Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware or AVG antivirus Update Issue Win XP 32bit [Solved]

Started by dbrupp , Jun 22 2015 06:10 PM

  • This topic is locked This topic is locked

#1
dbrupp
Posted 22 June 2015 - 06:10 PM

dbrupp

    Member

  • Member
  • PipPip
  • 49 posts

Hello Good People of Geeks2Go,

This morning when I turned on my laptop, I noticed navigation was a bit slow, but at the same time I saw that my free AVG 2015 antivirus was updating; so, suspected that as the culprit.  After AVG updated, a dialogue box popped up stating my laptop needed to be restarted. After restarting my laptop, my windows startup page showed up, but then instead of going to my desktop, my screen stayed black.

I am able to boot in SAFE MODE and was able to access your site and the Farbar scan tool from SAFE MODE using my Mozilla Firefox browser which is the only browser that I use (I have IE browser, but never use it).

I'm questioning whether AVG caused the problems that I'm having or if I have malware causing the problem.

When you have a moment, will you kindly take a look at the logs that I ran from SAFE mode and let me know if you suspect malware and how I can eradicate it.  Thank you very much.

-

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-06-2015 01
Ran by Owner (administrator) on OWNER-D67H3 on 22-06-2015 19:41:26
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [176128 2005-10-07] (Alps Electric Co., Ltd.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-09-15] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-09-15] (Intel Corporation)
HKLM\...\Run: [Dell QuickSet] => C:\Program Files\Dell\QuickSet\quickset.exe [1228800 2007-07-20] (Dell Inc.)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-01-11] (ATI Technologies, Inc.)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [PeachtreePrefetcher.exe] => C:\Program Files\Sage Software\Peachtree\PeachtreePrefetcher.exe [30024 2011-12-27] (Sage Software, Inc.)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [745472 2009-02-10] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [77824 2007-10-30] (Brother Industries, Ltd.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3745744 2015-05-18] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2005-01-11] (ATI Technologies Inc.)
HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-583907252-861567501-1801674531-500\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6714136 2015-05-18] (SUPERAntiSpyware)
HKU\S-1-5-21-583907252-861567501-1801674531-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-583907252-861567501-1801674531-500\...\Run: [Dropbox Update] => C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2011-02-25]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-09]
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\S-1-5-21-583907252-861567501-1801674531-500 -> DefaultScope {674CA038-37E7-45B4-9E46-6FE3FB0DEF38} URL = http://search.yahoo....=utf-8&fr=b2ie7
SearchScopes: HKU\S-1-5-21-583907252-861567501-1801674531-500 -> {674CA038-37E7-45B4-9E46-6FE3FB0DEF38} URL = http://search.yahoo....=utf-8&fr=b2ie7
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll [2012-06-24] (AVG Technologies CZ, s.r.o.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-20] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-20] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-583907252-861567501-1801674531-500 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://mywayphotos.r...veX_Control.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k4arxvch.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-15] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-20] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-03-01]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-06-02]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-09-08] (SUPERAntiSpyware.com)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3438544 2015-05-18] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [311792 2015-05-18] (AVG Technologies CZ, s.r.o.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-20] (Oracle Corporation)
S2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-07-20] (Dell Inc.) [File not signed]
S2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-05] ()
S3 Peachtree SmartPosting 2012; C:\Program Files\Sage Software\Peachtree\SmartPostingService2012.exe [43848 2011-12-27] (Sage Software, Inc.)
S2 psqlWGE; C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [435528 2011-04-07] (Pervasive Software Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
S1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [211424 2015-04-27] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [191968 2015-05-07] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [29664 2015-05-14] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [166880 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [213984 2015-05-04] (AVG Technologies CZ, s.r.o.)
S3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [564224 2006-06-26] (Broadcom Corporation)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-14] (Brother Industries Ltd.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 Eplpdx02; C:\WINDOWS\system32\Drivers\EPLPDX02.SYS [70084 2001-08-10] (MK Systems CO., LTD.) [File not signed]
S3 GTIPCI21; C:\WINDOWS\System32\DRIVERS\gtipci21.sys [88192 2006-04-06] (Texas Instruments)
S3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
S3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 QCDonner; C:\WINDOWS\System32\DRIVERS\OVCD.sys [28032 2001-08-17] (Microsoft Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
S3 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed]
R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2216064 2008-01-07] (Intel® Corporation)
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 UIUSys; system32\drivers\UIUSys.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-22 19:34 - 2015-06-22 19:41 - 00000000 ____D C:\FRST
2015-06-22 19:13 - 2015-06-22 19:13 - 00000000 ____D C:\WINDOWS\CSC
2015-06-22 08:38 - 2015-06-22 08:38 - 00000060 _____ C:\WINDOWS\setupact.log
2015-06-22 08:38 - 2015-06-22 08:38 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-06-17 09:52 - 2015-06-17 09:52 - 00000000 ____D C:\Documents and Settings\Owner\Start Menu\Programs\Dropbox
2015-06-17 09:49 - 2015-06-22 18:54 - 00000988 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-583907252-861567501-1801674531-500UA.job
2015-06-17 09:49 - 2015-06-19 09:54 - 00000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-583907252-861567501-1801674531-500Core.job
2015-06-17 09:49 - 2015-06-17 09:49 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox
2015-06-17 09:49 - 2015-06-17 09:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Dropbox
2015-06-03 18:39 - 2015-06-03 18:39 - 24023814 _____ C:\Documents and Settings\Owner\Desktop\doctor note.bmp
2015-06-02 20:51 - 2015-06-02 20:59 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-02 07:40 - 2015-06-02 07:40 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Avg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-22 19:41 - 2009-02-23 15:39 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Temp
2015-06-22 19:16 - 2011-04-25 17:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2015-06-22 19:15 - 2014-10-20 19:52 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Avg2015
2015-06-22 19:14 - 2013-04-05 18:48 - 01172715 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-22 19:14 - 2004-08-04 05:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-06-22 10:49 - 2013-04-05 18:48 - 00000259 _____ C:\WINDOWS\wiadebug.log
2015-06-22 10:49 - 2013-04-05 18:48 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-06-22 10:48 - 2009-02-23 15:38 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-22 08:54 - 2009-02-23 15:39 - 00000278 ___SH C:\Documents and Settings\Owner\ntuser.ini
2015-06-22 08:54 - 2009-02-23 15:38 - 00032648 _____ C:\WINDOWS\SchedLgU.Txt
2015-06-22 08:34 - 2009-02-23 15:39 - 00000000 ____D C:\Documents and Settings\Owner
2015-06-21 19:34 - 2015-01-05 20:45 - 00000000 ___RD C:\Documents and Settings\Owner\My Documents\Dropbox
2015-06-21 19:33 - 2012-12-11 18:13 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Dropbox
2015-06-15 19:15 - 2014-08-17 08:46 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
2015-06-15 19:15 - 2012-04-11 08:10 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-06-15 19:15 - 2011-06-15 21:15 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-06-10 09:05 - 2013-08-07 07:24 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 08:57 - 2009-01-26 13:45 - 136900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-06 19:32 - 2011-02-25 13:39 - 00002487 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2015-06-06 16:52 - 2014-06-14 08:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-06-03 18:39 - 2011-11-27 16:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ScanSoft
2015-06-03 11:52 - 2014-03-02 15:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-02 08:56 - 2011-02-25 13:39 - 00002489 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2015-06-02 07:42 - 2014-10-20 19:59 - 00000702 _____ C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2015-06-02 07:42 - 2012-09-11 19:30 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-05-30 08:39 - 2012-09-03 18:26 - 00000000 ____D C:\Program Files\XBMC

==================== Files in the root of some directories =======

2012-09-05 09:37 - 2012-09-05 09:37 - 0027520 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\dt.dat

Some files in TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf4ua1z.dll
C:\Documents and Settings\Owner\Local Settings\Temp\jre-8u31-windows-au.exe
C:\Documents and Settings\Owner\Local Settings\Temp\jre-8u40-windows-au.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-06-2015 01
Ran by Owner at 2015-06-22 19:42:20
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Guest (S-1-5-21-583907252-861567501-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-583907252-861567501-1801674531-1000 - Limited - Disabled)
Owner (S-1-5-21-583907252-861567501-1801674531-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-583907252-861567501-1801674531-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1010 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5125 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.063.2.1.1-050111a-020427C-Dell - )
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5961 - AVG Technologies)
AVG 2015 (Version: 15.0.4365 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5961 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11n Network Adapter (HKLM\...\{AFD36BF1-DA28-4702-A83F-C49D03199A0F}) (Version: 07.13.2006 - Broadcom)
Broadcom Gigabit Integrated Controller (HKLM\...\{7E369B27-13E2-41A5-9879-358EE1C8B5AD}) (Version: 9.02.06 - Broadcom Corporation)
Brother MFL-Pro Suite (HKLM\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.00 - Brother Industries, Ltd.)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.0.1991 - CDBurnerXP)
C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 42xx - SigmaTel)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1) (Version:  - )
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.2) (Version: 5.0.0.2 - Coupons.com Incorporated)
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Crystal Reports 2008 Runtime SP1 (HKLM\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.1.0.882 - Business Objects)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
D1500 (Version: 100.0.206.000 - Hewlett-Packard) Hidden
D1500_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
DJ_SF_03_D1500_ProductContext (Version: 100.0.215.000 - Hewlett-Packard) Hidden
DJ_SF_03_D1500_Software (Version: 100.0.206.000 - Hewlett-Packard) Hidden
DJ_SF_03_D1500_Software_Min (Version: 100.0.206.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-583907252-861567501-1801674531-500\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
HP Deskjet D1500 Printer Driver Software 10.0 Rel .3 (HKLM\...\{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}) (Version: 10.0 - HP)
Intel® Graphics Media Accelerator Driver for Mobile (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4693 - )
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Juniper Networks Host Checker (HKU\S-1-5-21-583907252-861567501-1801674531-500\...\Neoteris_Host_Checker) (Version: 7.4.0.31481 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-583907252-861567501-1801674531-500\...\Juniper_Setup_Client) (Version: 7.4.11.47145 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKU\S-1-5-21-583907252-861567501-1801674531-500\...\Juniper_Term_Services) (Version: 7.4.0.31481 - Juniper Networks)
K-Lite Codec Pack 4.7.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 4.7.0 - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Peachtree Accounting 2012 (HKLM\...\InstallShield_{B4FDAA4D-37BD-4DF4-8531-B4F7ABC74E62}) (Version: 19.00.00 - Sage Software, Inc.)
Peachtree Accounting 2012 (Version: 19.00.00 - Sage Software, Inc.) Hidden
Peachtree Pro Accounting 2009 (HKLM\...\Peachtree Pro Accounting) (Version:  - )
Peachtree Signature Ready Forms (Version: 6.14.24 - Sage Software SB, Inc.) Hidden
Pervasive PSQL v10 SP2 Workgroup (32-bit) (HKLM\...\{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}) (Version: 10.20.034 - Pervasive Software)
QuickSet (HKLM\...\{C5074CC4-0E26-4716-A307-960272A90040}) (Version: 8.3.11 - Dell Computer Corporation)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Remote Desktop Web Connection (HKLM\...\TsActiveXClient) (Version:  - )
Sage Integration Services (HKLM\...\Integration Services) (Version: 2.2.2240 - Sage Technology)
ScanSoft PaperPort 11 (HKLM\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}) (Version: 2.00.0000 - Texas Instruments Inc.)
TIPCI (Version: 2.00.0000 - Texas Instruments Inc.) Hidden
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
WebSlingPlayer ActiveX (HKLM\...\{9D90E3BE-4F0E-4C8E-A2F3-D08A95641939}) (Version: 1.5.13743 - Sling Media)
Windows Driver Package - Intel (NETw5x32) net  (11/17/2008 12.2.0.11) (HKLM\...\EA92D36B2621B412A14375F1D39FCB7FBC2C84D4) (Version: 11/17/2008 12.2.0.11 - Intel)
Windows Driver Package - Intel (w29n51) net  (12/19/2007 9.0.4.39) (HKLM\...\2DA959FE3D6F0F5BC313481E72071D510DD786FB) (Version: 12/19/2007 9.0.4.39 - Intel)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Rights Management Client Backwards Compatibility SP2 (HKLM\...\Windows Rights Management Client Backwards) (Version: 5.2.70 - Microsoft)
Windows Rights Management Client with Service Pack 2 (HKLM\...\Windows Rights Management Client) (Version: 5.2.70 - Microsoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.)

==================== Restore Points =========================

30-03-2015 15:34:37 System Checkpoint
06-04-2015 13:57:03 System Checkpoint
16-04-2015 08:38:53 Software Distribution Service 3.0
23-04-2015 14:50:55 System Checkpoint
24-04-2015 17:19:49 System Checkpoint
27-04-2015 15:55:03 System Checkpoint
28-04-2015 18:17:32 System Checkpoint
30-04-2015 08:17:53 System Checkpoint
01-05-2015 08:19:32 System Checkpoint
06-05-2015 15:58:52 System Checkpoint
10-05-2015 20:16:52 System Checkpoint
14-05-2015 08:49:23 Software Distribution Service 3.0
18-05-2015 08:35:44 System Checkpoint
23-05-2015 10:41:46 System Checkpoint
28-05-2015 11:31:21 System Checkpoint
29-05-2015 12:27:00 System Checkpoint
31-05-2015 13:49:02 System Checkpoint
02-06-2015 07:59:53 System Checkpoint
08-06-2015 11:56:29 System Checkpoint
10-06-2015 08:48:59 System Checkpoint
10-06-2015 08:56:50 Software Distribution Service 3.0
16-06-2015 17:22:38 System Checkpoint
18-06-2015 14:41:30 System Checkpoint
19-06-2015 14:45:43 System Checkpoint
22-06-2015 11:37:16 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 05:00 - 2004-08-04 05:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-583907252-861567501-1801674531-500Core.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-583907252-861567501-1801674531-500UA.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-583907252-861567501-1801674531-500\...\netflix.com -> hxxp://movies.netflix.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-583907252-861567501-1801674531-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre6\bin\java.exe] => Enabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Owner\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe] => Enabled:Juniper Terminal Services Client
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG10\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe] => Enabled:Database Service Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre6\bin\javaw.exe] => Enabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\XBMC\XBMC.exe] => Disabled:XBMC
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgdiagex.exe] => Enabled:AVG Diagnostics 2012
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgemcx.exe] => Enabled:Personal E-mail Scanner
StandardProfile\AuthorizedApplications: [C:\Program Files\Internet Explorer\iexplore.exe] => Enabled:Internet Explorer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2013\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2014\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre7\bin\java.exe] => Enabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgdiagex.exe] => Enabled:AVG Diagnostics 2015
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgemcx.exe] => Enabled:Personal Email Scanner
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1583:TCP] => Enabled:Pervasive DBEngine
StandardProfile\GloballyOpenPorts: [3351:TCP] => Enabled:Pervasive DBEngine
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008

==================== Faulty Device Manager Devices =============

Name: Broadcom NetXtreme 57xx Gigabit Controller
Description: Broadcom NetXtreme 57xx Gigabit Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: b57w2k
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/22/2015 07:17:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgmfapx.exe, version 15.0.0.5961, faulting module avgmfapx.exe, version 15.0.0.5961, fault address 0x0034e233.
Processing media-specific event for [avgmfapx.exe!ws!]

Error: (06/22/2015 07:17:09 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Program Files\AVG\AVG2015\mfage.lns for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program mfage.lns because of this error.

Program: mfage.lns
File: C:\Program Files\AVG\AVG2015\mfage.lns

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C000009C
Disk type: 3

Error: (06/22/2015 07:15:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgmfapx.exe, version 15.0.0.5961, faulting module avgmfapx.exe, version 15.0.0.5961, fault address 0x0034e233.
Processing media-specific event for [avgmfapx.exe!ws!]

Error: (06/22/2015 07:15:17 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Program Files\AVG\AVG2015\mfage.lns for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program mfage.lns because of this error.

Program: mfage.lns
File: C:\Program Files\AVG\AVG2015\mfage.lns

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C000009C
Disk type: 3

Error: (06/22/2015 00:56:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 391672

Error: (06/22/2015 00:56:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 391672

Error: (06/22/2015 00:56:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/22/2015 00:56:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 375469

Error: (06/22/2015 00:56:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 375469

Error: (06/22/2015 00:56:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (06/22/2015 07:31:15 PM) (Source: DCOM) (EventID: 10005) (User: OWNER-D67H3)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (06/22/2015 07:17:16 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (06/22/2015 07:17:05 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (06/22/2015 07:17:01 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (06/22/2015 07:15:38 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (06/22/2015 07:15:34 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (06/22/2015 07:15:30 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (06/22/2015 07:15:10 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (06/22/2015 07:15:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
APPDRV
Avgdiskx
AVGIDSDriverl
AVGIDSShim
Avgldx86
Avglogx
Fips
intelppm
SASDIFSV
SASKUTIL

Error: (06/22/2015 07:15:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The AVGIDSAgent service depends on the AVGIDSDriverl service which failed to start because of the following error:
%%31


Microsoft Office:
=========================
Error: (06/22/2015 07:17:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgmfapx.exe15.0.0.5961avgmfapx.exe15.0.0.59610034e233

Error: (06/22/2015 07:17:09 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Program Files\AVG\AVG2015\mfage.lnsmfage.lnsC000009C3

Error: (06/22/2015 07:15:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgmfapx.exe15.0.0.5961avgmfapx.exe15.0.0.59610034e233

Error: (06/22/2015 07:15:17 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Program Files\AVG\AVG2015\mfage.lnsmfage.lnsC000009C3

Error: (06/22/2015 00:56:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 391672

Error: (06/22/2015 00:56:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 391672

Error: (06/22/2015 00:56:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/22/2015 00:56:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 375469

Error: (06/22/2015 00:56:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 375469

Error: (06/22/2015 00:56:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info ===========================

Processor:  Intel® Pentium® M processor 1.86GHz
Percentage of memory in use: 24%
Total physical RAM: 2039.36 MB
Available physical RAM: 1532.39 MB
Total Pagefile: 3935.39 MB
Available Pagefile: 3609.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:58.11 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: F92D1960)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End of log ============================


  • 0

Advertisements

#2
ruggie_uk
Posted 01 July 2015 - 09:48 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
Greetings and :welcome:

My nickname is Ruggie and I will be assisting you in cleaning your computer.
  • Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
  • When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
  • If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.
stop32.png Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

right-grn.pngPlease save all tools to the desktop,. Our tools are updated very regularly, sometimes several times per day so always download the latest version from the links I provide.

right-grn.pngPlease be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

right-grn.pngIf at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

right-grn.png I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

right-grn.png Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

right-grn.pngPlease stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

right-grn.png Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

right-grn.png If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

right-grn.png If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work

Hi, I am going through your logs and will respond again once completed, but if your hard drive is showing many bad blocks then it is going to need replacement so you should do this as soon as is practical and please ensure you have a backup of any important files.
  • 0

#3
ruggie_uk
Posted 01 July 2015 - 09:58 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hmmm, based on what I'm seeing in the logs, your PC is probably the cleanest I have seen in a long long time so I don't believe your issue is malware related (but I could be proven wrong - we will see)

 

AVG  is showing errors in your log but this could easily be explained by the hard drive problems you are having.

 

I would try uninstalling AVG from add/remove programs and follow up with the below to ensure it is removed completely:

 

Remove AVG

  • Please download the AVG Removal Tool from here and save it to your desktop.
  • Right click the avg_remover_stf_x86_2015_5501.exe, select run as administrator and follow the prompts
  • Once completed, allow it to restart your PC.

 

Let me know if it boots into windows properly after removal and we can take it from there.


  • 0

#4
dbrupp
Posted 01 July 2015 - 08:31 PM

dbrupp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Hi ruggie_uk,

Thank you for reviewing my logs and confirming that my laptop likely is malware free and also for the AVG removal tool.  I was able to run it from safe mode and my laptop then rebooted normally.  I was then able to run it again from normal mode incase something was missed from safe mode. After that, I ran chkdsk and it replaced clusters up to 20% then failed with a hard disk error.

So I then ran ccleaner to get rid of all of the junk that avg left behind in the registry, then I ran disk defragmenter and ran the chkdsk again.  This time it completed 100% and had replaced 10's of thousands of clusters.  My laptop seems to be operating like new again.  Kindly let me know if you would like me to run any logs for your review to verify or any checks you recommend to verfiy my laptop is fixed.

* i'm now able to navigate without issue and also check the specs of my computer without error, where before I was receiving a microsoft error dialogue box.


  • 0

#5
ruggie_uk
Posted 02 July 2015 - 12:35 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

HI, that's good to hear.
I'd like to run FRST again in normal mode just to be sure as safe mode doesn't show everything.
 
Supplemental FRST Scan
Please run FRST/FRST64 again from your Desktop. If you do not currently have it on your system, download it from here and save it to your desktop.

  • Right click frst.png to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to the disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste the log back here.

  • 0

#6
dbrupp
Posted 02 July 2015 - 02:23 AM

dbrupp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

great idea!  Please find the logs below. In the additional log, I noticed some error messages (svchost) from 5pm ET. If I recall correctly, those were the errors I was seeing before running chkdsk a second time. It also looks like there may be some old AVG 2010 and 2012 remnants. Kindly let me know your thoughts about the logs when you have a chance.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01
Ran by Owner (administrator) on OWNER-D67H3 on 02-07-2015 04:05:36
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
(Pervasive Software Inc.) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [176128 2005-10-07] (Alps Electric Co., Ltd.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-09-15] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-09-15] (Intel Corporation)
HKLM\...\Run: [Dell QuickSet] => C:\Program Files\Dell\QuickSet\quickset.exe [1228800 2007-07-20] (Dell Inc.)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-01-11] (ATI Technologies, Inc.)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [PeachtreePrefetcher.exe] => C:\Program Files\Sage Software\Peachtree\PeachtreePrefetcher.exe [30024 2011-12-27] (Sage Software, Inc.)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [745472 2009-02-10] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [77824 2007-10-30] (Brother Industries, Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2005-01-11] (ATI Technologies Inc.)
HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-583907252-861567501-1801674531-500\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6714136 2015-05-18] (SUPERAntiSpyware)
HKU\S-1-5-21-583907252-861567501-1801674531-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-583907252-861567501-1801674531-500\...\Run: [Dropbox Update] => C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2011-02-25]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-09]
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\S-1-5-21-583907252-861567501-1801674531-500 -> DefaultScope {674CA038-37E7-45B4-9E46-6FE3FB0DEF38} URL = http://search.yahoo....=utf-8&fr=b2ie7
SearchScopes: HKU\S-1-5-21-583907252-861567501-1801674531-500 -> {674CA038-37E7-45B4-9E46-6FE3FB0DEF38} URL = http://search.yahoo....=utf-8&fr=b2ie7
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-29] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-29] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-583907252-861567501-1801674531-500 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://mywayphotos.r...veX_Control.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 209.55.27.13
Tcpip\..\Interfaces\{13C53539-FD1B-4735-B970-B68FCA0CCC19}: [DhcpNameServer] 192.168.1.1 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{1ABD0652-F19B-4D4F-B547-D6DA9DB24BF6}: [DhcpNameServer] 8.8.8.8 8.8.4.4 209.55.27.13
Tcpip\..\Interfaces\{2A1AB345-B17F-4FD1-99DF-101DE26E158A}: [DhcpNameServer] 10.0.0.5 209.253.113.18
Tcpip\..\Interfaces\{5989D1B5-155C-4AE8-9430-3EE806A9816E}: [DhcpNameServer] 10.0.0.5 209.253.113.18

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k4arxvch.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-15] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-03-01]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-06-02]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-09-08] (SUPERAntiSpyware.com)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-07-20] (Dell Inc.) [File not signed]
R2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-05] ()
S3 Peachtree SmartPosting 2012; C:\Program Files\Sage Software\Peachtree\SmartPostingService2012.exe [43848 2011-12-27] (Sage Software, Inc.)
R2 psqlWGE; C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [435528 2011-04-07] (Pervasive Software Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
S3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [564224 2006-06-26] (Broadcom Corporation)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-14] (Brother Industries Ltd.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 Eplpdx02; C:\WINDOWS\system32\Drivers\EPLPDX02.SYS [70084 2001-08-10] (MK Systems CO., LTD.) [File not signed]
R3 GTIPCI21; C:\WINDOWS\System32\DRIVERS\gtipci21.sys [88192 2006-04-06] (Texas Instruments)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 QCDonner; C:\WINDOWS\System32\DRIVERS\OVCD.sys [28032 2001-08-17] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
S3 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed]
R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2216064 2008-01-07] (Intel® Corporation)
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 UIUSys; system32\drivers\UIUSys.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-02 04:04 - 2015-07-02 04:04 - 00000682 _____ C:\Documents and Settings\Owner\Desktop\Shortcut to FRST.lnk
2015-07-01 22:50 - 2015-07-01 22:50 - 00000060 _____ C:\WINDOWS\setupact.log
2015-07-01 22:50 - 2015-07-01 22:50 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-07-01 19:02 - 2015-07-02 04:03 - 00026872 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-29 20:15 - 2015-06-29 20:15 - 00000000 ____D C:\Program Files\Common Files\Java
2015-06-29 20:12 - 2015-06-29 20:12 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Oracle
2015-06-29 18:25 - 2015-07-01 22:56 - 00006026 _____ C:\WINDOWS\SchedLgU.Txt
2015-06-28 17:12 - 2015-06-28 17:12 - 00000000 __SHD C:\found.001
2015-06-28 17:02 - 2015-06-28 17:02 - 00000000 __SHD C:\found.000
2015-06-28 16:27 - 2015-06-28 16:27 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox
2015-06-22 19:34 - 2015-07-02 04:05 - 00000000 ____D C:\FRST
2015-06-22 19:13 - 2015-06-22 19:13 - 00000000 __SHD C:\WINDOWS\CSC
2015-06-17 09:52 - 2015-06-28 16:26 - 00000000 ____D C:\Documents and Settings\Owner\Start Menu\Programs\Dropbox
2015-06-17 09:49 - 2015-07-01 22:54 - 00000988 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-583907252-861567501-1801674531-500UA.job
2015-06-17 09:49 - 2015-06-29 09:54 - 00000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-583907252-861567501-1801674531-500Core.job
2015-06-17 09:49 - 2015-06-17 09:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Dropbox
2015-06-03 18:39 - 2015-06-03 18:39 - 24023814 _____ C:\Documents and Settings\Owner\Desktop\doctor note.bmp
2015-06-02 20:51 - 2015-06-02 20:59 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-02 07:40 - 2015-06-02 07:40 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Avg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-02 04:06 - 2009-02-23 15:39 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Temp
2015-07-02 04:02 - 2013-04-05 18:48 - 00000259 _____ C:\WINDOWS\wiadebug.log
2015-07-02 04:02 - 2013-04-05 18:48 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-07-02 04:02 - 2004-08-04 05:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-07-02 04:01 - 2009-02-23 15:38 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-01 22:56 - 2009-02-23 15:39 - 00000278 ___SH C:\Documents and Settings\Owner\ntuser.ini
2015-07-01 22:49 - 2009-02-23 15:39 - 00000000 ____D C:\Documents and Settings\Owner
2015-06-29 20:13 - 2014-10-20 20:52 - 00271968 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2015-06-29 20:13 - 2014-10-20 20:52 - 00191072 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2015-06-29 20:13 - 2014-10-20 20:52 - 00190560 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2015-06-29 20:13 - 2014-10-20 20:52 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-06-29 20:13 - 2014-10-20 20:52 - 00096352 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-06-29 20:12 - 2013-06-26 07:16 - 00000000 ____D C:\Program Files\Java
2015-06-28 16:28 - 2012-12-11 18:13 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Dropbox
2015-06-21 19:34 - 2015-01-05 20:45 - 00000000 ___RD C:\Documents and Settings\Owner\My Documents\Dropbox
2015-06-15 19:15 - 2014-08-17 08:46 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
2015-06-15 19:15 - 2012-04-11 08:10 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-06-15 19:15 - 2011-06-15 21:15 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-06-10 09:05 - 2013-08-07 07:24 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 08:57 - 2009-01-26 13:45 - 136900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-06 19:32 - 2011-02-25 13:39 - 00002487 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2015-06-06 16:52 - 2014-06-14 08:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-06-03 18:39 - 2011-11-27 16:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ScanSoft
2015-06-03 11:52 - 2014-03-02 15:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-02 08:56 - 2011-02-25 13:39 - 00002489 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk

==================== Files in the root of some directories =======

2012-09-05 09:37 - 2012-09-05 09:37 - 0027520 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\dt.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

dditional scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
Ran by Owner at 2015-07-02 04:06:25
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Guest (S-1-5-21-583907252-861567501-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-583907252-861567501-1801674531-1000 - Limited - Disabled)
Owner (S-1-5-21-583907252-861567501-1801674531-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-583907252-861567501-1801674531-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1010 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5125 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.063.2.1.1-050111a-020427C-Dell - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11n Network Adapter (HKLM\...\{AFD36BF1-DA28-4702-A83F-C49D03199A0F}) (Version: 07.13.2006 - Broadcom)
Broadcom Gigabit Integrated Controller (HKLM\...\{7E369B27-13E2-41A5-9879-358EE1C8B5AD}) (Version: 9.02.06 - Broadcom Corporation)
Brother MFL-Pro Suite (HKLM\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.00 - Brother Industries, Ltd.)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.0.1991 - CDBurnerXP)
C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 42xx - SigmaTel)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1) (Version:  - )
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.2) (Version: 5.0.0.2 - Coupons.com Incorporated)
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Crystal Reports 2008 Runtime SP1 (HKLM\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.1.0.882 - Business Objects)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
D1500 (Version: 100.0.206.000 - Hewlett-Packard) Hidden
D1500_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
DJ_SF_03_D1500_ProductContext (Version: 100.0.215.000 - Hewlett-Packard) Hidden
DJ_SF_03_D1500_Software (Version: 100.0.206.000 - Hewlett-Packard) Hidden
DJ_SF_03_D1500_Software_Min (Version: 100.0.206.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-583907252-861567501-1801674531-500\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
HP Deskjet D1500 Printer Driver Software 10.0 Rel .3 (HKLM\...\{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}) (Version: 10.0 - HP)
Intel® Graphics Media Accelerator Driver for Mobile (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4693 - )
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Juniper Networks Host Checker (HKU\S-1-5-21-583907252-861567501-1801674531-500\...\Neoteris_Host_Checker) (Version: 7.4.0.31481 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-583907252-861567501-1801674531-500\...\Juniper_Setup_Client) (Version: 7.4.11.47145 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKU\S-1-5-21-583907252-861567501-1801674531-500\...\Juniper_Term_Services) (Version: 7.4.0.31481 - Juniper Networks)
K-Lite Codec Pack 4.7.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 4.7.0 - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Peachtree Accounting 2012 (HKLM\...\InstallShield_{B4FDAA4D-37BD-4DF4-8531-B4F7ABC74E62}) (Version: 19.00.00 - Sage Software, Inc.)
Peachtree Accounting 2012 (Version: 19.00.00 - Sage Software, Inc.) Hidden
Peachtree Pro Accounting 2009 (HKLM\...\Peachtree Pro Accounting) (Version:  - )
Peachtree Signature Ready Forms (Version: 6.14.24 - Sage Software SB, Inc.) Hidden
Pervasive PSQL v10 SP2 Workgroup (32-bit) (HKLM\...\{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}) (Version: 10.20.034 - Pervasive Software)
QuickSet (HKLM\...\{C5074CC4-0E26-4716-A307-960272A90040}) (Version: 8.3.11 - Dell Computer Corporation)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Remote Desktop Web Connection (HKLM\...\TsActiveXClient) (Version:  - )
Sage Integration Services (HKLM\...\Integration Services) (Version: 2.2.2240 - Sage Technology)
ScanSoft PaperPort 11 (HKLM\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}) (Version: 2.00.0000 - Texas Instruments Inc.)
TIPCI (Version: 2.00.0000 - Texas Instruments Inc.) Hidden
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
WebSlingPlayer ActiveX (HKLM\...\{9D90E3BE-4F0E-4C8E-A2F3-D08A95641939}) (Version: 1.5.13743 - Sling Media)
Windows Driver Package - Intel (NETw5x32) net  (11/17/2008 12.2.0.11) (HKLM\...\EA92D36B2621B412A14375F1D39FCB7FBC2C84D4) (Version: 11/17/2008 12.2.0.11 - Intel)
Windows Driver Package - Intel (w29n51) net  (12/19/2007 9.0.4.39) (HKLM\...\2DA959FE3D6F0F5BC313481E72071D510DD786FB) (Version: 12/19/2007 9.0.4.39 - Intel)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Rights Management Client Backwards Compatibility SP2 (HKLM\...\Windows Rights Management Client Backwards) (Version: 5.2.70 - Microsoft)
Windows Rights Management Client with Service Pack 2 (HKLM\...\Windows Rights Management Client) (Version: 5.2.70 - Microsoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\1.3.27.29\psuser.dll ()
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\1.3.27.29\psuser.dll ()

==================== Restore Points =========================

30-03-2015 15:34:37 System Checkpoint
06-04-2015 13:57:03 System Checkpoint
16-04-2015 08:38:53 Software Distribution Service 3.0
23-04-2015 14:50:55 System Checkpoint
24-04-2015 17:19:49 System Checkpoint
27-04-2015 15:55:03 System Checkpoint
28-04-2015 18:17:32 System Checkpoint
30-04-2015 08:17:53 System Checkpoint
01-05-2015 08:19:32 System Checkpoint
06-05-2015 15:58:52 System Checkpoint
10-05-2015 20:16:52 System Checkpoint
14-05-2015 08:49:23 Software Distribution Service 3.0
18-05-2015 08:35:44 System Checkpoint
23-05-2015 10:41:46 System Checkpoint
28-05-2015 11:31:21 System Checkpoint
29-05-2015 12:27:00 System Checkpoint
31-05-2015 13:49:02 System Checkpoint
02-06-2015 07:59:53 System Checkpoint
08-06-2015 11:56:29 System Checkpoint
10-06-2015 08:48:59 System Checkpoint
10-06-2015 08:56:50 Software Distribution Service 3.0
16-06-2015 17:22:38 System Checkpoint
18-06-2015 14:41:30 System Checkpoint
19-06-2015 14:45:43 System Checkpoint
22-06-2015 11:37:16 System Checkpoint
28-06-2015 16:45:06 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 05:00 - 2004-08-04 05:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-583907252-861567501-1801674531-500Core.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-583907252-861567501-1801674531-500UA.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2009-02-23 16:59 - 2007-07-20 19:56 - 00098304 _____ () C:\Program Files\Dell\QuickSet\dadkeyb.dll
2012-12-11 21:20 - 2012-10-04 20:50 - 00088688 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-23 15:30 - 2010-03-05 00:38 - 00071096 _____ () C:\Program Files\CDBurnerXP\NMSAccessU.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-583907252-861567501-1801674531-500\...\netflix.com -> hxxp://movies.netflix.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-583907252-861567501-1801674531-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre6\bin\java.exe] => Enabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Owner\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe] => Enabled:Juniper Terminal Services Client
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG10\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe] => Enabled:Database Service Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre6\bin\javaw.exe] => Enabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\XBMC\XBMC.exe] => Disabled:XBMC
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgdiagex.exe] => Enabled:AVG Diagnostics 2012
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgemcx.exe] => Enabled:Personal E-mail Scanner
StandardProfile\AuthorizedApplications: [C:\Program Files\Internet Explorer\iexplore.exe] => Enabled:Internet Explorer
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2014\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre7\bin\java.exe] => Enabled:Java™ Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1583:TCP] => Enabled:Pervasive DBEngine
StandardProfile\GloballyOpenPorts: [3351:TCP] => Enabled:Pervasive DBEngine
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008

==================== Faulty Device Manager Devices =============

Name: Broadcom NetXtreme 57xx Gigabit Controller
Description: Broadcom NetXtreme 57xx Gigabit Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: b57w2k
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/01/2015 06:28:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module wuaueng.dll, version 7.6.7600.256, fault address 0x001631ca.
Processing media-specific event for [svchost.exe!ws!]

Error: (07/01/2015 06:28:07 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\WINDOWS\system32\qedit.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program qedit.dll because of this error.

Program: qedit.dll
File: C:\WINDOWS\system32\qedit.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C000009C
Disk type: 3

Error: (07/01/2015 05:49:15 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 00470146.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (07/01/2015 05:49:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application svchost.exe, version 5.1.2600.5512, faulting module wuaueng.dll, version 7.6.7600.256, fault address 0x001631ca.
Processing media-specific event for [svchost.exe!ws!]

Error: (07/01/2015 05:48:54 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\WINDOWS\system32\qedit.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program qedit.dll because of this error.

Program: qedit.dll
File: C:\WINDOWS\system32\qedit.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C000009C
Disk type: 3

Error: (07/01/2015 05:48:43 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 00470146.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (07/01/2015 05:48:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application HelpCtr.exe, version 5.1.2600.5512, faulting module mlang.dll, version 6.0.2900.5512, fault address 0x00017ad2.
Processing media-specific event for [HelpCtr.exe!ws!]

Error: (07/01/2015 05:48:23 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\WINDOWS\Fonts\times.ttf for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program times.ttf because of this error.

Program: times.ttf
File: C:\WINDOWS\Fonts\times.ttf

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C000009C
Disk type: 3

Error: (07/01/2015 05:34:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application HelpCtr.exe, version 5.1.2600.5512, faulting module mlang.dll, version 6.0.2900.5512, fault address 0x00017ad2.
Processing media-specific event for [HelpCtr.exe!ws!]

Error: (07/01/2015 05:34:52 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\WINDOWS\Fonts\times.ttf for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program times.ttf because of this error.

Program: times.ttf
File: C:\WINDOWS\Fonts\times.ttf

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C000009C
Disk type: 3


System errors:
=============
Error: (07/01/2015 05:26:27 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (07/01/2015 05:25:08 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (07/01/2015 05:22:58 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (07/01/2015 05:22:54 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (07/01/2015 05:22:50 PM) (Source: DCOM) (EventID: 10005) (User: OWNER-D67H3)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (07/01/2015 05:22:50 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (07/01/2015 05:22:45 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (07/01/2015 05:22:41 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (07/01/2015 05:22:37 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (07/01/2015 05:22:33 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D


Microsoft Office:
=========================
Error: (07/01/2015 06:28:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe5.1.2600.5512wuaueng.dll7.6.7600.256001631ca

Error: (07/01/2015 06:28:07 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\WINDOWS\system32\qedit.dllqedit.dllC000009C3

Error: (07/01/2015 05:49:15 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: 00470146

Error: (07/01/2015 05:49:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe5.1.2600.5512wuaueng.dll7.6.7600.256001631ca

Error: (07/01/2015 05:48:54 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\WINDOWS\system32\qedit.dllqedit.dllC000009C3

Error: (07/01/2015 05:48:43 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: 00470146

Error: (07/01/2015 05:48:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HelpCtr.exe5.1.2600.5512mlang.dll6.0.2900.551200017ad2

Error: (07/01/2015 05:48:23 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\WINDOWS\Fonts\times.ttftimes.ttfC000009C3

Error: (07/01/2015 05:34:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HelpCtr.exe5.1.2600.5512mlang.dll6.0.2900.551200017ad2

Error: (07/01/2015 05:34:52 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\WINDOWS\Fonts\times.ttftimes.ttfC000009C3


==================== Memory info ===========================

Processor:  Intel® Pentium® M processor 1.86GHz
Percentage of memory in use: 23%
Total physical RAM: 2039.36 MB
Available physical RAM: 1556.53 MB
Total Virtual: 3932.4 MB
Available Virtual: 3365.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:58.37 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: F92D1960)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End of log ============================


  • 0

#7
ruggie_uk
Posted 02 July 2015 - 05:44 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi, the remnants of avg 2010 and 2012 are just firewall rules that were created. Nothing at all to worry about but if you wish we can remove them in a fixlist.

 

I truly believe your hard drive will die soon so you should really look at getting a replacement hard drive fitted.

 

With a bit of knowhow it can be cloned from your failing drive so you do not lose any information

 

Apart from that I have no concerns about your computer from a malware perspective. It looks good to me.


  • 0

#8
dbrupp
Posted 02 July 2015 - 06:58 AM

dbrupp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts

Thanks for reviewing the logs and providing your valued input.  I appreciate your clarification of the AVG remnants.  As long as they're not a big deal, I'm not too worried about them.

Would you mind letting me know why you feel my hard drive will die soon?  I guess I had my hopes up that my laptop was as good as new  :yeah:

Please also let me know if I may help you in any way by making a donation for your help.


  • 0

#9
ruggie_uk
Posted 02 July 2015 - 07:41 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi. As long as you make sure you have a backup of anything important then you could let it run and see how it goes, but I would be remiss if I didn't warn you of what is to come.

I do take donations thank you - the link (i have just added) is in my signature.

 

Messages like you have had pop up before along with these below are indicative of an impending failure.

 

 

 

Error: (07/01/2015 05:22:45 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (07/01/2015 05:22:41 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (07/01/2015 05:22:37 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (07/01/2015 05:22:33 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D


  • 0

#10
ruggie_uk
Posted 06 July 2015 - 09:39 AM

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP