Inactive Blank desktop ?

Leave Combofix alone unless I ask you to run it.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-07-2013
Ran by SYSTEM on 18-07-2013 09:13:27
Running from E:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ECenter] - C:\Dell\E-Center\EULALauncher.exe [17920 2007-05-24] ( )
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-04-27] (Synaptics, Inc.)
HKLM\...\Run: [OEM02Mon.exe] - C:\Windows\OEM02Mon.exe [36864 2007-08-28] (Creative Technology Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] - "c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [77824 2007-10-16] (Sun Microsystems, Inc.)
HKLM\...\Run: [DELL Webcam Manager] - "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s [118784 2007-07-27] (Creative Technology Ltd.)
HKLM\...\Run: [ISUSScheduler] - "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [RoxWatchTray] - "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [221184 2006-11-05] (Sonic Solutions)
HKLM\...\Run: [PCMService] - "C:\Program Files\Dell\MediaDirect\PCMService.exe" [184320 2007-04-16] (CyberLink Corp.)
HKLM\...\Run: [dscactivate] - c:\dell\dsca.exe 3 [16384 2007-07-30] ( )
HKLM\...\Run: [Google Desktop Search] - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2010-07-24] (Google)
HKLM\...\Run: [FaxCenterServer] - "C:\Program Files\Dell Fax Solutions\fm3032.exe" /s [312200 2006-11-03] ()
HKLM\...\Run: [TalkTalk] - "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk [202016 2007-10-12] (SupportSoft, Inc.)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Google Updater] - "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation [161336 2011-09-20] (Google)
HKLM\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-02] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SigmatelSysTrayApp] - sttray.exe [x]
HKLM\...\Run: [NvSvc] - RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [86016 2007-05-15] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8429568 2007-05-15] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [81920 2007-05-15] (NVIDIA Corporation)
HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [67584 2007-05-15] (NVIDIA Corporation)
HKLM\...\Run: [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [NielsenOnline] - C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe [93504 2012-02-23] (The Nielsen Company)
HKLM\...\Run: [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [DLCGCATS] - rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16 [73728 2006-10-20] ()
HKLM\...\Run: [dlcgmon.exe] - "C:\Program Files\Dell AIO 810\dlcgmon.exe" [431600 2007-01-12] (Dell)
HKU\Default\...\Run: [DellSupport] - "C:\Program Files\DellSupport\DSAgnt.exe" /startup [ 2007-03-15] (Gteko Ltd.)
HKU\Default User\...\Run: [DellSupport] - "C:\Program Files\DellSupport\DSAgnt.exe" /startup [ 2007-03-15] (Gteko Ltd.)
HKU\Lienne\...\Run: [DellSupport] - "C:\Program Files\DellSupport\DSAgnt.exe" /startup [ 2007-03-15] (Gteko Ltd.)
HKU\Lienne\...\Run: [DellSupportCenter] - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [ 2007-07-10] (SupportSoft, Inc.)
HKU\Lienne\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-18] (Microsoft Corporation)
HKU\Lienne\...\Run: [KGShareApp] - C:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe [ 2012-06-26] (Eastman Kodak Company)
HKU\Lienne\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-18] (Microsoft Corporation)
HKU\TEMP\...\Run: [DellSupport] - "C:\Program Files\DellSupport\DSAgnt.exe" /startup [ 2007-03-15] (Gteko Ltd.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)

========================== Services (Whitelisted) =================

S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 dlcg_device; C:\Windows\system32\dlcgcoms.exe [537480 2006-12-07] ( )
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] ()
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-24] (Google)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 NielsenUpdate; C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2833120 2013-04-19] ()
S2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [374112 2010-11-11] (Ralink Technology, Corp.)
S3 RaMediaServer; C:\Program Files\Ralink\Common\RaMediaServer.exe [619872 2010-12-31] ()
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [202800 2007-07-10] (SupportSoft, Inc.)
S2 sprtsvc_TalkTalk; C:\Program Files\TalkTalk\bin\sprtsvc.exe [202016 2007-10-12] (SupportSoft, Inc.)
S2 STacSV; C:\Windows\system32\STacSV.exe [90112 2007-03-06] (SigmaTel, Inc.)
S3 SupportSoft RemoteAssist; C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe [382320 2007-08-02] (SupportSoft, Inc.)
S2 tgsrvc_TalkTalk; C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe [148768 2007-08-02] (SupportSoft, Inc.)
S2 McShield; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [x]
S3 McSysmon; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [x]

==================== Drivers (Whitelisted) ====================

S1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-05-21] (AVG Technologies)
S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1093472 2010-12-28] (Ralink Technology Corp.)
S1 nnfwdk; C:\Program Files\NetRatingsNetSight\NetSight\meter4\nnfwdk.sys [23264 2013-04-19] (The Nielsen Company)
S3 STHDA; C:\Windows\System32\drivers\stwrt.sys [323584 2007-03-06] (SigmaTel, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\Users\Lienne\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 TrueSight; \??\C:\Windows\system32\TrueSight.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-13 23:43 - 2013-07-13 23:43 - 00017305 _____ C:\Users\Lienne\Desktop\Addition.txt
2013-07-13 23:41 - 2013-07-13 23:41 - 00000000 ____D C:\FRST
2013-07-13 23:09 - 2013-07-13 23:09 - 00010276 _____ C:\ComboFix.txt
2013-07-13 13:32 - 2013-07-13 09:50 - 05088600 ____R (Swearware) C:\Users\Lienne\Desktop\ComboFix.exe
2013-07-13 13:31 - 2013-07-13 13:31 - 00000000 ____D C:\Users\Lienne\AppData\Local\Avg2013
2013-07-13 10:33 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-13 10:33 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-13 10:33 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-13 10:33 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-13 10:33 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-13 10:33 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-13 10:33 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-13 10:33 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-13 10:27 - 2013-07-13 23:09 - 00000000 ____D C:\Qoobox
2013-07-13 10:27 - 2013-07-13 10:50 - 00000000 ____D C:\Windows\erdnt
2013-07-12 20:01 - 2013-07-12 20:01 - 00000908 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-11 07:04 - 2013-07-11 07:04 - 00001644 _____ C:\avenger.txt
2013-07-11 06:37 - 2013-04-04 05:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-07-09 07:43 - 2013-07-09 07:43 - 00000591 _____ C:\Windows\setupact.log
2013-07-09 07:43 - 2013-07-09 07:43 - 00000000 _____ C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

2013-07-15 06:51 - 2006-11-02 04:47 - 00003568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-15 06:51 - 2006-11-02 04:47 - 00003568 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-15 01:06 - 2007-10-16 09:25 - 02051504 _____ C:\Windows\WindowsUpdate.log
2013-07-14 23:28 - 2007-10-22 08:51 - 00000000 ___RD C:\Users\Lienne\Desktop
2013-07-14 23:06 - 2006-11-02 02:33 - 00703388 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-14 23:04 - 2007-10-23 04:04 - 00027430 _____ C:\Users\Lienne\AppData\Roaming\nvModes.001
2013-07-13 23:43 - 2013-07-13 23:43 - 00017305 _____ C:\Users\Lienne\Desktop\Addition.txt
2013-07-13 23:42 - 2006-11-02 03:18 - 00000000 ___RD C:\users\Public
2013-07-13 23:41 - 2013-07-13 23:41 - 00000000 ____D C:\FRST
2013-07-13 23:21 - 2007-10-22 08:47 - 00096974 _____ C:\Windows\PFRO.log
2013-07-13 23:09 - 2013-07-13 23:09 - 00010276 _____ C:\ComboFix.txt
2013-07-13 23:09 - 2013-07-13 10:27 - 00000000 ____D C:\Qoobox
2013-07-13 23:06 - 2006-11-02 02:23 - 00000215 _____ C:\Windows\system.ini
2013-07-13 13:54 - 2009-05-21 08:13 - 00000000 ____D C:\Program Files\AVG
2013-07-13 13:31 - 2013-07-13 13:31 - 00000000 ____D C:\Users\Lienne\AppData\Local\Avg2013
2013-07-13 13:31 - 2013-04-02 08:33 - 00000000 ____D C:\ProgramData\MFAData
2013-07-13 13:31 - 2009-07-19 09:03 - 00000000 ____D C:\ProgramData\Norton
2013-07-13 13:31 - 2007-11-07 03:30 - 00000000 ____D C:\Program Files\Norton Security Scan
2013-07-13 13:31 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-07-13 13:31 - 2006-11-02 03:18 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-13 10:50 - 2013-07-13 10:27 - 00000000 ____D C:\Windows\erdnt
2013-07-13 09:50 - 2013-07-13 13:32 - 05088600 ____R (Swearware) C:\Users\Lienne\Desktop\ComboFix.exe
2013-07-13 01:44 - 2007-10-22 12:09 - 00023870 _____ C:\dlcg.log
2013-07-12 20:01 - 2013-07-12 20:01 - 00000908 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-12 20:01 - 2013-06-12 12:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-12 19:56 - 2008-02-17 10:30 - 00008268 _____ C:\Users\Lienne\AppData\Local\d3d9caps.dat
2013-07-11 07:04 - 2013-07-11 07:04 - 00001644 _____ C:\avenger.txt
2013-07-09 08:41 - 2007-10-16 17:01 - 00000000 ____D C:\DELL
2013-07-09 07:43 - 2013-07-09 07:43 - 00000591 _____ C:\Windows\setupact.log
2013-07-09 07:43 - 2013-07-09 07:43 - 00000000 _____ C:\Windows\setuperr.log
2013-07-08 20:42 - 2007-10-22 08:51 - 00000000 ____D C:\users\Lienne
2013-07-08 20:42 - 2006-11-02 02:22 - 42729472 _____ C:\Windows\System32\config\software_previous
2013-07-08 20:41 - 2013-04-17 03:55 - 00000000 ____D C:\Program Files\Dell AIO 810
2013-07-08 20:41 - 2008-10-13 11:16 - 00000000 ____D C:\Windows\Minidump
2013-07-08 20:41 - 2007-10-22 09:34 - 00000000 ____D C:\Program Files\MSN Messenger
2013-07-08 20:41 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool
2013-07-08 20:41 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration
2013-07-08 20:41 - 2006-11-02 02:22 - 20447232 _____ C:\Windows\System32\config\system_previous
2013-07-08 20:31 - 2006-11-02 02:22 - 40108032 _____ C:\Windows\System32\config\components_previous
2013-07-08 20:31 - 2006-11-02 02:22 - 00057344 _____ C:\Windows\System32\config\sam_previous

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 21%
Total physical RAM: 1021.57 MB
Available physical RAM: 800.95 MB
Total Pagefile: 986.54 MB
Available Pagefile: 859.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1979.14 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:99.18 GB) (Free:32.43 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (CDROM) (CDROM) (Total:0.1 GB) (Free:0 GB) CDFS
Drive e: (SONY USB) (Removable) (Total:0.12 GB) (Free:0.02 GB) FAT
Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:3.64 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 112 GB) (Disk ID: 08000000)
Partition 1: (Not Active) - (Size=110 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=99 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 124 MB) (Disk ID: A2F07B3A)
Partition 1: (Active) - (Size=124 MB) - (Type=06)


LastRegBack: 2013-07-15 23:22

==================== End Of Log ============================
 
Hi, sorry for the delay. The McAffee uninstaller was unsuccessful, and it wont let me save the log. Or copy it, or in fact do anything at all once the log has been created, it literally just freezes every time.
 
Sorry, I thought I had replied but apparently it didnt post. I said I wasn't sure about the avg remover, it ran but then entirely disappeared, didn't give me any messages about being successful or not and did not post a log anywhere.
 
ComboFix 13-07-31.02 - Lienne 31/07/2013 21:25:02.2.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1021.531 [GMT 1:00]
Running from: F:\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2013-06-28 to 2013-07-31 )))))))))))))))))))))))))))))))
.
.
2013-07-14 07:41 . 2013-07-14 07:41--------d-----w-C:\FRST
2013-07-13 21:31 . 2013-07-13 21:31--------d-----w-c:\users\Lienne\AppData\Local\Avg2013
2013-07-11 14:37 . 2013-04-04 13:5022856----a-w-c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-21 11:10 . 2012-11-16 16:0437664----a-w-c:\windows\system32\drivers\avgtpx86.sys
2010-07-24 17:58 . 2010-07-24 17:58119808----a-w-c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-07-11 198704]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"KGShareApp"="c:\program files\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-06-26 394752]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-28 857648]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-29 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-10-16 77824]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-24 30192]
"FaxCenterServer"="c:\program files\Dell Fax Solutions\fm3032.exe" [2006-11-04 312200]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-20 161336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SigmatelSysTrayApp"="sttray.exe" [2007-03-06 303104]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-16 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-16 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-05-16 67584]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2012-02-24 93504]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"DLCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2006-10-20 73728]
"dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2007-01-12 431600]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-16 50688]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx [2008-10-30 282624]
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe -s [2012-10-24 11474272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcsREG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 18:08]
.
2013-05-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-03 10:22]
.
2013-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-24 19:24]
.
2013-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-24 19:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/v/ra3RgI_VSoCPalw7aL2ig_0fSS8.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-31 21:33
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCGCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-07-31 21:36:53
ComboFix-quarantined-files.txt 2013-07-31 20:36
ComboFix2.txt 2013-07-14 07:09
ComboFix3.txt 2013-07-13 23:19
ComboFix4.txt 2013-07-13 22:45
ComboFix5.txt 2013-07-31 20:21
.
Pre-Run: 36,031,967,232 bytes free
Post-Run: 35,997,032,448 bytes free
.
- - End Of File - - D82B17F925EBB19D4F08A0ABB3DF81B7
5C616939100B85E558DA92B899A0FC36
 
After running combofix I am able to boot normally just once. then it crashes and I have to go through safe mode again.
 
At this point I don't see anything malicious there anymore.

In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck :)
 
Back