Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-08-2015 Ran by home (administrator) on ACER-D928810BF0 (13-08-2015 15:06:57) Running from C:\Documents and Settings\home\My Documents\Downloads Loaded Profiles: home (Available Profiles: home & Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe (ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe (Acer Inc.) C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe () C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe (Cyberlink) C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink) C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe (Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (HP) C:\WINDOWS\System32\HPZipm12.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe () C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe (ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe () C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Microsoft Corporation) C:\WINDOWS\System32\WBEM\unsecapp.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ePower_DMC] => C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [421888 2006-05-30] () HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3780520 2015-07-31] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2006-04-27] (ATI Technologies Inc.) Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKU\S-1-5-21-3344879686-2638717043-3166630987-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-17] (Piriform Ltd) BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restartsdnclean.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3344879686-2638717043-3166630987-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://ca.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://ca.yahoo.com HKU\S-1-5-21-3344879686-2638717043-3166630987-1005\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 HKU\S-1-5-21-3344879686-2638717043-3166630987-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/ SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-07] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-07] (Oracle Corporation) Toolbar: HKU\S-1-5-21-3344879686-2638717043-3166630987-1005 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9 Tcpip\..\Interfaces\{F9660150-E81B-42D0-850D-AF7A2B5B319A}: [DhcpNameServer] 192.168.1.254 75.153.176.9 FireFox: ======== FF ProfilePath: C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\xw8srnc8.default FF DefaultSearchEngine: Yahoo FF Homepage: https://ca.yahoo.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-07] () FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-07] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-07] (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-22] Chrome: ======= CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AcerMemUsageCheckService; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672 2006-03-29] (Acer Inc.) [File not signed] R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3633576 2015-07-31] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [335656 2015-07-31] (AVG Technologies CZ, s.r.o.) R2 CLCapSvc; C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [254050 2006-04-27] () [File not signed] R2 CLSched; C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [114784 2006-04-27] () [File not signed] R2 CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [61440 2006-04-27] (Cyberlink) [File not signed] R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242880 2015-07-02] (Foxit Software Inc.) R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2006-02-17] (Hewlett-Packard Company) [File not signed] S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [73728 2007-08-09] (HP) [File not signed] R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [143360 2005-01-21] () [File not signed] R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-04] (Microsoft Corporation) R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [43672 2009-04-11] (Oak Technology Inc.) R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-05-10] (Advanced Micro Devices) R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [238000 2015-07-28] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [190944 2015-05-12] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-07-23] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [207328 2015-06-16] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [186800 2015-07-28] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [213984 2015-05-12] (AVG Technologies CZ, s.r.o.) R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [424320 2005-11-02] (Broadcom Corporation) R3 EMSCR; C:\WINDOWS\System32\DRIVERS\EMS7SK.sys [61056 2006-05-24] (ENE Technology Inc.) R3 ESDCR; C:\WINDOWS\System32\DRIVERS\ESD7SK.sys [40064 2006-05-24] (ENE Technology Inc.) R3 ESMCR; C:\WINDOWS\System32\DRIVERS\ESM7SK.sys [74752 2006-05-24] (ENE Technology Inc.) R3 HidUsb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [9600 2004-08-04] (Microsoft Corporation) [File not signed] R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [208384 2006-06-12] (Conexant Systems, Inc.) R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [990592 2006-06-12] (Conexant Systems, Inc.) R2 int15; C:\WINDOWS\system32\drivers\int15.sys [69632 2006-06-02] () [File not signed] S3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) R3 NTIDrvr; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [6144 2006-06-20] (NewTech Infosystems, Inc.) [File not signed] S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation) R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation) S3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [46592 2004-12-09] (SMSC) R2 tvicport; C:\WINDOWS\system32\drivers\tvicport.sys [14544 2006-06-02] (EnTech Taiwan) [File not signed] R2 zntport; C:\WINDOWS\system32\drivers\zntport.sys [6080 2006-06-02] (Zeal SoftStudio) [File not signed] S3 btaudio; system32\drivers\btaudio.sys [X] S3 BTDriver; system32\DRIVERS\btport.sys [X] S3 BTKRNL; system32\DRIVERS\btkrnl.sys [X] S3 BTWDNDIS; system32\DRIVERS\btwdndis.sys [X] S2 eLock2BurnerLockDriver; \??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys [X] S2 eLock2FSCTLDriver; \??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U1 WS2IFSL; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-13 15:06 - 2015-08-13 15:06 - 00000000 ____D C:\FRST 2015-08-12 14:04 - 2015-08-12 14:04 - 00000000 ____D C:\Program Files\Common Files\AV 2015-08-12 14:04 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Documents and Settings\All Users\Desktop\Post Win10 Spybot-install.exe 2015-08-12 13:52 - 2015-08-13 00:20 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt 2015-08-12 13:52 - 2015-08-12 13:52 - 00001750 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk 2015-08-12 13:52 - 2015-08-12 13:52 - 00001744 _____ C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk 2015-08-12 13:52 - 2015-08-12 13:52 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2 2015-08-12 13:52 - 2015-08-12 13:52 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2 2015-08-12 13:52 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe 2015-08-12 13:45 - 2015-08-12 13:45 - 00001243 _____ C:\Documents and Settings\home\My Documents\malware scan.xml 2015-08-09 22:35 - 2015-08-09 22:35 - 00011014 _____ C:\Documents and Settings\home\My Documents\cc_20150809_223527.reg 2015-08-09 22:33 - 2015-08-09 22:33 - 00008192 ___SH C:\WINDOWS\Thumbs.db 2015-08-09 22:33 - 2015-08-09 22:33 - 00003072 ___SH C:\Thumbs.db 2015-08-09 22:21 - 2015-08-09 22:21 - 00000390 _____ C:\Documents and Settings\home\My Documents\cc_20150809_222115.reg 2015-08-09 22:20 - 2015-08-09 22:20 - 00014538 _____ C:\Documents and Settings\home\My Documents\cc_20150809_222024.reg 2015-08-09 21:51 - 2015-08-09 21:51 - 00005914 _____ C:\Documents and Settings\home\Local Settings\Application Data\HWVendorDetection.log 2015-08-09 14:05 - 2015-08-09 14:05 - 00000000 ____D C:\WINDOWS\system32\URTTEMP 2015-08-08 09:18 - 2015-08-08 09:18 - 00000482 _____ C:\Documents and Settings\home\My Documents\cc_20150808_091805.reg 2015-08-08 09:14 - 2015-08-08 09:14 - 00710542 _____ C:\Documents and Settings\home\My Documents\cc_20150808_091414.reg 2015-08-07 19:59 - 2015-08-09 22:33 - 00003584 _____ C:\Documents and Settings\home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-08-07 19:57 - 2015-08-07 19:57 - 00000614 _____ C:\Documents and Settings\home\Desktop\PhotoScape.lnk 2015-08-07 19:57 - 2015-08-07 19:57 - 00000000 ____D C:\Program Files\PhotoScape 2015-08-07 19:57 - 2015-08-07 19:57 - 00000000 ____D C:\Documents and Settings\home\Application Data\PhotoScape 2015-08-07 19:57 - 2015-08-07 19:57 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PhotoScape 2015-08-07 19:30 - 2015-08-07 19:30 - 00000000 ____D C:\Documents and Settings\home\Application Data\AVG2015 2015-08-07 19:29 - 2015-08-07 19:29 - 00000610 _____ C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk 2015-08-07 19:29 - 2015-08-07 19:29 - 00000000 ___HD C:\$AVG 2015-08-07 19:29 - 2015-08-07 19:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2015-08-07 19:29 - 2015-08-07 19:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2015 2015-08-07 19:27 - 2015-08-07 19:27 - 00000029 _____ C:\Documents and Settings\home\My Documents\avg code.txt 2015-08-07 19:26 - 2015-08-07 19:26 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\MFAData 2015-08-07 19:26 - 2015-08-07 19:26 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\Avg2015 2015-08-07 19:26 - 2015-08-07 19:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData 2015-08-07 19:25 - 2015-08-07 19:26 - 00047762 _____ C:\Documents and Settings\home\My Documents\cc_20150807_192555.reg 2015-08-07 18:36 - 2015-08-09 22:15 - 00315928 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2015-08-07 18:23 - 2015-08-07 18:23 - 00005285 _____ C:\Documents and Settings\home\My Documents\fido conversation.txt 2015-08-07 18:05 - 2015-08-07 18:05 - 00000677 _____ C:\Documents and Settings\home\My Documents\New Fido.txt 2015-08-07 17:28 - 2015-08-07 17:29 - 01226962 _____ C:\Documents and Settings\home\My Documents\sys info.nfo 2015-08-07 16:16 - 2015-08-07 16:16 - 00000000 ____D C:\Documents and Settings\home\My Documents\Extracted Files 2015-08-07 15:44 - 2015-08-07 15:44 - 00070677 _____ C:\Documents and Settings\home\My Documents\overview windows.mht 2015-08-07 15:42 - 2015-08-07 15:42 - 00070677 _____ C:\Documents and Settings\home\My Documents\windows 7 update.mht 2015-08-07 15:39 - 2015-08-07 15:39 - 00001776 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk 2015-08-07 15:39 - 2015-08-07 15:39 - 00001770 _____ C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk 2015-08-07 15:39 - 2015-08-07 15:39 - 00000000 ____D C:\WINDOWS\Performance 2015-08-07 15:39 - 2015-08-07 15:39 - 00000000 ____D C:\Program Files\Microsoft Windows 7 Upgrade Advisor 2015-08-07 15:39 - 2015-08-07 15:39 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\Microsoft Corporation 2015-08-07 15:33 - 2015-08-07 15:33 - 00000000 ____D C:\Documents and Settings\home\Application Data\Foxit Software 2015-08-07 15:33 - 2015-08-07 15:33 - 00000000 ____D C:\Documents and Settings\All Users\Foxit Software 2015-08-07 15:32 - 2015-08-07 15:32 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Foxit Software 2015-08-07 15:32 - 2015-08-07 15:32 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader 2015-08-07 15:30 - 2015-08-07 15:30 - 00000000 ____D C:\Program Files\Foxit Software 2015-08-07 15:06 - 2015-08-07 15:06 - 00000000 ____D C:\Program Files\Common Files\Java 2015-08-07 15:05 - 2015-08-07 15:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Oracle 2015-08-07 12:18 - 2015-08-07 12:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics 2015-08-07 12:12 - 2015-08-07 12:13 - 00004898 _____ C:\Documents and Settings\home\My Documents\cc_20150807_121250.reg 2015-08-06 20:24 - 2015-08-06 20:25 - 00001422 _____ C:\Documents and Settings\home\My Documents\cc_20150806_202455.reg 2015-08-06 20:18 - 2015-08-06 20:18 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\AvgSetupLog 2015-08-06 19:25 - 2015-08-06 19:25 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-08-06 18:50 - 2015-08-06 18:50 - 00018958 _____ C:\Documents and Settings\home\My Documents\cc_20150806_185015.reg 2015-08-06 18:13 - 2015-08-06 18:13 - 00023482 _____ C:\Documents and Settings\home\My Documents\duplicate.txt 2015-08-06 18:03 - 2015-08-12 13:28 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-08-06 18:03 - 2015-08-06 18:03 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-08-06 18:03 - 2015-08-06 18:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2015-08-06 18:03 - 2015-06-18 08:41 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-08-06 17:47 - 2015-08-06 17:47 - 00000696 _____ C:\Documents and Settings\Donna\Start Menu\Programs\Windows Media Player.lnk 2015-08-06 17:47 - 2015-08-06 17:47 - 00000000 __SHD C:\Documents and Settings\Donna\IETldCache 2015-08-06 17:47 - 2008-04-13 16:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpns.dll 2015-08-06 17:46 - 2015-08-06 17:57 - 00000178 ___SH C:\Documents and Settings\Donna\ntuser.ini 2015-08-06 17:46 - 2015-08-06 17:47 - 00000711 _____ C:\Documents and Settings\Donna\Start Menu\Programs\Internet Explorer.lnk 2015-08-06 17:46 - 2015-08-06 17:47 - 00000646 _____ C:\Documents and Settings\Donna\Start Menu\Programs\Outlook Express.lnk 2015-08-06 17:46 - 2015-08-06 17:46 - 00000000 ____D C:\Documents and Settings\Donna 2015-08-06 17:46 - 2014-03-13 09:49 - 00000000 ____D C:\Documents and Settings\Donna\Application Data\TuneUp Software 2015-08-06 17:46 - 2006-06-20 15:00 - 00000000 ____D C:\Documents and Settings\Donna\Local Settings\Application Data\Adobe 2015-08-06 17:46 - 2006-06-20 15:00 - 00000000 ____D C:\Documents and Settings\Donna\Application Data\Adobe 2015-08-06 17:46 - 2006-06-20 14:50 - 00034232 _____ C:\Documents and Settings\Donna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2015-08-06 17:46 - 2006-06-20 13:50 - 00000000 ____D C:\Documents and Settings\Donna\Local Settings\Application Data\Acer Arcade 2015-08-06 17:46 - 2006-06-20 13:41 - 00000136 _____ C:\Documents and Settings\Donna\Local Settings\Application Data\fusioncache.dat 2015-08-06 17:46 - 2006-06-20 13:41 - 00000000 ____D C:\Documents and Settings\Donna\Local Settings\Application Data\ATI 2015-08-06 17:46 - 2006-06-20 13:41 - 00000000 ____D C:\Documents and Settings\Donna\Application Data\ATI 2015-08-06 17:46 - 2006-06-20 13:26 - 00001507 _____ C:\Documents and Settings\Donna\Start Menu\Programs\Remote Assistance.lnk 2015-08-06 17:46 - 2006-06-20 13:24 - 00000000 ___RD C:\Documents and Settings\Donna\Start Menu\Programs\Accessories 2015-08-06 17:46 - 2006-06-20 13:18 - 00000000 ____D C:\Documents and Settings\Donna\Local Settings\Temp 2015-08-06 17:43 - 2015-08-06 17:43 - 00103400 _____ C:\Documents and Settings\home\My Documents\cc_20150806_174302.reg 2015-08-06 17:43 - 2015-08-06 17:43 - 00000516 _____ C:\Documents and Settings\home\My Documents\cc_20150806_174326.reg 2015-08-06 15:19 - 2015-08-06 15:19 - 00010364 _____ C:\Documents and Settings\home\My Documents\cc_20150806_151939.reg 2015-08-06 15:06 - 2015-08-09 13:50 - 00008704 ___SH C:\Documents and Settings\home\My Documents\Thumbs.db 2015-08-06 15:01 - 2015-08-06 15:01 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\Avg 2015-07-28 11:02 - 2015-07-28 11:02 - 00238000 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys 2015-07-28 11:02 - 2015-07-28 11:02 - 00186800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys 2015-07-23 16:44 - 2015-07-23 16:44 - 00031664 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsshimx.sys ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-13 15:07 - 2014-01-21 12:33 - 01063348 _____ C:\WINDOWS\WindowsUpdate.log 2015-08-13 14:53 - 2014-01-21 10:42 - 00000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{3B11F248-9E1D-4583-9DDA-3BBA1F0533B1}.job 2015-08-13 13:18 - 2014-01-21 12:34 - 00000159 ____N C:\WINDOWS\wiadebug.log 2015-08-13 13:18 - 2006-06-20 15:15 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl 2015-08-13 13:17 - 2006-06-20 15:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-08-13 03:56 - 2014-01-21 12:34 - 00032472 ____N C:\WINDOWS\SchedLgU.Txt 2015-08-13 03:56 - 2014-01-21 12:34 - 00000049 ____N C:\WINDOWS\wiaservc.log 2015-08-13 03:56 - 2008-11-12 18:49 - 00000178 ___SH C:\Documents and Settings\home\ntuser.ini 2015-08-13 00:20 - 2006-06-20 14:07 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt 2015-08-09 14:05 - 2006-06-20 13:51 - 00513338 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-08-07 19:21 - 2009-04-05 16:37 - 00009904 _____ C:\Documents and Settings\All Users\Application Data\hpzinstall.log 2015-08-07 15:09 - 2014-01-22 09:59 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-08-07 15:09 - 2014-01-22 09:59 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-08-07 15:05 - 2014-01-22 09:56 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2015-08-07 15:05 - 2014-01-22 09:56 - 00096352 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2015-08-06 18:54 - 2014-01-27 16:13 - 00040480 _____ C:\Documents and Settings\home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2015-08-06 18:52 - 2006-06-20 14:49 - 00209696 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-08-06 17:47 - 2006-06-20 14:50 - 00045184 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2015-08-06 17:29 - 2014-01-21 12:38 - 00001945 _____ C:\WINDOWS\epplauncher.mif 2015-08-06 15:16 - 2008-12-24 23:10 - 00002473 _____ C:\Documents and Settings\home\Desktop\Microsoft Word (2).lnk ==================== Files in the root of some directories ======= 2014-01-21 12:34 - 2014-01-21 12:34 - 0000127 _____ () C:\Documents and Settings\home\Local Settings\Application Data\fusioncache.dat 2015-08-07 19:59 - 2015-08-09 22:33 - 0003584 _____ () C:\Documents and Settings\home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-08-09 21:51 - 2015-08-09 21:51 - 0005914 _____ () C:\Documents and Settings\home\Local Settings\Application Data\HWVendorDetection.log ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of log ============================