Hello Good People of Geeks2Go,
This morning when I turned on my laptop, I noticed navigation was a bit slow, but at the same time I saw that my free AVG 2015 antivirus was updating; so, suspected that as the culprit. After AVG updated, a dialogue box popped up stating my laptop needed to be restarted. After restarting my laptop, my windows startup page showed up, but then instead of going to my desktop, my screen stayed black.
I am able to boot in SAFE MODE and was able to access your site and the Farbar scan tool from SAFE MODE using my Mozilla Firefox browser which is the only browser that I use (I have IE browser, but never use it).
I'm questioning whether AVG caused the problems that I'm having or if I have malware causing the problem.
When you have a moment, will you kindly take a look at the logs that I ran from SAFE mode and let me know if you suspect malware and how I can eradicate it. Thank you very much.
-
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-06-2015 01
Ran by Owner (administrator) on OWNER-D67H3 on 22-06-2015 19:41:26
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [176128 2005-10-07] (Alps Electric Co., Ltd.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-09-15] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-09-15] (Intel Corporation)
HKLM\...\Run: [Dell QuickSet] => C:\Program Files\Dell\QuickSet\quickset.exe [1228800 2007-07-20] (Dell Inc.)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-01-11] (ATI Technologies, Inc.)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
HKLM\...\Run: [PeachtreePrefetcher.exe] => C:\Program Files\Sage Software\Peachtree\PeachtreePrefetcher.exe [30024 2011-12-27] (Sage Software, Inc.)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [745472 2009-02-10] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [77824 2007-10-30] (Brother Industries, Ltd.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3745744 2015-05-18] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2005-01-11] (ATI Technologies Inc.)
HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-583907252-861567501-1801674531-500\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6714136 2015-05-18] (SUPERAntiSpyware)
HKU\S-1-5-21-583907252-861567501-1801674531-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-583907252-861567501-1801674531-500\...\Run: [Dropbox Update] => C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2011-02-25]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-09]
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
SearchScopes: HKU\S-1-5-21-583907252-861567501-1801674531-500 -> DefaultScope {674CA038-37E7-45B4-9E46-6FE3FB0DEF38} URL = http://search.yahoo....=utf-8&fr=b2ie7
SearchScopes: HKU\S-1-5-21-583907252-861567501-1801674531-500 -> {674CA038-37E7-45B4-9E46-6FE3FB0DEF38} URL = http://search.yahoo....=utf-8&fr=b2ie7
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll [2012-06-24] (AVG Technologies CZ, s.r.o.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-20] (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-20] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-583907252-861567501-1801674531-500 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://mywayphotos.r...veX_Control.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\k4arxvch.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-15] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-20] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-03-01]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-06-02]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-09-08] (SUPERAntiSpyware.com)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3438544 2015-05-18] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [311792 2015-05-18] (AVG Technologies CZ, s.r.o.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-20] (Oracle Corporation)
S2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-07-20] (Dell Inc.) [File not signed]
S2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-05] ()
S3 Peachtree SmartPosting 2012; C:\Program Files\Sage Software\Peachtree\SmartPostingService2012.exe [43848 2011-12-27] (Sage Software, Inc.)
S2 psqlWGE; C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [435528 2011-04-07] (Pervasive Software Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S1 APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
S1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [211424 2015-04-27] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [191968 2015-05-07] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [29664 2015-05-14] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [166880 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [213984 2015-05-04] (AVG Technologies CZ, s.r.o.)
S3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [564224 2006-06-26] (Broadcom Corporation)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-14] (Brother Industries Ltd.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 Eplpdx02; C:\WINDOWS\system32\Drivers\EPLPDX02.SYS [70084 2001-08-10] (MK Systems CO., LTD.) [File not signed]
S3 GTIPCI21; C:\WINDOWS\System32\DRIVERS\gtipci21.sys [88192 2006-04-06] (Texas Instruments)
S3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
S3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 QCDonner; C:\WINDOWS\System32\DRIVERS\OVCD.sys [28032 2001-08-17] (Microsoft Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
S3 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed]
R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2216064 2008-01-07] (Intel® Corporation)
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 UIUSys; system32\drivers\UIUSys.sys [X]
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-22 19:34 - 2015-06-22 19:41 - 00000000 ____D C:\FRST
2015-06-22 19:13 - 2015-06-22 19:13 - 00000000 ____D C:\WINDOWS\CSC
2015-06-22 08:38 - 2015-06-22 08:38 - 00000060 _____ C:\WINDOWS\setupact.log
2015-06-22 08:38 - 2015-06-22 08:38 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-06-17 09:52 - 2015-06-17 09:52 - 00000000 ____D C:\Documents and Settings\Owner\Start Menu\Programs\Dropbox
2015-06-17 09:49 - 2015-06-22 18:54 - 00000988 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-583907252-861567501-1801674531-500UA.job
2015-06-17 09:49 - 2015-06-19 09:54 - 00000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-583907252-861567501-1801674531-500Core.job
2015-06-17 09:49 - 2015-06-17 09:49 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox
2015-06-17 09:49 - 2015-06-17 09:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Dropbox
2015-06-03 18:39 - 2015-06-03 18:39 - 24023814 _____ C:\Documents and Settings\Owner\Desktop\doctor note.bmp
2015-06-02 20:51 - 2015-06-02 20:59 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-02 07:40 - 2015-06-02 07:40 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Avg
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-22 19:41 - 2009-02-23 15:39 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Temp
2015-06-22 19:16 - 2011-04-25 17:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2015-06-22 19:15 - 2014-10-20 19:52 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Avg2015
2015-06-22 19:14 - 2013-04-05 18:48 - 01172715 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-22 19:14 - 2004-08-04 05:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-06-22 10:49 - 2013-04-05 18:48 - 00000259 _____ C:\WINDOWS\wiadebug.log
2015-06-22 10:49 - 2013-04-05 18:48 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-06-22 10:48 - 2009-02-23 15:38 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-22 08:54 - 2009-02-23 15:39 - 00000278 ___SH C:\Documents and Settings\Owner\ntuser.ini
2015-06-22 08:54 - 2009-02-23 15:38 - 00032648 _____ C:\WINDOWS\SchedLgU.Txt
2015-06-22 08:34 - 2009-02-23 15:39 - 00000000 ____D C:\Documents and Settings\Owner
2015-06-21 19:34 - 2015-01-05 20:45 - 00000000 ___RD C:\Documents and Settings\Owner\My Documents\Dropbox
2015-06-21 19:33 - 2012-12-11 18:13 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Dropbox
2015-06-15 19:15 - 2014-08-17 08:46 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe
2015-06-15 19:15 - 2012-04-11 08:10 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-06-15 19:15 - 2011-06-15 21:15 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-06-10 09:05 - 2013-08-07 07:24 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 08:57 - 2009-01-26 13:45 - 136900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-06 19:32 - 2011-02-25 13:39 - 00002487 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2015-06-06 16:52 - 2014-06-14 08:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-06-03 18:39 - 2011-11-27 16:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ScanSoft
2015-06-03 11:52 - 2014-03-02 15:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-02 08:56 - 2011-02-25 13:39 - 00002489 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2015-06-02 07:42 - 2014-10-20 19:59 - 00000702 _____ C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2015-06-02 07:42 - 2012-09-11 19:30 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-05-30 08:39 - 2012-09-03 18:26 - 00000000 ____D C:\Program Files\XBMC
==================== Files in the root of some directories =======
2012-09-05 09:37 - 2012-09-05 09:37 - 0027520 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\dt.dat
Some files in TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf4ua1z.dll
C:\Documents and Settings\Owner\Local Settings\Temp\jre-8u31-windows-au.exe
C:\Documents and Settings\Owner\Local Settings\Temp\jre-8u40-windows-au.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-06-2015 01
Ran by Owner at 2015-06-22 19:42:20
Running from C:\Documents and Settings\Owner\My Documents\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Accounts: =============================
Guest (S-1-5-21-583907252-861567501-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-583907252-861567501-1801674531-1000 - Limited - Disabled)
Owner (S-1-5-21-583907252-861567501-1801674531-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-583907252-861567501-1801674531-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1010 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5125 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.063.2.1.1-050111a-020427C-Dell - )
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5961 - AVG Technologies)
AVG 2015 (Version: 15.0.4365 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5961 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11n Network Adapter (HKLM\...\{AFD36BF1-DA28-4702-A83F-C49D03199A0F}) (Version: 07.13.2006 - Broadcom)
Broadcom Gigabit Integrated Controller (HKLM\...\{7E369B27-13E2-41A5-9879-358EE1C8B5AD}) (Version: 9.02.06 - Broadcom Corporation)
Brother MFL-Pro Suite (HKLM\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.00 - Brother Industries, Ltd.)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.0.1991 - CDBurnerXP)
C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 42xx - SigmaTel)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1) (Version: - )
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.2) (Version: 5.0.0.2 - Coupons.com Incorporated)
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
Crystal Reports 2008 Runtime SP1 (HKLM\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.1.0.882 - Business Objects)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
D1500 (Version: 100.0.206.000 - Hewlett-Packard) Hidden
D1500_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
DJ_SF_03_D1500_ProductContext (Version: 100.0.215.000 - Hewlett-Packard) Hidden
DJ_SF_03_D1500_Software (Version: 100.0.206.000 - Hewlett-Packard) Hidden
DJ_SF_03_D1500_Software_Min (Version: 100.0.206.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-583907252-861567501-1801674531-500\...\Dropbox) (Version: 3.6.7 - Dropbox, Inc.)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
HP Deskjet D1500 Printer Driver Software 10.0 Rel .3 (HKLM\...\{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}) (Version: 10.0 - HP)
Intel® Graphics Media Accelerator Driver for Mobile (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4693 - )
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Juniper Networks Host Checker (HKU\S-1-5-21-583907252-861567501-1801674531-500\...\Neoteris_Host_Checker) (Version: 7.4.0.31481 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-583907252-861567501-1801674531-500\...\Juniper_Setup_Client) (Version: 7.4.11.47145 - Juniper Networks, Inc.)
Juniper Terminal Services Client (HKU\S-1-5-21-583907252-861567501-1801674531-500\...\Juniper_Term_Services) (Version: 7.4.0.31481 - Juniper Networks)
K-Lite Codec Pack 4.7.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 4.7.0 - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Peachtree Accounting 2012 (HKLM\...\InstallShield_{B4FDAA4D-37BD-4DF4-8531-B4F7ABC74E62}) (Version: 19.00.00 - Sage Software, Inc.)
Peachtree Accounting 2012 (Version: 19.00.00 - Sage Software, Inc.) Hidden
Peachtree Pro Accounting 2009 (HKLM\...\Peachtree Pro Accounting) (Version: - )
Peachtree Signature Ready Forms (Version: 6.14.24 - Sage Software SB, Inc.) Hidden
Pervasive PSQL v10 SP2 Workgroup (32-bit) (HKLM\...\{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}) (Version: 10.20.034 - Pervasive Software)
QuickSet (HKLM\...\{C5074CC4-0E26-4716-A307-960272A90040}) (Version: 8.3.11 - Dell Computer Corporation)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Remote Desktop Web Connection (HKLM\...\TsActiveXClient) (Version: - )
Sage Integration Services (HKLM\...\Integration Services) (Version: 2.2.2240 - Sage Technology)
ScanSoft PaperPort 11 (HKLM\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}) (Version: 2.00.0000 - Texas Instruments Inc.)
TIPCI (Version: 2.00.0000 - Texas Instruments Inc.) Hidden
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
WebSlingPlayer ActiveX (HKLM\...\{9D90E3BE-4F0E-4C8E-A2F3-D08A95641939}) (Version: 1.5.13743 - Sling Media)
Windows Driver Package - Intel (NETw5x32) net (11/17/2008 12.2.0.11) (HKLM\...\EA92D36B2621B412A14375F1D39FCB7FBC2C84D4) (Version: 11/17/2008 12.2.0.11 - Intel)
Windows Driver Package - Intel (w29n51) net (12/19/2007 9.0.4.39) (HKLM\...\2DA959FE3D6F0F5BC313481E72071D510DD786FB) (Version: 12/19/2007 9.0.4.39 - Intel)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Rights Management Client Backwards Compatibility SP2 (HKLM\...\Windows Rights Management Client Backwards) (Version: 5.2.70 - Microsoft)
Windows Rights Management Client with Service Pack 2 (HKLM\...\Windows Rights Management Client) (Version: 5.2.70 - Microsoft)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\1.3.27.29\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\DropboxExt.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-583907252-861567501-1801674531-500_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\1.3.27.29\psuser.dll (Dropbox, Inc.)
==================== Restore Points =========================
30-03-2015 15:34:37 System Checkpoint
06-04-2015 13:57:03 System Checkpoint
16-04-2015 08:38:53 Software Distribution Service 3.0
23-04-2015 14:50:55 System Checkpoint
24-04-2015 17:19:49 System Checkpoint
27-04-2015 15:55:03 System Checkpoint
28-04-2015 18:17:32 System Checkpoint
30-04-2015 08:17:53 System Checkpoint
01-05-2015 08:19:32 System Checkpoint
06-05-2015 15:58:52 System Checkpoint
10-05-2015 20:16:52 System Checkpoint
14-05-2015 08:49:23 Software Distribution Service 3.0
18-05-2015 08:35:44 System Checkpoint
23-05-2015 10:41:46 System Checkpoint
28-05-2015 11:31:21 System Checkpoint
29-05-2015 12:27:00 System Checkpoint
31-05-2015 13:49:02 System Checkpoint
02-06-2015 07:59:53 System Checkpoint
08-06-2015 11:56:29 System Checkpoint
10-06-2015 08:48:59 System Checkpoint
10-06-2015 08:56:50 Software Distribution Service 3.0
16-06-2015 17:22:38 System Checkpoint
18-06-2015 14:41:30 System Checkpoint
19-06-2015 14:45:43 System Checkpoint
22-06-2015 11:37:16 System Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-08-04 05:00 - 2004-08-04 05:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-583907252-861567501-1801674531-500Core.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-583907252-861567501-1801674531-500UA.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-583907252-861567501-1801674531-500\...\netflix.com -> hxxp://movies.netflix.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-583907252-861567501-1801674531-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre6\bin\java.exe] => Enabled:Java Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Owner\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe] => Enabled:Juniper Terminal Services Client
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG10\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe] => Enabled:Database Service Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre6\bin\javaw.exe] => Enabled:Java Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\XBMC\XBMC.exe] => Disabled:XBMC
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgdiagex.exe] => Enabled:AVG Diagnostics 2012
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgemcx.exe] => Enabled:Personal E-mail Scanner
StandardProfile\AuthorizedApplications: [C:\Program Files\Internet Explorer\iexplore.exe] => Enabled:Internet Explorer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2013\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2014\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre7\bin\java.exe] => Enabled:Java Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgdiagex.exe] => Enabled:AVG Diagnostics 2015
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgemcx.exe] => Enabled:Personal Email Scanner
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1583:TCP] => Enabled:Pervasive DBEngine
StandardProfile\GloballyOpenPorts: [3351:TCP] => Enabled:Pervasive DBEngine
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
==================== Faulty Device Manager Devices =============
Name: Broadcom NetXtreme 57xx Gigabit Controller
Description: Broadcom NetXtreme 57xx Gigabit Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: b57w2k
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/22/2015 07:17:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgmfapx.exe, version 15.0.0.5961, faulting module avgmfapx.exe, version 15.0.0.5961, fault address 0x0034e233.
Processing media-specific event for [avgmfapx.exe!ws!]
Error: (06/22/2015 07:17:09 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Program Files\AVG\AVG2015\mfage.lns for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program mfage.lns because of this error.
Program: mfage.lns
File: C:\Program Files\AVG\AVG2015\mfage.lns
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C000009C
Disk type: 3
Error: (06/22/2015 07:15:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avgmfapx.exe, version 15.0.0.5961, faulting module avgmfapx.exe, version 15.0.0.5961, fault address 0x0034e233.
Processing media-specific event for [avgmfapx.exe!ws!]
Error: (06/22/2015 07:15:17 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Program Files\AVG\AVG2015\mfage.lns for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program mfage.lns because of this error.
Program: mfage.lns
File: C:\Program Files\AVG\AVG2015\mfage.lns
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C000009C
Disk type: 3
Error: (06/22/2015 00:56:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 391672
Error: (06/22/2015 00:56:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 391672
Error: (06/22/2015 00:56:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/22/2015 00:56:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 375469
Error: (06/22/2015 00:56:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 375469
Error: (06/22/2015 00:56:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (06/22/2015 07:31:15 PM) (Source: DCOM) (EventID: 10005) (User: OWNER-D67H3)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error: (06/22/2015 07:17:16 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
Error: (06/22/2015 07:17:05 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
Error: (06/22/2015 07:17:01 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
Error: (06/22/2015 07:15:38 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
Error: (06/22/2015 07:15:34 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
Error: (06/22/2015 07:15:30 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
Error: (06/22/2015 07:15:10 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D
Error: (06/22/2015 07:15:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
APPDRV
Avgdiskx
AVGIDSDriverl
AVGIDSShim
Avgldx86
Avglogx
Fips
intelppm
SASDIFSV
SASKUTIL
Error: (06/22/2015 07:15:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The AVGIDSAgent service depends on the AVGIDSDriverl service which failed to start because of the following error:
%%31
Microsoft Office:
=========================
Error: (06/22/2015 07:17:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgmfapx.exe15.0.0.5961avgmfapx.exe15.0.0.59610034e233
Error: (06/22/2015 07:17:09 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Program Files\AVG\AVG2015\mfage.lnsmfage.lnsC000009C3
Error: (06/22/2015 07:15:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgmfapx.exe15.0.0.5961avgmfapx.exe15.0.0.59610034e233
Error: (06/22/2015 07:15:17 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Program Files\AVG\AVG2015\mfage.lnsmfage.lnsC000009C3
Error: (06/22/2015 00:56:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 391672
Error: (06/22/2015 00:56:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 391672
Error: (06/22/2015 00:56:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/22/2015 00:56:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 375469
Error: (06/22/2015 00:56:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 375469
Error: (06/22/2015 00:56:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
==================== Memory info ===========================
Processor: Intel® Pentium® M processor 1.86GHz
Percentage of memory in use: 24%
Total physical RAM: 2039.36 MB
Available physical RAM: 1532.39 MB
Total Pagefile: 3935.39 MB
Available Pagefile: 3609.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.54 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.53 GB) (Free:58.11 GB) NTFS ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: F92D1960)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
==================== End of log ============================