
    2014-11-11 13:03 . 2014-11-11 13:13 -------- d-----w- c:\documents and settings\DAZ\Application Data\U3
    2014-11-06 22:01 . 2014-11-06 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg_Update_1114tb
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-09-28 07:49 . 2013-08-30 19:43 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-09-28 07:49 . 2013-08-30 19:43 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GPU Tweak Main "= "c:\program files\ASUS\GPU Tweak\GPUTweak.exe" [2012-09-27 2886144]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ASUS AI Suite II Execute "= "c:\program files\ASUS\AI Suite II\AsRoutineController.exe" [2012-03-13 2935424]
    "ASUS EZUpdate "= "c:\program files\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe" [2012-10-29 1405312]
    "ASUS AiChargerPlus Execute "= "c:\program files\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2012-08-20 550272]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2013-03-15 15668512]
    "NvMediaCenter "= "NvMCTray.dll" [2013-03-15 223008]
    "nwiz "= "c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-03-15 1982312]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\ASUS\\AI Suite II\\AI Suite II.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe "=
    "c:\\Documents and Settings\\DAZ\\Application Data\\uTorrent\\uTorrent.exe "=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\Documents and Settings\\DAZ\\Application Data\\uTorrent\\updates\\3.4.1_31139.exe "=
    "c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe "=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP "= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R0 ASATAFLT;ASATAFLT;c:\windows\system32\drivers\ASATAFLT.sys [05/05/2013 18:19 20768]
    R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [05/05/2013 18:13 11832]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [09/12/2013 10:18 42784]
    R1 VDiskBus;ASUS Disk Unlocker;c:\windows\system32\drivers\VDiskBus32.sys [01/06/2012 09:03 37664]
    R2 asComSvc;ASUS Com Service;c:\program files\ASUS\AXSP\1.00.19\atkexComSvc.exe [05/05/2013 18:11 920736]
    R2 asHmComSvc;ASUS HM Com Service;c:\program files\ASUS\AAHM\1.00.20\aaHMSvc.exe [05/05/2013 18:11 951936]
    R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [05/05/2013 18:12 149120]
    R2 AsusFanControlService;AsusFanControlService;c:\program files\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [05/05/2013 18:13 1475744]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [19/11/2014 14:24 1871160]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [19/11/2014 14:24 968504]
    R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [18/07/2013 16:39 762192]
    R3 AiChargerPlus;AiChargerPlus;c:\windows\system32\drivers\AiChargerPlus.sys [05/05/2013 18:13 13952]
    R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [05/05/2013 18:10 102888]
    R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [05/05/2013 18:10 313832]
    R3 ASUSFILTER;ASUSFILTER;c:\windows\system32\drivers\ASUSFILTER.sys [05/05/2013 18:14 37448]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19/11/2014 14:24 23256]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [19/11/2014 14:26 114904]
    R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [05/05/2013 18:01 43392]
    R4 IOMap;IOMap;\??\c:\windows\system32\drivers\IOMap.sys --> c:\windows\system32\drivers\IOMap.sys [?]
    S2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [?]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [05/05/2013 18:03 1691480]
    S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [28/07/2010 23:25 25112]
    S3 NVFLASH;NVFLASH;c:\windows\system32\drivers\nvflash.sys [14/06/2014 09:01 12864]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-11-20 21:19 1087304 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.65\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-05-05 19:08]
    .
    2014-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-05-05 19:08]
    .
    2014-11-20 c:\windows\Tasks\User_Feed_Synchronization-{DFABA57F-53B4-4C7E-893A-08FE3AD6616A}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://mysearch.avg.com?cid={50968728-5561-4680-96CF-07F4D4C7DF60}&mid=Unknown&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-09 10:18&v=18.1.9.799&pid=safeguard&sg=0&sap=hp
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    TCP: DhcpNameServer = 192.168.0.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
    DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} - hxxps://as.photoprintit.com/ips-opdata/activex/ImageUploader6.cab
    DPF: {E55B74AB-0B51-4BAE-A5B5-2531AB5EA4D9} - hxxp://assets.photobox.com/assets/v/9wMLrL7vFWyhXJey6PFIGDYHwIs.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    HKLM-Run-vProt - c:\program files\AVG SafeGuard toolbar\vprot.exe
    MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-11-20 23:20
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker6 "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(1760)
    c:\windows\system32\WININET.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Common Files\Nero\NeroShellExt\NeroShellExt.dll
    c:\program files\Common Files\Nero\NeroShellExt\SolutionExplorer.dll
    c:\program files\WinRAR\rarext.dll
    c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Malwarebytes Anti-Malware\mbam.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    c:\windows\system32\SearchIndexer.exe
    c:\windows\system32\RunDLL32.exe
    c:\program files\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
    c:\program files\ASUS\AI Suite II\EPU\EPUHelp.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\ASUS\AI Suite II\AI Suite II.exe
    c:\program files\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
    .
    **************************************************************************
    .
    Completion time: 2014-11-20 23:27:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2014-11-20 23:27
    .
    Pre-Run: 384,675,221,504 bytes free
    Post-Run: 387,289,763,840 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug= "do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
    .
    - - End Of File - - DB2DF2DFF4EAFD6DD5B36E40D195742B
    8F558EB6672622401DA993E1E865C861


    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    Just to make you clear, Im now running without any kind of Antivirus software as i had to get AVG Removal tool to remove it because it wouldnt let me shut it down or access it to shut it down, Do you want me to reinstall it, It seems to run in the background, It doesnt show me in taskbar but task manger shows the programs in there, Even though i cant access it?

    I didnt wanna do anything intill you reply now for further actions

    Thanks Again Darren
     
  15. 2014/11/21
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yes, you can reinstall AVG now.

    Then...

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  16. 2014/11/22
    Dazzaboy

    Dazzaboy Inactive Thread Starter

    Joined:
    2014/11/18
    Messages:
    33
    Likes Received:
    0
    Hi Broni, Thanks again for your reply, Just to make a few things clear, I was going to reinstall AVG Like you suggested, However when you stated in step 2 to download and run "JunkWare" i knew if it was like last time id be unable to close down, open, Disable, Remove AVG as access to it has been denied, so as of yet i have no Antivirus program installed,

    Results from Junkaware as follows



    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-11-2014
    Ran by DAZ (administrator) on DAZ-0E6916DD309 on 22-11-2014 09:24:11
    Running from C:\Documents and Settings\DAZ\Desktop
    Loaded Profiles: DAZ & UpdatusUser (Available profiles: DAZ & UpdatusUser)
    Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    () C:\Program Files\ASUS\AXSP\1.00.19\atkexComSvc.exe
    (ASUSTeK Computer Inc.) C:\Program Files\ASUS\AAHM\1.00.20\aaHMSvc.exe
    (ASUSTeK Computer Inc.) C:\Program Files\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
    (ASUSTeK Computer Inc.) C:\Program Files\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    (Nero AG) C:\Program Files\Nero\Update\NASvc.exe
    (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
    (ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\AsRoutineController.exe
    () C:\Program Files\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
    (ASUSTek Computer Inc.) C:\Program Files\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
    (ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
    (ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\EPU\EPUHelp.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
    (ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\AI Suite II.exe
    (ASUSTeK Computer Inc.) C:\Program Files\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [ASUS AI Suite II Execute] => C:\Program Files\ASUS\AI Suite II\AsRoutineController.exe [2935424 2012-03-13] (ASUSTeK Computer Inc.)
    HKLM\...\Run: [ASUS EZUpdate] => C:\Program Files\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe [1405312 2012-10-29] ()
    HKLM\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
    HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
    HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1982312 2013-03-15] ()
    HKLM Group Policy restriction on software: C:\Program Files\AVG\AVG2014 <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\AVG\ <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
    HKU\S-1-5-21-448539723-746137067-839522115-1004\...\Run: [GPU Tweak Main] => C:\Program Files\ASUS\GPU Tweak\GPUTweak.exe [2886144 2012-09-27] (ASUS)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-448539723-746137067-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    URLSearchHook: [S-1-5-21-448539723-746137067-839522115-1005] ATTENTION ==> Default URLSearchHook is missing.
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
    SearchScopes: HKU\S-1-5-21-448539723-746137067-839522115-1004 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
    SearchScopes: HKU\S-1-5-21-448539723-746137067-839522115-1004 -> {04D223EA-4721-4144-A891-46EB97E3455B} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-448539723-746137067-839522115-1004 -> {750EECEE-A5D8-48C5-91AC-16F3CC0CC1F0} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
    Toolbar: HKU\S-1-5-21-448539723-746137067-839522115-1004 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    Toolbar: HKU\S-1-5-21-448539723-746137067-839522115-1004 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
    Toolbar: HKU\S-1-5-21-448539723-746137067-839522115-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1367778325546
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1367779198828
    DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/downl...584-842756A66467/MicrosoftDownloadManager.cab
    DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} https://as.photoprintit.com/ips-opdata/activex/ImageUploader6.cab
    DPF: {E55B74AB-0B51-4BAE-A5B5-2531AB5EA4D9} http://assets.photobox.com/assets/v/9wMLrL7vFWyhXJey6PFIGDYHwIs.cab
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
    ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-05-05]

    Chrome:
    =======
    CHR HomePage: Default -> https://mysearch.avg.com?cid={50968728-5561-4680-96CF-07F4D4C7DF60}&mid=Unknown&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-09 10:18:46&v=18.1.9.799&pid=safeguard&sg=0&sap=hp
    CHR StartupUrls: Default -> "https://mysearch.avg.com?cid={50968728-5561-4680-96CF-07F4D4C7DF60}&mid=Unknown&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-09 10:18:46&v=18.1.9.799&pid=safeguard&sg=0&sap=hp "
    CHR DefaultSearchKeyword: Default -> mysearch.avg.com__
    CHR DefaultSearchURL: Default -> https://mysearch.avg.com/search?cid={50968728-5561-4680-96CF-07F4D4C7DF60}&mid=Unknown&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-09 10:18:46&v=18.1.9.799&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
    CHR DefaultNewTabURL: Default -> https://mysearch.avg.com/chroment?espv=2&cid={50968728-5561-4680-96CF-07F4D4C7DF60}&mid=Unknown&lang=en&ds=AVG&pr=fr&d=2013-12-09 10:18:46&v=18.1.9.799&pid=safeguard&sg=0
    CHR DefaultSuggestURL: Default -> http://toolbar.avg.com/acp?q={searchTerms}&o=1
    CHR Profile: C:\Documents and Settings\DAZ\Local Settings\Application Data\Google\Chrome\User Data\Default
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\DAZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-05]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\DAZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-06]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 asComSvc; C:\Program Files\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
    R2 asHmComSvc; C:\Program Files\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
    R2 AsSysCtrlService; C:\Program Files\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
    R2 AsusFanControlService; C:\Program Files\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [1475744 2012-05-25] (ASUSTeK Computer Inc.)
    R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
    R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [762192 2013-07-18] (Nero AG)
    S2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AiChargerPlus; C:\WINDOWS\System32\drivers\AiChargerPlus.sys [13952 2012-04-19] (ASUSTek Computer Inc.)
    S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-17] (Creative)
    R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
    R0 ASATAFLT; C:\WINDOWS\System32\Drivers\ASATAFLT.sys [20768 2012-06-01] (ASUSTeK Computer Inc.)
    R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [14720 2012-08-22] ()
    R3 asmthub3; C:\WINDOWS\System32\DRIVERS\asmthub3.sys [102888 2011-11-03] (ASMedia Technology Inc)
    R3 asmtxhci; C:\WINDOWS\System32\DRIVERS\asmtxhci.sys [313832 2011-11-03] (ASMedia Technology Inc)
    R1 AsUpIO; C:\WINDOWS\System32\drivers\AsUpIO.sys [11832 2012-09-14] ()
    R3 ASUSFILTER; C:\WINDOWS\System32\drivers\ASUSFILTER.sys [37448 2011-09-20] (MCCI Corporation)
    R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-08-12] (AVG Technologies)
    R3 cmuda3; C:\WINDOWS\System32\drivers\cmudax3.sys [1519424 2008-12-04] (C-Media Inc)
    S3 ivusb; C:\WINDOWS\System32\DRIVERS\ivusb.sys [25112 2010-07-28] (Initio Corporation)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-20] (Malwarebytes Corporation)
    S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-17] (Creative Technology Ltd.)
    S3 NVFLASH; C:\WINDOWS\system32\drivers\nvflash.sys [12864 2012-03-10] ()
    R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [128440 2012-12-19] (NVIDIA Corporation)
    R1 VDiskBus; C:\WINDOWS\System32\DRIVERS\VDiskBus32.sys [37664 2012-06-01] (ASUSTeK Computer Inc.)
    R3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S4 IntelIde; No ImagePath
    R4 IOMap; \??\C:\WINDOWS\system32\drivers\IOMap.sys [X]
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    U3 TlntSvr; No ImagePath
    S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
    U3 mbr; \??\C:\DOCUME~1\DAZ\LOCALS~1\Temp\mbr.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-22 09:24 - 2014-11-22 09:24 - 00013559 _____ () C:\Documents and Settings\DAZ\Desktop\FRST.txt
    2014-11-22 09:23 - 2014-11-22 09:24 - 00000000 ____D () C:\FRST
    2014-11-22 09:22 - 2014-11-22 09:22 - 00002463 _____ () C:\Documents and Settings\DAZ\Desktop\JRT.txt
    2014-11-22 09:20 - 2014-11-22 09:20 - 00000000 ____D () C:\WINDOWS\ERUNT
    2014-11-21 23:42 - 2014-11-21 23:42 - 01108992 _____ (Farbar) C:\Documents and Settings\DAZ\Desktop\FRST.exe
    2014-11-21 23:41 - 2014-11-21 23:41 - 01707532 _____ (Thisisu) C:\Documents and Settings\DAZ\Desktop\JRT.exe
    2014-11-21 23:40 - 2014-11-21 23:40 - 06220854 _____ () C:\Documents and Settings\DAZ\Desktop\22222222222.bmp
    2014-11-20 23:27 - 2014-11-22 09:24 - 00000000 ____D () C:\Documents and Settings\DAZ\Local Settings\temp
    2014-11-20 23:27 - 2014-11-20 23:27 - 00014204 _____ () C:\ComboFix.txt
    2014-11-20 23:27 - 2014-11-20 23:27 - 00000000 ____D () C:\Documents and Settings\UpdatusUser\Local Settings\temp
    2014-11-20 23:27 - 2014-11-20 23:27 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
    2014-11-20 23:27 - 2014-11-20 23:27 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
    2014-11-20 23:27 - 2014-11-20 23:27 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
    2014-11-20 23:10 - 2008-04-13 23:48 - 00052480 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\i8042prt.sys
    2014-11-20 23:10 - 2008-04-13 23:48 - 00052480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
    2014-11-20 23:00 - 2014-11-20 23:00 - 00000000 _RSHD () C:\cmdcons
    2014-11-20 23:00 - 2014-05-28 10:40 - 00000223 _____ () C:\Boot.bak
    2014-11-20 23:00 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
    2014-11-20 22:59 - 2014-11-20 22:59 - 06220854 _____ () C:\Documents and Settings\DAZ\Desktop\untitled222.bmp
    2014-11-20 22:55 - 2014-11-20 23:27 - 00000000 ____D () C:\ComboFix
    2014-11-20 22:38 - 2011-06-26 06:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
    2014-11-20 22:38 - 2010-11-07 17:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
    2014-11-20 22:38 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
    2014-11-20 22:38 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
    2014-11-20 22:38 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
    2014-11-20 22:38 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
    2014-11-20 22:38 - 2000-08-31 00:00 - 00098816 _____ () C:\WINDOWS\sed.exe
    2014-11-20 22:38 - 2000-08-31 00:00 - 00080412 _____ () C:\WINDOWS\grep.exe
    2014-11-20 22:38 - 2000-08-31 00:00 - 00068096 _____ () C:\WINDOWS\zip.exe
    2014-11-20 22:37 - 2014-11-20 22:51 - 00707440 _____ () C:\Documents and Settings\DAZ\Desktop\avgremover.log
    2014-11-20 22:37 - 2014-11-20 22:37 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Documents and Settings\DAZ\Desktop\avg_remover_stf_x86_2015_5501.exe
    2014-11-20 22:36 - 2014-11-20 23:27 - 00000000 ____D () C:\Qoobox
    2014-11-20 22:35 - 2014-11-20 23:24 - 00000000 ____D () C:\WINDOWS\erdnt
    2014-11-20 22:32 - 2014-11-20 22:32 - 11828872 _____ (OPSWAT, Inc.) C:\Documents and Settings\DAZ\Desktop\AppRemover.exe
    2014-11-20 22:26 - 2014-11-20 22:26 - 06220854 _____ () C:\Documents and Settings\DAZ\Desktop\untitled111.bmp
    2014-11-20 22:26 - 2014-11-20 22:26 - 05598306 ____R (Swearware) C:\Documents and Settings\DAZ\Desktop\ComboFix.exe
    2014-11-19 22:48 - 2014-11-20 06:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
    2014-11-19 22:43 - 2014-11-20 06:50 - 00000000 ____D () C:\Documents and Settings\DAZ\Desktop\mbar
    2014-11-19 22:03 - 2014-11-19 22:03 - 14439696 _____ (Malwarebytes Corp.) C:\Documents and Settings\DAZ\Desktop\mbar-1.08.1.1001.exe
    2014-11-19 21:59 - 2014-11-19 21:59 - 14678104 _____ () C:\Documents and Settings\DAZ\Desktop\RogueKiller.exe
    2014-11-19 21:59 - 2014-11-19 21:59 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
    2014-11-19 21:59 - 2014-11-19 21:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
    2014-11-19 15:32 - 2014-11-19 15:32 - 00013812 _____ () C:\Documents and Settings\DAZ\Desktop\attach1.txt
    2014-11-19 15:32 - 2014-11-19 15:32 - 00011380 _____ () C:\Documents and Settings\DAZ\Desktop\dds1.txt
    2014-11-19 15:31 - 2014-11-19 15:31 - 00013812 _____ () C:\Documents and Settings\DAZ\Desktop\attach.txt
    2014-11-19 15:31 - 2014-11-19 15:31 - 00011380 _____ () C:\Documents and Settings\DAZ\Desktop\dds.txt
    2014-11-19 15:30 - 2014-11-19 15:30 - 00688992 ____R (Swearware) C:\Documents and Settings\DAZ\Desktop\dds.com
    2014-11-19 15:22 - 2014-11-19 15:22 - 00010139 _____ () C:\Documents and Settings\DAZ\Desktop\Recent Scan.txt
    2014-11-19 14:26 - 2014-11-20 23:44 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-11-19 14:25 - 2014-11-19 14:25 - 00000788 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2014-11-19 14:25 - 2014-11-19 14:25 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-11-19 14:24 - 2014-11-19 22:43 - 00055000 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-11-19 14:24 - 2014-11-19 14:25 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-11-19 14:24 - 2014-11-19 14:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2014-11-19 14:24 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2014-11-19 14:23 - 2014-11-19 14:23 - 19828376 _____ (Malwarebytes Corporation ) C:\Documents and Settings\DAZ\Desktop\mbam-setup-2.0.3.1025.exe
    2014-11-18 20:16 - 2014-11-18 20:17 - 31562952 _____ (Microsoft Corporation) C:\Documents and Settings\DAZ\Desktop\Windows-KB890830-V5.18.exe
    2014-11-18 17:28 - 2014-11-18 17:28 - 00000000 ____D () C:\Documents and Settings\DAZ\Local Settings\Application Data\Avg
    2014-11-18 17:16 - 2014-11-18 17:16 - 04637504 _____ (AVG Technologies) C:\Documents and Settings\DAZ\Desktop\avg_free_stb_all_2015_5557_cnet.exe
    2014-11-18 17:08 - 2014-11-18 17:08 - 00701264 _____ () C:\Documents and Settings\DAZ\Desktop\AVG-AntiVirus-Free-2015.2015.0.5315.exe
    2014-11-11 13:03 - 2014-11-11 13:13 - 00000000 ____D () C:\Documents and Settings\DAZ\Application Data\U3
    2014-11-06 22:01 - 2014-11-06 22:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Avg_Update_1114tb
    2014-11-05 21:50 - 2014-11-05 21:50 - 06220854 _____ () C:\Documents and Settings\DAZ\Desktop\mums order.bmp

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-11-22 09:21 - 2013-05-05 19:16 - 00000418 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{DFABA57F-53B4-4C7E-893A-08FE3AD6616A}.job
    2014-11-22 09:18 - 2014-10-19 19:08 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-22 08:58 - 2013-05-05 20:29 - 00000000 ____D () C:\Documents and Settings\DAZ\Application Data\vlc
    2014-11-22 08:57 - 2013-05-05 19:39 - 00006334 _____ () C:\WINDOWS\system32\nvAppTimestamps
    2014-11-22 07:26 - 2013-05-05 17:23 - 00031878 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-11-22 04:18 - 2014-10-19 19:08 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-21 17:45 - 2013-05-05 17:23 - 00000000 __SHD () C:\Documents and Settings\NetworkService
    2014-11-21 17:27 - 2013-05-05 17:20 - 01872438 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-11-20 23:19 - 2013-05-05 18:12 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2014-11-20 23:19 - 2013-05-05 18:12 - 00000050 _____ () C:\WINDOWS\wiaservc.log
    2014-11-20 23:19 - 2004-08-04 12:00 - 00000827 _____ () C:\WINDOWS\system.ini
    2014-11-20 23:18 - 2013-05-05 17:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-11-20 23:11 - 2013-05-05 17:24 - 00000178 ___SH () C:\Documents and Settings\DAZ\ntuser.ini
    2014-11-20 23:10 - 2013-05-05 18:08 - 00617925 _____ () C:\WINDOWS\setupapi.log
    2014-11-20 23:00 - 2013-05-05 18:06 - 00000339 __RSH () C:\boot.ini
    2014-11-20 22:56 - 2013-05-05 17:19 - 00000000 ____D () C:\WINDOWS\system32\Restore
    2014-11-20 22:49 - 2004-08-04 12:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-11-19 15:12 - 2013-06-06 02:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB963093$
    2014-11-18 18:41 - 2013-05-05 18:09 - 00602576 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-11-17 10:21 - 2013-05-05 18:11 - 00000000 ____D () C:\Program Files\Google
    2014-11-16 23:09 - 2013-07-26 16:40 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-11-15 12:09 - 2013-05-05 20:28 - 00000000 ____D () C:\Documents and Settings\DAZ\Application Data\uTorrent
    2014-11-14 19:44 - 2013-05-05 18:11 - 00000000 ____D () C:\Documents and Settings\DAZ\Local Settings\Application Data\Google
    2014-11-14 19:44 - 2013-05-05 18:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Google
    2014-11-06 22:02 - 2014-08-28 03:50 - 00000000 ____D () C:\Program Files\AVG Security Toolbar
    2014-10-31 23:25 - 2013-05-05 19:21 - 100445232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End Of Log ============================


    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    And the Addioton text


    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.9 (11.15.2014:2)
    OS: Microsoft Windows XP x86
    Ran by DAZ on 22/11/2014 at 9:20:26.06
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-448539723-746137067-839522115-1004\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon "
    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\viewpoint "
    Successfully deleted: [Folder] "C:\Documents and Settings\DAZ\Application Data\babylon "
    Successfully deleted: [Folder] "C:\Documents and Settings\DAZ\Application Data\search protection "
    Successfully deleted: [Folder] "C:\Program Files\mypc backup "
    Successfully deleted: [Folder] "C:\Program Files\viewpoint "



    ~~~ Chrome

    Successfully deleted: [Folder] C:\Documents and Settings\DAZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 22/11/2014 at 9:22:48.12
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    The link for adwcleaner doesnt seem to work??? Due to the fact i dont have any antivirus im going to reinstall AVG Now and then google it (If i can find it) I will report back how i get on

    Thanks

    Darren
     
  17. 2014/11/22
    Dazzaboy

    Dazzaboy Inactive Thread Starter

    Joined:
    2014/11/18
    Messages:
    33
    Likes Received:
    0
    Ok, Reinstalled AVG 2015, Found and downloaded the adwcleaner by Xplode and run and cleaned pc, All i can say is my pc has taken ages to load everything up, Super slow? Dunno if its a 1 off because i havent done a reboot, Log as follows:

    # AdwCleaner v4.101 - Report created 22/11/2014 at 09:51:21
    # Updated 09/11/2014 by Xplode
    # Database : 2014-11-07.1 [Local]
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : DAZ - DAZ-0E6916DD309
    # Running from : C:\Documents and Settings\DAZ\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : vToolbarUpdater18.1.9

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
    Folder Deleted : C:\Program Files\AVG Security Toolbar
    Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
    Folder Deleted : C:\Documents and Settings\DAZ\Local Settings\Application Data\AVG SafeGuard toolbar

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
    Key Deleted : HKLM\SOFTWARE\Babylon
    Key Deleted : HKLM\SOFTWARE\MetaStream
    Key Deleted : HKLM\SOFTWARE\Viewpoint
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Protection
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IminentToolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Google Chrome v39.0.2171.65

    [C:\Documents and Settings\DAZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [4685 octets] - [22/11/2014 09:48:10]
    AdwCleaner[S0].txt - [4712 octets] - [22/11/2014 09:51:21]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4772 octets] ##########


    Just thought ill give it a go and again, When i tryed to open AVG it comes up with same error,

    Windows cannot open this program because it has been prevented by a software restriction policy, Please contact system Admin

    So yea, Werid, Ive noticed also that i have "AI Suite II" This is a program that seems to monitor my CPU, Sensor, Fan speeds...etc etc you can change all the settings overclock, anyways the program is there but no sensor information, So gonna take a guess the program or whatever got removed throw this cleanup, Shall i reinstall the software? Or leave for now?

    Anyways anymore help would be appricated thanks

    Darren
     
  18. 2014/11/22
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
  19. 2014/11/23
    Dazzaboy

    Dazzaboy Inactive Thread Starter

    Joined:
    2014/11/18
    Messages:
    33
    Likes Received:
    0
    Sorry mate i dunno how i missed that, The addition text is as follows:

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-11-2014
    Ran by DAZ at 2014-11-22 09:24:40
    Running from C:\Documents and Settings\DAZ\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)


    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-448539723-746137067-839522115-1004\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
    Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.11) MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
    AI Suite II (HKLM\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.)
    AMD Catalyst Install Manager (HKLM\...\{6983E808-40B5-7C92-7F8E-91AB7FF64BE0}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
    AMD Processor Driver (HKLM\...\{C151CE54-E7EA-4804-854B-F515368B0798}) (Version: 1.3.2.0053 - AMD)
    Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
    ASUS Boot Setting (HKLM\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.09 - ASUSTeK Computer Inc.)
    ASUS GPU Tweak (HKLM\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.2.8.1 - ASUSTek COMPUTER INC.)
    ASUS GPU Tweak (Version: 2.2.8.1 - ASUSTek COMPUTER INC.) Hidden
    ASUS Product Register Program (HKLM\...\{49BE9B8A-E858-4533-A74A-64306C13DB59}) (Version: 1.0.014 - ASUS)
    ASUS Update (HKLM\...\{F178DD09-E45A-4C29-979A-1EEAEFC35A5F}) (Version: - )
    AVS Video Converter 8.5 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
    CPUID ASUS CPU-Z 1.61 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.61 - CPUID, Inc.)
    Disk Unlocker (HKLM\...\{7E4DADFE-F9E1-4494-B698-E3D7F90C74CC}) (Version: 2.1.3 - ASUS)
    FSAutoStart (HKLM\...\{666E0B91-3FD3-43B7-B6A2-EB9012758982}) (Version: 1.1.11 - Ken Salter)
    Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
    iolo technologies' System Mechanic (HKLM\...\iolo technologies' System Mechanic) (Version: - iolo technologies, LLC)
    iTunes (HKLM\...\{E05D82D8-FE70-4228-B073-B0C07FE27595}) (Version: 11.1.1.11 - Apple Inc.)
    K-Lite Mega Codec Pack 10.4.0 (HKLM\...\KLiteCodecPack_is1) (Version: 10.4.0 - )
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
    Nero Burning ROM 2014 (HKLM\...\{972A1A15-5B3D-4096-BAE1-3F37974664A6}) (Version: 15.0.02100 - Nero AG)
    NVIDIA Graphics Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
    NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
    NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
    Prerequisite installer (Version: 15.0.0005 - Nero AG) Hidden
    REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.35.0000 - Realtek)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6699 - Realtek Semiconductor Corp.)
    SeaTools for Windows (HKLM\...\SeaTools for Windows) (Version: - Seagate Technology)
    SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
    Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - )
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
    WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-448539723-746137067-839522115-1004_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)

    ==================== Restore Points =========================


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2014-11-20 23:10 - 2014-11-20 23:19 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{DFABA57F-53B4-4C7E-893A-08FE3AD6616A}.job => C:\WINDOWS\system32\msfeedssync.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-05-05 18:11 - 2012-06-01 09:42 - 00920736 ____N () C:\Program Files\ASUS\AXSP\1.00.19\atkexComSvc.exe
    2013-05-05 18:11 - 2014-11-20 23:19 - 00033792 _____ () C:\Program Files\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
    2013-05-05 18:11 - 2010-06-29 02:58 - 00104448 ____N () C:\Program Files\ASUS\AXSP\1.00.19\ATKEX.dll
    2013-05-05 18:13 - 2012-10-29 11:45 - 01405312 _____ () C:\Program Files\ASUS\AI Suite II\EasyUpdate\EzUpdt.exe
    2013-05-05 18:13 - 2012-10-25 13:16 - 05766344 _____ () C:\Program Files\ASUS\AI Suite II\EasyUpdate\EzULIB.dll
    2013-05-05 18:13 - 2010-06-21 14:21 - 00208896 _____ () C:\Program Files\ASUS\AI Suite II\EasyUpdate\ImageHelper.dll
    2013-05-05 18:14 - 2012-05-17 10:57 - 00043520 ____N () C:\Program Files\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
    2013-05-05 18:14 - 2012-07-05 11:05 - 00253952 _____ () C:\Program Files\ASUS\AI Suite II\TurboV EVO\pngio.dll
    2013-05-05 18:12 - 2011-07-12 18:14 - 00147456 _____ () C:\Program Files\ASUS\AI Suite II\AssistFunc.dll
    2013-05-05 18:12 - 2010-10-05 07:22 - 00253952 _____ () C:\Program Files\ASUS\AI Suite II\pngio.dll
    2013-05-05 18:13 - 2011-09-26 18:36 - 00869376 _____ () C:\Program Files\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
    2013-05-05 18:12 - 2012-03-21 11:07 - 00972288 _____ () C:\Program Files\ASUS\AI Suite II\BarGadget\BarGadget.dll
    2013-05-05 18:13 - 2012-08-01 09:51 - 01040896 _____ () C:\Program Files\ASUS\AI Suite II\EasyUpdate\EasyUpdt.dll
    2013-05-05 18:13 - 2012-06-19 11:56 - 01305600 _____ () C:\Program Files\ASUS\AI Suite II\MyLogo\MyLogo.dll
    2013-05-05 18:13 - 2012-07-20 08:39 - 01047040 _____ () C:\Program Files\ASUS\AI Suite II\Probe_II\ProbeII.dll
    2013-05-05 18:12 - 2012-05-25 09:33 - 00883712 _____ () C:\Program Files\ASUS\AI Suite II\Sensor\Sensor.dll
    2013-05-05 18:12 - 2012-05-28 20:27 - 01622528 _____ () C:\Program Files\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
    2013-05-05 18:12 - 2011-09-19 19:18 - 01243136 _____ () C:\Program Files\ASUS\AI Suite II\Settings\Settings.dll
    2013-05-05 18:12 - 2011-07-21 08:06 - 00846848 _____ () C:\Program Files\ASUS\AI Suite II\Splitter\Splitter.dll
    2013-05-05 18:12 - 2011-10-14 19:03 - 00885248 _____ () C:\Program Files\ASUS\AI Suite II\TabGadget\TabGadget.dll
    2013-05-05 18:11 - 2010-08-23 02:17 - 00662016 ____R () C:\Program Files\ASUS\AAHM\1.00.20\aaHMLib.dll
    2013-05-05 18:12 - 2010-10-05 07:22 - 00208896 _____ () C:\Program Files\ASUS\AI Suite II\ImageHelper.dll
    2013-05-05 18:12 - 2009-08-12 19:15 - 00253952 _____ () C:\Program Files\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-448539723-746137067-839522115-500 - Administrator - Enabled)
    ASPNET (S-1-5-21-448539723-746137067-839522115-1006 - Limited - Enabled)
    DAZ (S-1-5-21-448539723-746137067-839522115-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\DAZ
    Guest (S-1-5-21-448539723-746137067-839522115-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-448539723-746137067-839522115-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-448539723-746137067-839522115-1002 - Limited - Disabled)
    UpdatusUser (S-1-5-21-448539723-746137067-839522115-1005 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/20/2014 06:54:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (11/18/2014 06:29:31 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application presentationhost.exe, version 4.0.40305.0, faulting module kernel32.dll, version 5.1.2600.6532, fault address 0x00012fd3.
    Processing media-specific event for [presentationhost.exe!ws!]

    Error: (11/18/2014 05:51:58 PM) (Source: MsiInstaller) (EventID: 11706) (User: DAZ-0E6916DD309)
    Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1706. SA_Error1706: StandardAction(0xC00706AA): An installation package for the product AVG 2014 cannot be found. Try the installation again using a valid copy of the installation package 'Avgx86.msi'.

    Error: (11/18/2014 05:22:41 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application presentationhost.exe, version 4.0.40305.0, faulting module kernel32.dll, version 5.1.2600.6532, fault address 0x00012fd3.
    Processing media-specific event for [presentationhost.exe!ws!]

    Error: (11/18/2014 05:22:30 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application presentationhost.exe, version 4.0.40305.0, faulting module kernel32.dll, version 5.1.2600.6532, fault address 0x00012fd3.
    Processing media-specific event for [presentationhost.exe!ws!]

    Error: (11/18/2014 05:22:06 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application presentationhost.exe, version 4.0.40305.0, faulting module kernel32.dll, version 5.1.2600.6532, fault address 0x00012fd3.
    Processing media-specific event for [presentationhost.exe!ws!]

    Error: (11/18/2014 05:12:42 PM) (Source: MsiInstaller) (EventID: 1013) (User: DAZ-0E6916DD309)
    Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- SA_Error25001: StandardAction(0xC00761A9): Installation cannot be done using this package, because a higher version of the product is already installed. Please either download and run the latest installation package or go to Start menu/Control Panel/Programs and Features (Add or Remove Programs) and run Change action on AVG product.

    Error: (11/17/2014 10:32:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (10/28/2014 05:04:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (10/28/2014 01:29:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


    System errors:
    =============
    Error: (11/20/2014 11:20:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

    Error: (11/20/2014 11:20:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The System Restore Service service terminated with the following error:
    %%2

    Error: (11/20/2014 11:20:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The vToolbarUpdater18.1.9 service failed to start due to the following error:
    %%2

    Error: (11/20/2014 11:19:33 PM) (Source: SRService) (EventID: 104) (User: )
    Description: The System Restore initialization process failed.

    Error: (11/19/2014 03:18:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

    Error: (11/19/2014 03:18:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The ASUS Com Service service failed to start due to the following error:
    %%1053

    Error: (11/19/2014 03:18:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the ASUS Com Service service to connect.

    Error: (11/18/2014 06:09:10 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).

    Error: (11/18/2014 06:08:55 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).

    Error: (11/18/2014 06:08:52 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The AVGIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).


    Microsoft Office Sessions:
    =========================
    Error: (11/20/2014 06:54:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

    Error: (11/18/2014 06:29:31 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: presentationhost.exe4.0.40305.0kernel32.dll5.1.2600.653200012fd3

    Error: (11/18/2014 05:51:58 PM) (Source: MsiInstaller) (EventID: 11706) (User: DAZ-0E6916DD309)
    Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1706. SA_Error1706: StandardAction(0xC00706AA): An installation package for the product AVG 2014 cannot be found. Try the installation again using a valid copy of the installation package 'Avgx86.msi'.(NULL)(NULL)(NULL)(NULL)

    Error: (11/18/2014 05:22:41 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: presentationhost.exe4.0.40305.0kernel32.dll5.1.2600.653200012fd3

    Error: (11/18/2014 05:22:30 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: presentationhost.exe4.0.40305.0kernel32.dll5.1.2600.653200012fd3

    Error: (11/18/2014 05:22:06 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: presentationhost.exe4.0.40305.0kernel32.dll5.1.2600.653200012fd3

    Error: (11/18/2014 05:12:42 PM) (Source: MsiInstaller) (EventID: 1013) (User: DAZ-0E6916DD309)
    Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- SA_Error25001: StandardAction(0xC00761A9): Installation cannot be done using this package, because a higher version of the product is already installed. Please either download and run the latest installation package or go to Start menu/Control Panel/Programs and Features (Add or Remove Programs) and run Change action on AVG product.(NULL)(NULL)(NULL)(NULL)

    Error: (11/17/2014 10:32:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000

    Error: (10/28/2014 05:04:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

    Error: (10/28/2014 01:29:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000


    ==================== Memory info ===========================

    Processor: AMD FX(tm)-8320 Eight-Core Processor
    Percentage of memory in use: 27%
    Total physical RAM: 2989.18 MB
    Available physical RAM: 2160.13 MB
    Total Pagefile: 4875.91 MB
    Available Pagefile: 4176.69 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1934.72 MB

    ==================== Drives ================================

    Drive c: (Win-xp-Home) (Fixed) (Total:746.5 GB) (Free:360.65 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive e: (Backup-S-500G) (Fixed) (Total:465.75 GB) (Free:75.62 GB) NTFS
    Drive f: (Downloads-S-500G) (Fixed) (Total:465.75 GB) (Free:52.78 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 6F22CB51)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=OF Extended)

    ========================================================
    Disk: 1 (Size: 465.8 GB) (Disk ID: EFD6AD91)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=OF Extended)

    ========================================================
    Disk: 2 (MBR Code: Windows XP) (Size: 2048 GB) (Disk ID: ABF5ABF5)
    Partition 1: (Active) - (Size=746.5 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  20. 2014/11/23
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    AdwCleaner log?
     
  21. 2014/11/23
    Dazzaboy

    Dazzaboy Inactive Thread Starter

    Joined:
    2014/11/18
    Messages:
    33
    Likes Received:
    0
    Sorry soo many logs i lose track

    # AdwCleaner v4.101 - Report created 22/11/2014 at 09:51:21
    # Updated 09/11/2014 by Xplode
    # Database : 2014-11-07.1 [Local]
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : DAZ - DAZ-0E6916DD309
    # Running from : C:\Documents and Settings\DAZ\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : vToolbarUpdater18.1.9

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
    Folder Deleted : C:\Program Files\AVG Security Toolbar
    Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
    Folder Deleted : C:\Documents and Settings\DAZ\Local Settings\Application Data\AVG SafeGuard toolbar

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
    Key Deleted : HKLM\SOFTWARE\Babylon
    Key Deleted : HKLM\SOFTWARE\MetaStream
    Key Deleted : HKLM\SOFTWARE\Viewpoint
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Protection
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IminentToolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Google Chrome v39.0.2171.65

    [C:\Documents and Settings\DAZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [4685 octets] - [22/11/2014 09:48:10]
    AdwCleaner[S0].txt - [4712 octets] - [22/11/2014 09:51:21]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4772 octets] ##########
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.