[Jhazon]

I have an older model PC with WinXP and it had the latest AVG 2015 installed. However during a update last month, AVG has been acting up (my PC seems to reboot and when I come home from work, the error window indicated that it was AVG) so I decided to uninstall and reinstall. I went through the process but when I attempted to reinstall AVG, is keeps giving me and error. Even though AVG 2015 is no longer on the PC, I continue to receive an error say there is an error with vprot.exe and the error window is titled "AVG 2015". Does anyone know how to completely remove AVG?

 

I believe I will simply use AVG 9.0 for a while but would like to uninstall 2015 completely!

 

 

 

[Advertisements]

Hello and Welcome!

My name is Dan, and I'll be helping you with your issues. If someone else is helping you, either here or at another malware removal assistance site, please let me know so that I may direct my efforts to helping another user.  The Staff at Geeks To Go are ALL volunteers; please keep that in mind if I don’t answer your post as quickly as you’d like. I give what time I can.  PLEASE be patient.

I am currently in training, so there will be another person reviewing my work.  This may cause a bit of a delay in my responses, but on the positive side, you will have two sets of eyes reviewing your logs instead of one...

• Please note that you should have Administrator rights to perform any fixes.
   
• Before we proceed, you may wish to print instructions for easy reference during the fix.  Please be aware that many of the required URLs are hyperlinks in the blue names shown on your screen. Part of the fix may require you to be in Safe Mode, which might not allow you to access the internet, or my instructions.
   
• Please understand that malware removal is a complicated, multi-step process.  Therefore please stay with me until I tell you that your system is clean.  
   
• Please do not make any system or program changes, or run any tools unless I specifically ask you to.  Attempting malware removal or clean-up yourself will only extend the time it will take to get your system clean.    If you get stuck or have questions, please stop and ask so I can help you.
   
• Be sure to back up any personal data files you need to keep (documents, photos, etc.) to a USB flash drive or external hard disk.  While every attempt will be made to precisely repair the infections on your computer, due to the complexity and unpredictability of malware clean-up, there is always a risk of data loss.
   
• When posting logs, please Copy & Paste the log file contents into a reply.  Use multiple posts if necessary, but please do not attach them or post them on a file hosting site.

OK, let's get started...

First

• When did the issues first start happening?
• Take a look at the malware and spyware cleaning guide. 
• vprot.exe is part of the AVG Security Toolbar.  Have you tried uninstalling this package manually from Control Panel > Add/Remove Programs?
• AVG 9.0 is very outdated and will most likely offer you zero protection.

 
If you would like, let's make sure your system is clean first, and then I can provide some alternate suggestions for A/V software afterwards.
 
 
Second
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click on FRST on your Desktop and choose Run as Administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens, if asked, click Yes to disclaimer.
• Make sure the Addition.txt check-box is checked.
  
• Press Scan button.
• It will produce two logs called FRST.txt and Addition.txt in the same directory the tool is run from.
• Please copy and paste the contents of both of those logs back here.

[DanoNH]

Hello and Welcome!

My name is Dan, and I'll be helping you with your issues. If someone else is helping you, either here or at another malware removal assistance site, please let me know so that I may direct my efforts to helping another user.  The Staff at Geeks To Go are ALL volunteers; please keep that in mind if I don’t answer your post as quickly as you’d like. I give what time I can.  PLEASE be patient.

I am currently in training, so there will be another person reviewing my work.  This may cause a bit of a delay in my responses, but on the positive side, you will have two sets of eyes reviewing your logs instead of one...

• Please note that you should have Administrator rights to perform any fixes.
   
• Before we proceed, you may wish to print instructions for easy reference during the fix.  Please be aware that many of the required URLs are hyperlinks in the blue names shown on your screen. Part of the fix may require you to be in Safe Mode, which might not allow you to access the internet, or my instructions.
   
• Please understand that malware removal is a complicated, multi-step process.  Therefore please stay with me until I tell you that your system is clean.  
   
• Please do not make any system or program changes, or run any tools unless I specifically ask you to.  Attempting malware removal or clean-up yourself will only extend the time it will take to get your system clean.    If you get stuck or have questions, please stop and ask so I can help you.
   
• Be sure to back up any personal data files you need to keep (documents, photos, etc.) to a USB flash drive or external hard disk.  While every attempt will be made to precisely repair the infections on your computer, due to the complexity and unpredictability of malware clean-up, there is always a risk of data loss.
   
• When posting logs, please Copy & Paste the log file contents into a reply.  Use multiple posts if necessary, but please do not attach them or post them on a file hosting site.

OK, let's get started...

First

• When did the issues first start happening?
• Take a look at the malware and spyware cleaning guide. 
• vprot.exe is part of the AVG Security Toolbar.  Have you tried uninstalling this package manually from Control Panel > Add/Remove Programs?
• AVG 9.0 is very outdated and will most likely offer you zero protection.

 
If you would like, let's make sure your system is clean first, and then I can provide some alternate suggestions for A/V software afterwards.
 
 
Second
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click on FRST on your Desktop and choose Run as Administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens, if asked, click Yes to disclaimer.
• Make sure the Addition.txt check-box is checked.
  
• Press Scan button.
• It will produce two logs called FRST.txt and Addition.txt in the same directory the tool is run from.
• Please copy and paste the contents of both of those logs back here.

[Jhazon]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-06-2015
Ran by Jason (administrator) on OLDPC on 03-06-2015 19:30:07
Running from C:\Documents and Settings\Jason\Desktop
Loaded Profiles: Jason (Available Profiles: Jason)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgchsvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgrsx.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgcsrvx.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTHELPER.EXE
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
(Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG9\avgtray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BitTorrent Inc.) C:\Documents and Settings\Jason\Application Data\uTorrent\uTorrent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE
(Hide My IP) C:\Program Files\Hide My IP 6\HideMyIpSrv.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
(Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG9\avgnsx.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [56928 2006-11-23] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [54832 2006-12-05] ()
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [CTHelper] => C:\WINDOWS\system32\CTHELPER.EXE [28672 2003-06-08] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [Jet Detection] => C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [28672 2001-11-29] ()
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM\...\Run: [Acrobat Assistant 7.0] => C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2008-04-23] (Adobe Systems Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Share-to-Web Namespace Daemon] => C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe [69632 2002-04-17] (Hewlett-Packard)
HKLM\...\Run: [MimBoot] => C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe [11776 2005-05-10] (Musicmatch, Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [3033112 2015-05-04] ()
HKLM\...\Run: [AVG9_TRAY] => C:\Program Files\AVG\AVG9\avgtray.exe [2079792 2015-05-30] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11] (ATI Technologies Inc.)
Winlogon\Notify\avgrsstarter: C:\WINDOWS\system32\avgrsstx.dll [2015-05-30] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1993962763-329068152-1417001333-1004\...\Run: [MSMSGS] => "C:\Program Files\Messenger\msmsgs.exe" /background
HKU\S-1-5-21-1993962763-329068152-1417001333-1004\...\Run: [AVG-Secure-Search-Update_1113a] => C:\Documents and Settings\Jason\Application Data\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=fad843d0bd6d47d3b53dd144275b507f-06ce4fc639803a2e3563922518183d8e94088cb9 /CMPID=111 (the data entry has 2 more characters).
HKU\S-1-5-21-1993962763-329068152-1417001333-1004\...\MountPoints2: {cc31ceb7-8a77-11e2-b8a5-806d6172696f} - E:\setup.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2013-03-14]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Jason\Start Menu\Programs\Startup\µTorrent.lnk [2015-06-01]
ShortcutTarget: µTorrent.lnk -> C:\Documents and Settings\Jason\Application Data\uTorrent\uTorrent.exe (BitTorrent Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1993962763-329068152-1417001333-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charlottecounty.ca/acorns/
HKU\S-1-5-21-1993962763-329068152-1417001333-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1993962763-329068152-1417001333-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG9\avgssie.dll [2015-05-30] (AVG Technologies CZ, s.r.o.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.1.0.411\AVG Web TuneUp.dll [2015-05-04] (AVG)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18] (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1993962763-329068152-1417001333-1004 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18] (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartph...veX_Control.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files\TurboTax 2012\ic2012pp.dll No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll [2015-05-30] (AVG Technologies CZ, s.r.o.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Winsock: Catalog9 01 C:\WINDOWS\system32\HMIPCore.dll [353280 2015-05-25] (Hide My IP)
Winsock: Catalog9 02 C:\WINDOWS\system32\HMIPCore.dll [353280 2015-05-25] (Hide My IP)
Winsock: Catalog9 18 C:\WINDOWS\system32\HMIPCore.dll [353280 2015-05-25] (Hide My IP)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.4.0\\npsitesafety.dll No File
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2009-11-13] (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [2009-11-13] (DivX, Inc)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-03-12]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-01]
CHR Extension: (Google Drive) - C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-01]
CHR Extension: (YouTube) - C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-01]
CHR Extension: (Google Search) - C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-01]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Gmail) - C:\Documents and Settings\Jason\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [602112 2010-02-11] (ATI Technologies Inc.) [File not signed]
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2010-02-10] () [File not signed]
R2 avg9wd; C:\Program Files\AVG\AVG9\avgwdsvc.exe [308136 2015-05-30] (AVG Technologies CZ, s.r.o.)
R3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
R2 HideMyIpSRV; C:\Program Files\Hide My IP 6\HideMyIpSRV.exe [4341760 2015-04-26] (Hide My IP) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-09-26] (Oracle Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2007-01-05] (Nero AG) [File not signed]
S3 NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [262144 2006-12-23] (Nero AG) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-07] () [File not signed]
R2 vToolbarUpdater18.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-05-04] (AVG Secure Search)
R2 WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed]
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-05-04] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [3565056 2010-02-11] (ATI Technologies Inc.) [File not signed]
S3 ATIAVAIW; C:\WINDOWS\System32\DRIVERS\atinavt2.sys [170496 2009-02-03] (ATI Technologies Inc.) [File not signed]
S3 atinrvxx; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [104960 2008-04-13] (ATI Technologies Inc.)
S3 ATITUNEP; C:\WINDOWS\System32\DRIVERS\atintuxx.sys [73216 2008-04-13] (ATI Technologies Inc.)
S3 ativraxx; C:\WINDOWS\System32\DRIVERS\atinraxx.sys [52224 2008-04-13] (ATI Technologies Inc.)
S3 ATIXSAudio; C:\WINDOWS\System32\DRIVERS\atinxsxx.sys [63488 2008-04-13] (ATI Technologies Inc.)
R1 AvgLdx86; C:\WINDOWS\System32\Drivers\avgldx86.sys [226016 2015-05-30] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [29712 2015-05-30] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiX; C:\WINDOWS\System32\Drivers\avgtdix.sys [243152 2015-05-30] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 ctac32k; C:\WINDOWS\System32\drivers\ctac32k.sys [186068 2003-06-08] (Creative Technology Ltd) [File not signed]
S3 ctljystk; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.)
R3 ctprxy2k; C:\WINDOWS\System32\drivers\ctprxy2k.sys [6144 2003-06-08] (Creative Technology Ltd) [File not signed]
R3 ctsfm2k; C:\WINDOWS\System32\drivers\ctsfm2k.sys [136448 2003-06-08] (Creative Technology Ltd) [File not signed]
R3 emupia; C:\WINDOWS\System32\drivers\emupia2k.sys [116416 2003-06-08] (Creative Technology Ltd) [File not signed]
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
R3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [819984 2003-06-08] (Creative Technology Ltd)
S3 hap16v2k; C:\WINDOWS\System32\drivers\hap16v2k.sys [135696 2003-06-08] (Creative Technology Ltd) [File not signed]
R3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [220032 2008-04-13] (Conexant Systems, Inc.)
R3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2008-04-13] (Conexant Systems, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-25] (Malwarebytes Corporation)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 MVDCODEC; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [13824 2008-04-13] (ATI Technologies Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R0 nvatabus; C:\WINDOWS\System32\DRIVERS\nvatabus.sys [79360 2004-06-03] (NVIDIA Corporation)
R0 nv_agp; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [21760 2004-04-02] (NVIDIA Corporation)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [685056 2008-04-13] (Conexant Systems, Inc.)
S0 cerc6; No ImagePath
S3 ctdvda2k; System32\drivers\ctdvda2k.sys [X]
S4 IntelIde; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-03 19:30 - 2015-06-03 19:30 - 00019714 _____ C:\Documents and Settings\Jason\Desktop\FRST.txt
2015-06-03 19:29 - 2015-06-03 19:30 - 00000000 ____D C:\FRST
2015-06-03 19:29 - 2015-06-03 19:29 - 01147392 _____ (Farbar) C:\Documents and Settings\Jason\Desktop\FRST.exe
2015-06-03 16:39 - 2015-06-03 16:38 - 00094208 _____ C:\WINDOWS\Minidump\Mini060315-01.dmp
2015-06-01 22:46 - 2015-06-01 22:46 - 00000000 ____D C:\Program Files\GUM22.tmp
2015-05-30 15:47 - 2015-05-30 15:59 - 00226016 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx86.sys
2015-05-30 15:47 - 2015-05-30 15:47 - 00243152 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgtdix.sys
2015-05-30 15:47 - 2015-05-30 15:47 - 00029712 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2015-05-30 15:47 - 2015-05-30 15:47 - 00012536 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgrsstx.dll
2015-05-30 15:47 - 2015-05-30 15:47 - 00001507 _____ C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
2015-05-30 15:47 - 2015-05-30 15:47 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG Free 9.0
2015-05-30 15:46 - 2015-06-03 09:37 - 00000000 ____D C:\WINDOWS\system32\Drivers\Avg
2015-05-30 15:46 - 2015-05-30 15:46 - 00000000 ____D C:\Program Files\AVG
2015-05-30 15:46 - 2015-05-30 15:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\avg9
2015-05-30 11:30 - 2015-05-30 11:30 - 00000000 ____D C:\Documents and Settings\Jason\Local Settings\Application Data\Avg2015
2015-05-30 08:05 - 2015-05-30 08:05 - 00000000 ____D C:\Documents and Settings\Jason\Local Settings\Application Data\Avg
2015-05-25 17:16 - 2015-05-28 20:43 - 00002456 _____ C:\WINDOWS\system32\HideMyIpSRVOff.ini
2015-05-25 17:16 - 2015-05-25 17:16 - 00000710 _____ C:\Documents and Settings\Jason\Desktop\Hide My IP 6.lnk
2015-05-25 17:16 - 2015-05-25 17:16 - 00000000 ____D C:\Program Files\Hide My IP 6
2015-05-25 17:16 - 2015-05-25 17:16 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\HideMyIpSRV
2015-05-25 17:16 - 2015-05-25 17:16 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Hide My IP 6
2015-05-25 17:16 - 2015-04-26 14:38 - 00353280 _____ (Hide My IP) C:\WINDOWS\system32\HMIPCore.dll
2015-05-06 20:55 - 2015-05-06 20:55 - 00094208 _____ C:\WINDOWS\Minidump\Mini050615-02.dmp
2015-05-06 17:51 - 2015-05-06 17:51 - 00094208 _____ C:\WINDOWS\Minidump\Mini050615-01.dmp
2015-05-04 11:40 - 2015-05-04 11:40 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2015-05-04 11:40 - 2015-05-04 11:40 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\AVG Web TuneUp
2015-05-04 11:40 - 2015-05-04 11:40 - 00000000 ____D C:\Documents and Settings\Jason\Local Settings\Application Data\AVG Web TuneUp
2015-05-04 11:40 - 2015-05-04 11:40 - 00000000 ____D C:\Documents and Settings\Jason\Application Data\AVG Web TuneUp
2015-05-04 11:40 - 2015-05-04 11:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG Web TuneUp
2015-05-04 11:40 - 2015-05-04 11:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2015-05-04 11:40 - 2015-05-04 11:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG Secure Search
2015-05-04 11:39 - 2015-05-04 11:40 - 00000000 ____D C:\Program Files\AVG Web TuneUp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-03 19:30 - 2013-03-14 20:29 - 00000000 ____D C:\Documents and Settings\Jason\Application Data\uTorrent
2015-06-03 19:30 - 2013-03-12 11:31 - 00000000 ____D C:\Documents and Settings\Jason\Local Settings\Temp
2015-06-03 18:46 - 2013-09-01 10:08 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-03 18:45 - 2013-03-13 11:30 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-03 16:41 - 2013-03-14 20:32 - 00000000 ____D C:\Torrents
2015-06-03 16:41 - 2013-03-12 10:39 - 01996776 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-03 16:39 - 2014-03-15 13:14 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-06-03 16:39 - 2013-09-01 10:08 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-03 16:39 - 2013-08-15 18:28 - 00000000 ____D C:\WINDOWS\Minidump
2015-06-03 16:39 - 2013-03-13 11:36 - 00000000 ____D C:\Documents and Settings\Jason\Start Menu\Programs\CyberLink DVD Suite
2015-06-03 16:39 - 2013-03-12 10:44 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-03 16:39 - 2013-03-11 15:32 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-06-03 16:39 - 2013-03-11 15:32 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-06-03 16:39 - 2008-04-13 20:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2015-06-02 17:46 - 2013-03-12 10:44 - 00032436 _____ C:\WINDOWS\SchedLgU.Txt
2015-06-02 01:50 - 2013-03-16 17:38 - 00001080 _____ C:\WINDOWS\system32\settingsbkup.sfm
2015-06-02 01:50 - 2013-03-16 17:38 - 00001080 _____ C:\WINDOWS\system32\settings.sfm
2015-06-02 01:50 - 2013-03-16 17:38 - 00000288 _____ C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-00000007-00001102-00000002-80671102}.dat
2015-06-02 01:50 - 2013-03-16 17:38 - 00000288 _____ C:\WINDOWS\system32\DVCState-{00000001-00000000-00000007-00001102-00000002-80671102}.dat
2015-06-02 01:37 - 2013-03-12 15:03 - 00327680 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2015-06-01 17:40 - 2013-03-14 20:33 - 00210432 _____ C:\Documents and Settings\Jason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-30 14:28 - 2013-03-12 11:31 - 00000278 ___SH C:\Documents and Settings\Jason\ntuser.ini
2015-05-30 11:28 - 2013-03-12 17:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2015-05-30 11:22 - 2013-03-11 15:27 - 01058803 _____ C:\WINDOWS\setupapi.log
2015-05-29 22:56 - 2013-03-12 11:31 - 00000000 ____D C:\Documents and Settings\Jason
2015-05-29 22:29 - 2014-06-13 09:35 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-05-25 17:18 - 2014-06-13 09:36 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 17:49 - 2014-10-23 19:53 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-23 17:49 - 2014-06-13 09:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-17 17:10 - 2013-03-17 14:56 - 00000068 _____ C:\WINDOWS\E
2015-05-17 16:43 - 2014-06-27 18:20 - 00000000 ____D C:\Documents and Settings\Jason\My Documents\My Projects
2015-05-17 15:24 - 2013-03-14 20:30 - 00000000 ____D C:\Alpha
2015-05-13 18:56 - 2013-08-14 19:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-05-11 13:15 - 2013-04-21 19:54 - 00000000 ____D C:\Documents and Settings\Jason\Application Data\vlc
2015-05-08 15:00 - 2014-03-15 13:14 - 00000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

==================== Files in the root of some directories =======

2013-09-18 23:19 - 2013-10-25 16:38 - 0000154 _____ () C:\Documents and Settings\Jason\Application Data\Rim.Desktop.Exception.log
2013-09-18 23:07 - 2013-09-18 23:07 - 0001105 _____ () C:\Documents and Settings\Jason\Application Data\Rim.Desktop.HttpServerSetup.log
2013-09-18 23:19 - 2013-10-25 16:38 - 0000154 _____ () C:\Documents and Settings\Jason\Application Data\Rim.DesktopHelper.Exception.log
2013-03-14 20:33 - 2015-06-01 17:40 - 0210432 _____ () C:\Documents and Settings\Jason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Documents and Settings\Jason\Local Settings\Temp\BlackBerryDeviceManager.exe
C:\Documents and Settings\Jason\Local Settings\Temp\jre-8u31-windows-au.exe
C:\Documents and Settings\Jason\Local Settings\Temp\vlc-2.0.6-win32.exe
C:\Documents and Settings\Jason\Local Settings\Temp\vlc-2.0.8-win32.exe
C:\Documents and Settings\Jason\Local Settings\Temp\vlc-2.1.3-win32.exe
C:\Documents and Settings\Jason\Local Settings\Temp\vlc-2.1.5-win32.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-06-2015
Ran by Jason at 2015-06-03 19:31:15
Running from C:\Documents and Settings\Jason\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1993962763-329068152-1417001333-500 - Administrator - Enabled)
Guest (S-1-5-21-1993962763-329068152-1417001333-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1993962763-329068152-1417001333-1000 - Limited - Disabled)
Jason (S-1-5-21-1993962763-329068152-1417001333-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Jason
SUPPORT_388945a0 (S-1-5-21-1993962763-329068152-1417001333-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Anti-Virus Free (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 3.3.0.29333 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-1993962763-329068152-1417001333-1004\...\uTorrent) (Version: 3.3.1.30017 - BitTorrent Inc.)
AC3Filter 1.63b (HKLM\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Adobe Acrobat 7.1.0 Professional (HKLM\...\Adobe Acrobat 7.0 Professional - V) (Version: 7.1.0 - Adobe Systems)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1022 - )
ATI AVIVO Codecs (HKLM\...\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}) (Version: 10.0.0.40103 - ATI Technologies Inc.)
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.010.0210.2338 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.593.100-100210a-095952E-ATI - )
AVG Free 9.0 (HKLM\...\AVG9Uninstall) (Version:  - AVG Technologies)
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Device Manager 7.0 (HKLM\...\BlackBerry_HandheldManager) (Version: 7.0.0.40 - Research In Motion Ltd.)
BlackBerry Device Manager 7.0 (Version: 7.0.0.40 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BulletProof FTP (HKLM\...\BulletProof FTP) (Version:  - )
ccc-core-preinstall (Version: 2010.0210.2339.42455 - ATI) Hidden
ccc-core-static (Version: 2010.0210.2339.42455 - ATI) Hidden
CEF Names 4.1.0 (HKLM\...\CEF Names) (Version: 4.1.0 - Adler House Software)
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Plus Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 2.0.0 - DivX,Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.41 - DivX, LLC)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version:  - )
Family Tree Maker 2011 (HKLM\...\Family Tree Maker 2011) (Version: 20.0.368 - Ancestry.com)
Family Tree Maker 2011 (Version: 20.0.368 - Ancestry.com) Hidden
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Hide My IP 6 (HKLM\...\HIDEMYIP_is1) (Version:  - My Privacy Tools, Inc)
HomeSite 4.0 (HKU\S-1-5-21-1993962763-329068152-1417001333-1004\...\HomeSite 4.0) (Version:  - )
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{F4B1B985-F308-4DBA-BFD7-CCCB8839234B}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1000 J110 series Help (HKLM\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
HP Memories Disc (HKLM\...\{B376402D-58EA-45EA-BD50-DD924EB67A70}) (Version: 1.0.4.805 - Hewlett-Packard Company)
HP Photo and Imaging 2.2 - Scanjet 3970 Series (HKLM\...\{796ADAFF-7C5B-4CED-BA11-55A3644F1E0D}) (Version: 2.2.0000 - {&Tahoma8}Hewlett-Packard)
iTunes (HKLM\...\{268278CF-FB69-4D98-B70E-BFEC1CDCA225}) (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.710 - Oracle)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.4330.0 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Musicmatch® Jukebox (HKLM\...\{85D3CC30-8859-481A-9654-FD9B74310BEF}) (Version: 10.00.3030 - )
Nero 7 Essentials (HKLM\...\{AAB93551-3FFE-42B2-8315-96252BBC1033}) (Version: 7.02.4861 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation)
ShareIns (Version: 1.00.0000 - Hewlett-Packard) Hidden
Skins (Version: 2010.0210.2339.42455 - ATI) Hidden
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
Sound Blaster Live! (HKLM\...\{9115E7DB-3B29-445A-802D-11E0AA945B7F}) (Version:  - )
Spell Checker For OE 2.1 (HKLM\...\Spell Checker For OE 2.1) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (HKLM\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1993962763-329068152-1417001333-1004\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Xilisoft Video Converter 3 (HKLM\...\Xilisoft Video Converter) (Version: 3.1.52.0124b - Xilisoft)
Xvid 1.2.2 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

24-04-2015 10:58:53 System Checkpoint
24-04-2015 12:28:37 System Checkpoint
25-04-2015 12:43:38 System Checkpoint
25-04-2015 23:17:24 Installed AVG 2015
25-04-2015 23:17:47 Removed AVG 2014
25-04-2015 23:18:50 Installed AVG 2015
25-04-2015 23:23:07 Removed AVG 2014
26-04-2015 23:30:55 System Checkpoint
27-04-2015 23:59:14 System Checkpoint
29-04-2015 00:12:13 System Checkpoint
30-04-2015 00:45:42 System Checkpoint
01-05-2015 01:45:42 System Checkpoint
02-05-2015 02:45:43 System Checkpoint
03-05-2015 03:45:42 System Checkpoint
04-05-2015 04:45:42 System Checkpoint
05-05-2015 05:45:43 System Checkpoint
06-05-2015 06:40:33 System Checkpoint
07-05-2015 07:00:42 System Checkpoint
08-05-2015 08:00:44 System Checkpoint
09-05-2015 10:14:47 System Checkpoint
10-05-2015 11:15:06 System Checkpoint
11-05-2015 11:59:30 System Checkpoint
12-05-2015 12:59:30 System Checkpoint
13-05-2015 03:00:38 Software Distribution Service 3.0
13-05-2015 18:44:41 Software Distribution Service 3.0
14-05-2015 18:59:30 System Checkpoint
16-05-2015 09:38:34 System Checkpoint
17-05-2015 10:15:27 System Checkpoint
18-05-2015 10:19:08 System Checkpoint
19-05-2015 10:23:03 System Checkpoint
20-05-2015 11:23:04 System Checkpoint
21-05-2015 12:23:03 System Checkpoint
22-05-2015 13:23:04 System Checkpoint
23-05-2015 14:22:50 System Checkpoint
24-05-2015 15:22:50 System Checkpoint
25-05-2015 16:22:50 System Checkpoint
26-05-2015 17:25:08 System Checkpoint
27-05-2015 18:22:51 System Checkpoint
28-05-2015 19:23:56 System Checkpoint
29-05-2015 23:32:53 System Checkpoint
30-05-2015 11:21:06 Removed AVG 2015
30-05-2015 11:22:44 Removed AVG 2015
30-05-2015 15:46:42 Installed AVG Free 9.0
30-05-2015 15:48:08 Avg Update
30-05-2015 15:59:41 Avg Update
30-05-2015 16:01:09 Avg Update
31-05-2015 16:59:19 System Checkpoint
01-06-2015 17:09:36 System Checkpoint
02-06-2015 18:27:57 System Checkpoint
03-06-2015 18:43:26 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-13 20:00 - 2008-04-13 20:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-04 11:39 - 2015-05-04 11:39 - 00620056 ____N () C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
2013-01-28 13:08 - 2013-01-28 13:08 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 13:08 - 2013-01-28 13:08 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2002-04-17 10:49 - 2002-04-17 10:49 - 00024576 _____ () C:\Program Files\HP\HP Share-to-Web\hpgs2wnfps.dll
2013-03-12 15:01 - 2013-03-12 15:01 - 00014848 _____ () C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2009-11-24 14:36 - 2009-11-24 14:36 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2002-04-17 10:49 - 2002-04-17 10:49 - 00077824 _____ () C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
2008-04-13 20:00 - 2008-04-13 20:00 - 00355112 _____ () C:\WINDOWS\system32\msjetoledb40.dll
2013-08-11 15:01 - 2005-04-11 13:31 - 00122880 _____ () C:\Program Files\Musicmatch\Musicmatch Jukebox\mmgit.dll
2013-08-11 15:01 - 2005-05-10 16:04 - 00118784 _____ () C:\Program Files\Musicmatch\Musicmatch Jukebox\CDDVDAccess.dll
2013-03-13 11:36 - 2005-08-07 09:54 - 00167936 ____N () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2015-05-04 11:40 - 2015-05-04 11:39 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
2015-05-04 11:40 - 2015-05-04 11:39 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\log4cplusU.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HideMyIpSRV => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1993962763-329068152-1417001333-1004\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe] => :LocalSubNet:Enabled:HP Device Setup
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2013\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Jason\Application Data\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Torrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe] => Enabled:BlackBerry Desktop Software
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2014\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG9\avgupd.exe] => Enabled:avgupd.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG9\avgnsx.exe] => Enabled:avgnsx.exe
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [465:TCP] => Enabled:Email
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [4481:TCP] => :LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
StandardProfile\GloballyOpenPorts: [4481:UDP] => :LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
StandardProfile\GloballyOpenPorts: [4482:TCP] => :LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
StandardProfile\GloballyOpenPorts: [4482:UDP] => :LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

==================== Faulty Device Manager Devices =============

Name: ATI T200 Unified AVStream Driver
Description: ATI T200 Unified AVStream Driver
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: ATI Technologies
Service: ATIAVAIW
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2015 07:25:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgcmgr.exe, version 9.0.0.832, faulting module avgcmgr.exe, version 9.0.0.832, fault address 0x00002a1a.
Processing media-specific event for [avgcmgr.exe!ws!]

Error: (06/03/2015 07:10:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgcmgr.exe, version 9.0.0.832, faulting module avgcmgr.exe, version 9.0.0.832, fault address 0x00002a1a.
Processing media-specific event for [avgcmgr.exe!ws!]

Error: (06/03/2015 06:55:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgcmgr.exe, version 9.0.0.832, faulting module avgcmgr.exe, version 9.0.0.832, fault address 0x00002a1a.
Processing media-specific event for [avgcmgr.exe!ws!]

Error: (06/03/2015 06:40:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgcmgr.exe, version 9.0.0.832, faulting module avgcmgr.exe, version 9.0.0.832, fault address 0x00002a1a.
Processing media-specific event for [avgcmgr.exe!ws!]

Error: (06/03/2015 06:25:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgcmgr.exe, version 9.0.0.832, faulting module avgcmgr.exe, version 9.0.0.832, fault address 0x00002a1a.
Processing media-specific event for [avgcmgr.exe!ws!]

Error: (06/03/2015 06:10:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgcmgr.exe, version 9.0.0.832, faulting module avgcmgr.exe, version 9.0.0.832, fault address 0x00002a1a.
Processing media-specific event for [avgcmgr.exe!ws!]

Error: (06/03/2015 05:55:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgcmgr.exe, version 9.0.0.832, faulting module avgcmgr.exe, version 9.0.0.832, fault address 0x00002a1a.
Processing media-specific event for [avgcmgr.exe!ws!]

Error: (06/03/2015 05:40:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgcmgr.exe, version 9.0.0.832, faulting module avgcmgr.exe, version 9.0.0.832, fault address 0x00002a1a.
Processing media-specific event for [avgcmgr.exe!ws!]

Error: (06/03/2015 05:25:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgcmgr.exe, version 9.0.0.832, faulting module avgcmgr.exe, version 9.0.0.832, fault address 0x00002a1a.
Processing media-specific event for [avgcmgr.exe!ws!]

Error: (06/03/2015 05:10:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgcmgr.exe, version 9.0.0.832, faulting module avgcmgr.exe, version 9.0.0.832, fault address 0x00002a1a.
Processing media-specific event for [avgcmgr.exe!ws!]

System errors:
=============
Error: (06/03/2015 10:30:53 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (06/03/2015 10:30:02 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (06/03/2015 10:29:26 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (06/02/2015 01:51:30 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.2.16 for the Network Card with network address 000D61BFB98C has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

Error: (06/01/2015 09:54:55 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.2.11 for the Network Card with network address 000D61BFB98C has been
denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

Error: (06/01/2015 05:54:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SSDP Discovery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/01/2015 05:54:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TCP/IP NetBIOS Helper service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/30/2015 08:26:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Blackberry Device Manager service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/30/2015 03:47:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/30/2015 02:27:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HideMyIpSRV service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 200 milliseconds: Restart the service.

Microsoft Office:
=========================
Error: (06/03/2015 07:25:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgcmgr.exe9.0.0.832avgcmgr.exe9.0.0.83200002a1a

Error: (06/03/2015 07:10:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgcmgr.exe9.0.0.832avgcmgr.exe9.0.0.83200002a1a

Error: (06/03/2015 06:55:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgcmgr.exe9.0.0.832avgcmgr.exe9.0.0.83200002a1a

Error: (06/03/2015 06:40:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgcmgr.exe9.0.0.832avgcmgr.exe9.0.0.83200002a1a

Error: (06/03/2015 06:25:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgcmgr.exe9.0.0.832avgcmgr.exe9.0.0.83200002a1a

Error: (06/03/2015 06:10:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgcmgr.exe9.0.0.832avgcmgr.exe9.0.0.83200002a1a

Error: (06/03/2015 05:55:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgcmgr.exe9.0.0.832avgcmgr.exe9.0.0.83200002a1a

Error: (06/03/2015 05:40:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgcmgr.exe9.0.0.832avgcmgr.exe9.0.0.83200002a1a

Error: (06/03/2015 05:25:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgcmgr.exe9.0.0.832avgcmgr.exe9.0.0.83200002a1a

Error: (06/03/2015 05:10:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgcmgr.exe9.0.0.832avgcmgr.exe9.0.0.83200002a1a

==================== Memory info ===========================

Processor: AMD Athlon™ XP 2500+
Percentage of memory in use: 21%
Total physical RAM: 3071.48 MB
Available physical RAM: 2422.04 MB
Total Pagefile: 5987.63 MB
Available Pagefile: 5243.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.78 GB) (Free:31.22 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Slave) (Fixed) (Total:465.76 GB) (Free:185.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 96149614)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: B4EEA180)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of log ============================

[Jhazon]

_{Here are a couple of the errors that randomly pop up on my screen...}

 

[Jhazon]

[DanoNH]

Hello Jhazon,
 
First things first...
 
P2P Software Warning:
It seems you have uTorrent P2P software installed.  While this software may have been intentionally installed on the system, and the program itself may be safe, the files shared with these programs often carry an unknown malware payload.  Some of this malware is Ransomware which encrypts user files for ransom with a time limit. 

 

Pretty nasty stuff.

Besides installing malware,  the use of these programs can expose sensitive information belonging to you or your employer to the Internet, make your system vulnerable to unwanted attacks by exploiting known security issues, block your Internet access, and can possibly subject you to copyright infringement prosecution.
 
In your case, this can be even worse if your Anti-Virus is crashing or not properly protecting you.

If you do decide to keep any P2P programs, please uninstall them or disable and keep from using them until after we've finished and your system is declared clean.

You can read more about the risks of using P2P software at these links:

• US Gov. CERT: Risks of File Sharing Technology
• 2010: The Year of P2P Vulnerabilities
• Risks of P2P file sharing
• File sharing infects 500,000 computers

 

Now...
 

_{Here are a couple of the errors that randomly pop up on my screen...}
 

OK, this error is coming from your currently installed AVG 9.0.
 

This is the AVG Security Toolbar crashing.    I don't see it in your list of installed programs, but it is certainly in your logs, and I can help you with this.

 

 
While I work to finish up a plan for your system, could you please answer these questions for me?

• AVG 9.0 isn't available on the AVG web site, or from any legitimate sources I saw (upon a quick search).  All I could find on their site was a page dated 2013 with the license agreement on it, and no download links.  As best as I can tell, it is very outdated.  Why are you interested in running it?
• There are other Free Anti-Virus programs out there which are as good, if not better than AVG.  I run Avast! Free myself.  Would you consider running a different Anti-Virus software?

As previously requested, please don't make any system changes without me asking you to until we're finished here and I tell you the system is clean. 
 
Let me know the answers to these questions and confirm that you have either disabled or uninstalled uTorrent, and I'll be back with some steps for you.

[Jhazon]

answers: 1) I previously thought running an older version of AVG would offer some protection, but I guess that was being naïve. 2) yes, I would be open to a new anti-virus but AVG has been good to me up to this point. 

 

I will uninstall the P2P.

[DanoNH]

answers: 1) I previously thought running an older version of AVG would offer some protection, but I guess that was being naïve. 2) yes, I would be open to a new anti-virus but AVG has been good to me up to this point.

At the end of the day, as long as you run some active real-time protection, you should be OK.   It's your choice, so if you want to stay with AVG there are no problems with that.  If you do decide to give Avast! a try, just make sure you completely uninstall AVG first and reboot before installing another Anti-Virus.  You don't want 2 running at the same time. 

 

 

I will uninstall the P2P.

 

 

I will be back, thanks for your patience.

[DanoNH]

Hello Jhazon,

We are going to uninstall AVG completely, then run their cleanup tool on your system. If you want to try re-installing a current version of AVG that's fine, although my suggestion would be Avast! Free for the Web Shield and Browser Cleanup features.

Are you ready? Let's go...


First
Programs uninstall

Go to the Control Panel >Add/Remove Programs, and uninstall the following programs:

• AVG Free 9.0
• AVG Web TuneUp

Second
Download and run the AVG Removal Tool

• Download the AVG Removal Tool to your Desktop: 32-bit version | 64-bit version
• Right-click on the file and select "Run as adminstrator..."
• Follow the prompts to run the tool
• Reboot afterwards if not prompted to do so.
• See this page for more information: http://www.avg.com/ww-en/utilities
  
  Post the removal tool log in a reply.

You may now install Avast! Home Edition, AVG Free Anti-virus or whatever other free Anti-Virus program of your choosing.

Third
Run a FRST Fix

• Download the attached fixlist.txt file and save it to the Desktop ->  fixlist.txt   1.13KB   197 downloads
  
  (Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)
  
  Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
• Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

Fourth
Run Junkware Removal Tool:

Please download Junkware Removal Tool to your Desktop.

• Shut down your protection software now to avoid potential conflicts. See here for more information.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Fifth
AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the Desktop.

Note: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

• XP users: Double click the AdwCleaner icon to start the program.
• Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:
  
• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
• Do not click the Cleaning button.
• Click the Logfile button to get the log.
• Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
• Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Finally
In your next reply, please copy/paste the contents of the following logs:

• AVG Removal log
• FRST fixlist log
• JRT log
• AdwCleaner Scan log

And let me know what Anti-Virus you decided on.

[DanoNH]

In case you're wondering, you need the 32-bit version of the AVG removal tool, not the 64-bit one.  Sorry for any confusion there. 

[Jhazon]

I am unable to paste the AVG removal log... browser keeps freezing! I tried both IE and Chrome.

Edited by Jhazon, 04 June 2015 - 06:15 PM.

[DanoNH]

Just to confirm, you did reboot after running the removal tool, correct?

 

Did you see any error messages during the process?

 

We don't normally ask for this, but in this case can you attach the AVG log instead?

[Jhazon]

Yes, I complete a reboot, there were no error messages.

 

Update: I attempted to "attach" the log file to this post, but it does not seem to work.

Edited by Jhazon, 05 June 2015 - 06:23 AM.

[Jhazon]

Attached: avgremover.log

Attached Files

•  avgremover.log   589.97KB   181 downloads

[Jhazon]

Junkware Removal Tool: JRT does not create a file on my desktop.... it "create a registry backup" and then "checking startup".... then it will close itself. Nothing further.