Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer wont start, scans won't run [Closed]


  • This topic is locked This topic is locked

#1
mallorye

mallorye

    New Member

  • Member
  • Pip
  • 1 posts

Hi everyone,

 

My computer has been fine till something happened this morning while browsing online newspapers.

 

It froze and now will start in safe mode but was taking so long for a normal start I cancelled that.

 

I have run one MBAM threat scan that found nothing, but other times I tried to run MBAM and other scans the scans were cancelling themselves after a few seconds. I cant open SuperAntispyware or MBAM now.

 

I have run a Comodo quick scan and found nothing. Comodo has an error that says defense is not working properly, but cant fix it by itself.

 

I restored to a system point from 2days ago but the computer still wont start in normal mode.

 

Here are my FRST results:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-07-2015
Ran by User (administrator) on USER-AEE4542569 on 25-07-2015 11:14:43
Running from C:\Documents and Settings\User\Desktop
Loaded Profiles: User & UpdatusUser (Available Profiles: User & UpdatusUser)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cis.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20064872 2011-10-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1982312 2013-03-15] ()
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3730344 2015-07-10] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1361088 2015-06-10] (COMODO)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKU\S-1-5-21-1177238915-1123561945-1417001333-1004\...\Run: [bluebirds] => C:\Documents and Settings\User\Bluebirds\BlueBirds.exe [270336 2009-04-29] (LG Electronics)
HKU\S-1-5-21-1177238915-1123561945-1417001333-1004\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6715160 2015-07-10] (SUPERAntiSpyware)
HKU\S-1-5-21-1177238915-1123561945-1417001333-1004\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Documents and Settings\User\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 5ac8033af26a47d3bed9d16d675081d4-b020def64769dc8aa546c7c4903ee6ef14922b5b --CMPID 09 (the data entry has 3 more characters).
HKU\S-1-5-21-1177238915-1123561945-1417001333-1004\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Documents and Settings\User\Application Data\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=5ac8033af26a47d3bed9d16d675081d4-b020def64769dc8aa546c7c4903ee6ef14922b5b /CMPID=1213 (the data entry has 1 more characters).
HKU\S-1-5-21-1177238915-1123561945-1417001333-1004\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [22066272 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1177238915-1123561945-1417001333-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6405912 2015-07-13] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [Google Update] => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2015-06-05] (Google Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cordless DUALphone Startup.lnk [2013-06-02]
ShortcutTarget: Cordless DUALphone Startup.lnk -> C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe (RTX Products A/S)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.22.dll [2013-09-11] (Dropbox, Inc.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1177238915-1123561945-1417001333-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theage.com.au/
HKU\S-1-5-21-1177238915-1123561945-1417001333-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-1177238915-1123561945-1417001333-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
URLSearchHook: [S-1-5-21-1177238915-1123561945-1417001333-1005] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\S-1-5-21-1177238915-1123561945-1417001333-1004 -> DefaultScope {AB990372-F8A2-4158-A681-589CA80A41EF} URL = http://www.google.co...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1177238915-1123561945-1417001333-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1177238915-1123561945-1417001333-1004 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg...fr&d=2015-02-2809:16:50&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1177238915-1123561945-1417001333-1004 -> {AB990372-F8A2-4158-A681-589CA80A41EF} URL = http://www.google.co...q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1177238915-1123561945-1417001333-1004 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AF763B9B-69E6-402F-B120-6D1D412660C7}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\13bn0w1f.default-1428713209031
FF Homepage: news.com.au
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-22] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-12-18] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-15] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-06] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2015-06-05] (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2015-06-05] (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-02-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-05-24]
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-10]
CHR Extension: (Google Wallet) - C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-15] (SUPERAntiSpyware.com)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3518376 2015-07-10] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [314304 2015-07-10] (AVG Technologies CZ, s.r.o.)
S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4352816 2015-06-10] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664704 2015-06-10] (COMODO)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
S1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [132576 2015-05-15] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [217008 2015-07-10] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [190944 2015-05-12] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [29664 2015-05-22] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [207328 2015-07-10] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [290272 2015-05-22] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [170464 2015-07-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [35808 2015-05-15] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [213984 2015-05-12] (AVG Technologies CZ, s.r.o.)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2010-01-20] (Brother Industries Ltd.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [15552 2015-06-05] (COMODO)
S1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [627008 2015-06-05] (COMODO)
S3 LVHybrid; C:\WINDOWS\System32\DRIVERS\LVHybrid.sys [1000064 2005-04-27] (Animation Technologies Inc.)
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [121560 2015-06-18] (Malwarebytes Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-25] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WsAudio_DeviceS(1); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(1).sys [25704 2015-03-08] (Wondershare)
S3 WsAudio_DeviceS(2); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(2).sys [25704 2015-03-08] (Wondershare)
S3 WsAudio_DeviceS(3); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(3).sys [25704 2015-03-08] (Wondershare)
S3 WsAudio_DeviceS(4); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(4).sys [25704 2015-03-08] (Wondershare)
S3 WsAudio_DeviceS(5); C:\WINDOWS\System32\drivers\WsAudio_DeviceS(5).sys [25704 2015-03-08] (Wondershare)
S4 IntelIde; No ImagePath
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
U1 WS2IFSL; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-25 11:14 - 2015-07-25 11:14 - 00016331 _____ C:\Documents and Settings\User\Desktop\FRST.txt
2015-07-25 11:14 - 2015-07-25 11:14 - 00000000 ____D C:\FRST
2015-07-25 11:11 - 2015-07-25 11:11 - 01638912 _____ (Farbar) C:\Documents and Settings\User\Desktop\FRST.exe
2015-07-25 11:02 - 2015-07-25 11:02 - 00145209 _____ C:\Documents and Settings\User\My Documents\CisReport_x86_v8.2.0.4591_20150725-110215.zip
2015-07-25 10:48 - 2015-07-25 10:48 - 00000000 ____D C:\Program Files\malwarebytes regassassin
2015-07-25 09:37 - 2015-07-25 09:37 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2015
2015-07-25 09:37 - 2015-07-25 09:37 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2015-07-25 09:34 - 2015-07-25 09:34 - 00144053 _____ C:\Documents and Settings\Administrator\My Documents\CisReport_x86_v8.2.0.4591_20150725-093411.zip
2015-07-25 09:26 - 2015-07-25 09:26 - 00000000 ____D C:\Documents and Settings\Administrator\PrivacIE
2015-07-25 09:26 - 2015-07-24 23:25 - 00144260 _____ C:\Documents and Settings\Administrator\Desktop\CisReport_x86_v8.2.0.4591_20150725-092505.xml
2015-07-25 09:26 - 2015-07-24 23:25 - 00108008 _____ C:\Documents and Settings\Administrator\Desktop\CisTrace_x86_v8.2.0.4591_20150725-092505.evtx
2015-07-25 09:26 - 2015-01-17 11:24 - 00234959 _____ C:\Documents and Settings\Administrator\Desktop\cmdagent.exe_x86_8.0.0.4344_20150117_222408.dmp
2015-07-25 09:26 - 2014-12-13 11:11 - 00237257 _____ C:\Documents and Settings\Administrator\Desktop\cmdagent.exe_x86_8.0.0.4344_20141213_221110.dmp
2015-07-25 09:26 - 2013-05-27 12:31 - 00131264 _____ C:\Documents and Settings\Administrator\Desktop\cmdagent.exe_6.1.275152.2801_20130527_223150.dmp
2015-07-25 09:25 - 2015-07-25 09:25 - 00143621 _____ C:\Documents and Settings\Administrator\Desktop\CisReport_x86_v8.2.0.4591_20150725-092449.zip
2015-07-25 09:25 - 2015-07-25 09:25 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\WinRAR
2015-07-25 09:22 - 2015-07-25 09:22 - 00048056 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-07-25 09:19 - 2015-07-25 09:46 - 00000000 ___SD C:\Documents and Settings\Administrator
2015-07-25 09:19 - 2015-07-25 09:19 - 00000000 ____D C:\Documents and Settings\Administrator\IETldCache
2015-07-11 21:35 - 2015-07-11 22:09 - 00000000 ____D C:\Documents and Settings\User\Desktop\behemoth
2015-07-11 21:31 - 2015-07-11 21:31 - 00000303 _____ C:\Documents and Settings\User\Desktop\behemoth setlist.txt
2015-07-04 22:32 - 2015-07-04 22:34 - 00000000 ____D C:\Documents and Settings\User\My Documents\orchid docs
2015-07-04 22:16 - 2015-07-04 22:18 - 00000000 ____D C:\Documents and Settings\User\My Documents\ORCHID ARTICE
2015-07-04 22:09 - 2015-07-04 22:09 - 00000000 ____D C:\Documents and Settings\User\Start Menu\Programs\e-tax 2015
2015-07-04 22:09 - 2015-07-04 22:09 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\etax2015
2015-07-04 22:07 - 2015-07-15 07:13 - 00000000 ____D C:\Documents and Settings\User\My Documents\etax 14 15
2015-07-03 23:06 - 2015-07-04 09:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-25 11:14 - 2013-05-14 15:01 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Temp
2015-07-25 10:19 - 2014-05-25 08:39 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-25 10:16 - 2013-05-14 15:01 - 00000178 ___SH C:\Documents and Settings\User\ntuser.ini
2015-07-25 10:16 - 2013-05-14 14:54 - 01367333 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-25 10:04 - 2013-05-14 21:34 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
2015-07-25 10:00 - 2013-05-14 21:32 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-07-25 09:51 - 2013-05-18 07:05 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-07-25 09:51 - 2013-05-18 07:05 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-07-25 09:51 - 2013-05-14 15:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-25 09:48 - 2013-05-14 15:00 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-07-25 09:48 - 2013-05-14 14:59 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-07-25 09:48 - 2013-05-14 14:52 - 00000000 ____D C:\WINDOWS\Registration
2015-07-25 09:47 - 2013-05-14 15:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2015-07-25 09:41 - 2013-05-14 22:32 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-25 08:53 - 2013-07-01 08:01 - 00000000 ____D C:\Documents and Settings\User\Application Data\Skype
2015-07-25 08:49 - 2013-05-14 21:34 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2015-07-25 08:49 - 2013-05-14 21:34 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
2015-07-25 08:49 - 2013-05-14 21:34 - 00000440 _____ C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
2015-07-25 08:48 - 2014-03-15 20:36 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-07-25 08:48 - 2013-05-14 19:08 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-25 08:40 - 2015-06-05 06:23 - 00000998 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2015-07-25 08:40 - 2013-05-14 19:08 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-25 07:53 - 2013-05-14 15:20 - 00014434 _____ C:\WINDOWS\system32\nvAppTimestamps
2015-07-25 07:24 - 2008-04-14 22:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2015-07-24 23:56 - 2013-05-14 15:00 - 00032534 _____ C:\WINDOWS\SchedLgU.Txt
2015-07-24 06:28 - 2015-06-05 06:23 - 00000946 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2015-07-23 22:53 - 2013-05-14 19:21 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2015-07-22 07:07 - 2013-05-14 22:22 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-07-22 07:07 - 2013-05-14 22:22 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-07-22 00:39 - 2013-05-15 18:26 - 00000000 ____D C:\Documents and Settings\User\My Documents\Correspondence
2015-07-21 15:35 - 2013-06-06 20:58 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Paint.NET
2015-07-19 23:40 - 2013-08-13 22:49 - 00000000 ____D C:\Documents and Settings\User\My Documents\jpegs
2015-07-18 22:29 - 2013-06-17 01:07 - 00000000 ____D C:\Documents and Settings\User\My Documents\recipes
2015-07-18 21:05 - 2013-05-14 15:28 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-07-16 01:30 - 2013-05-14 19:18 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-07-15 07:31 - 2013-08-15 01:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-14 06:22 - 2013-05-14 22:55 - 00000000 ____D C:\Documents and Settings\User\Desktop\shortcuts
2015-07-13 06:29 - 2013-06-01 07:17 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-13 06:25 - 2013-05-14 22:34 - 00000000 ____D C:\Program Files\CCleaner
2015-07-12 09:34 - 2014-08-22 16:10 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Application Data\Adobe
2015-07-10 08:59 - 2014-06-17 16:17 - 00217008 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys
2015-07-10 08:59 - 2014-04-01 07:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-07-10 08:58 - 2013-02-08 04:37 - 00207328 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx86.sys
2015-07-10 08:58 - 2013-02-08 04:37 - 00170464 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2015-07-08 16:08 - 2014-03-15 20:36 - 00000214 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-07-05 07:57 - 2014-04-06 10:01 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-04 22:34 - 2014-10-18 10:27 - 00000000 ____D C:\Documents and Settings\User\Desktop\new photo folder 181014
2015-07-04 22:32 - 2015-05-24 14:58 - 00000000 ____D C:\Documents and Settings\User\Desktop\restaurants
2015-07-04 22:24 - 2014-11-02 09:32 - 00000000 ____D C:\Documents and Settings\User\My Documents\jordys
2015-07-03 08:49 - 2013-05-14 16:04 - 127070192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-02 06:19 - 2013-05-14 15:00 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
 
==================== Files in the root of some directories =======
 
2013-05-19 20:34 - 2015-06-21 13:20 - 0011776 _____ () C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-07-2015
Ran by User at 2015-07-25 11:15:19
Running from C:\Documents and Settings\User\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1177238915-1123561945-1417001333-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1177238915-1123561945-1417001333-1006 - Limited - Enabled)
Guest (S-1-5-21-1177238915-1123561945-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1177238915-1123561945-1417001333-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1177238915-1123561945-1417001333-1002 - Limited - Disabled)
UpdatusUser (S-1-5-21-1177238915-1123561945-1417001333-1005 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser
User (S-1-5-21-1177238915-1123561945-1417001333-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\User
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: COMODO Antivirus (Enabled - Up to date) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Aimersoft Music Converter(Build 1.4.3.0) (HKLM\...\Aimersoft Music Converter_is1) (Version:  - Aimersoft Software)
Apple Application Support (HKLM\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6081 - AVG Technologies)
AVG 2015 (Version: 15.0.4392 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6081 - AVG Technologies) Hidden
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
BitTorrent (HKLM\...\BitTorrent) (Version: 7.8.0.29676 - BitTorrent Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)
COMODO Antivirus (HKLM\...\{F1EC4151-805B-4097-B9BB-7D71A417AAF1}) (Version: 6.1.14723.2813 - COMODO Security Solutions Inc.)
Cordless DUALphone Suite (HKLM\...\UcpHost_is1) (Version:  - RTX Products A/S)
Corel PaintShop Pro X5 (HKLM\...\_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}) (Version: 15.0.0.183 - Corel Corporation)
Corel PaintShop Pro X5 (Version: 15.0.0.183 - Corel Corporation) Hidden
Curse Client (HKU\S-1-5-21-1177238915-1123561945-1417001333-1004\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse)
Dropbox (HKU\S-1-5-21-1177238915-1123561945-1417001333-1004\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
e-tax 2013 (HKLM\...\{FFF14233-FE39-4671-A38E-76FD8F24A879}) (Version: 0.10.558 - Australian Taxation Office)
e-tax 2014 (HKLM\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.8.758 - Australian Taxation Office)
e-tax 2015 (HKLM\...\{9D19C250-CE9A-4BF0-91C8-031665D54D16}) (Version: 2.7.488 - Australian Taxation Office)
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.89 - Google Inc.)
Google Photos Backup (HKU\.DEFAULT\...\Google Photos Backup) (Version: 1.1.0.239 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
ICA (Version: 15.0.0.183 - Corel Corporation) Hidden
IPM_PSP_COM (Version: 15.0.0.183 - Corel Corporation) Hidden
iTunes (HKLM\...\{616445AF-BBCF-41C1-A4D6-8CFF171C182D}) (Version: 11.1.4.62 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
MakeMKV v1.8.10 (HKLM\...\MakeMKV) (Version: v1.8.10 - GuinpinSoft inc)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NavDesk 7.50 (HKLM\...\{AB756389-9A03-44f3-ABAF-3699C01B4868}-Navman-7.50) (Version: 7.50.0111.133 - Navman Technology NZ Limited)
NVIDIA Graphics Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PSPPContent (Version: 15.0.0.183 - Corel Corporation) Hidden
PSPPHelp (Version: 15.0.0.183 - Corel Corporation) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6482 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Setup (Version: 15.0.0.183 - Corel Corporation) Hidden
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1018 - SUPERAntiSpyware.com)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows PowerShell™ 1.0 (HKLM\...\KB926139-v2) (Version: 2 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1177238915-1123561945-1417001333-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1177238915-1123561945-1417001333-1004_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1177238915-1123561945-1417001333-1004_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1177238915-1123561945-1417001333-1004_Classes\CLSID\{43fda345-3097-4473-900d-b54befda750b}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1177238915-1123561945-1417001333-1004_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1177238915-1123561945-1417001333-1004_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1177238915-1123561945-1417001333-1004_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1177238915-1123561945-1417001333-1004_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1177238915-1123561945-1417001333-1004_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1177238915-1123561945-1417001333-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1177238915-1123561945-1417001333-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1177238915-1123561945-1417001333-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1177238915-1123561945-1417001333-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\User\Application Data\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
25-04-2015 19:33:46 System Checkpoint
26-04-2015 19:33:54 System Checkpoint
27-04-2015 19:47:50 System Checkpoint
28-04-2015 19:54:20 System Checkpoint
30-04-2015 06:20:38 System Checkpoint
01-05-2015 07:13:57 System Checkpoint
02-05-2015 07:44:52 System Checkpoint
03-05-2015 08:51:43 System Checkpoint
04-05-2015 08:55:54 System Checkpoint
05-05-2015 10:21:38 System Checkpoint
06-05-2015 16:11:29 System Checkpoint
07-05-2015 16:14:38 System Checkpoint
09-05-2015 07:23:51 System Checkpoint
10-05-2015 12:13:01 System Checkpoint
11-05-2015 13:37:33 System Checkpoint
12-05-2015 13:38:07 System Checkpoint
13-05-2015 06:03:04 Software Distribution Service 3.0
14-05-2015 06:45:57 System Checkpoint
15-05-2015 07:17:33 System Checkpoint
16-05-2015 07:48:33 System Checkpoint
17-05-2015 08:39:11 System Checkpoint
18-05-2015 10:09:43 System Checkpoint
19-05-2015 11:58:08 System Checkpoint
20-05-2015 12:33:15 System Checkpoint
21-05-2015 14:45:47 System Checkpoint
22-05-2015 15:14:24 System Checkpoint
23-05-2015 18:34:57 System Checkpoint
24-05-2015 21:23:34 System Checkpoint
25-05-2015 21:44:22 System Checkpoint
27-05-2015 06:23:00 System Checkpoint
28-05-2015 06:26:26 System Checkpoint
29-05-2015 07:05:37 System Checkpoint
30-05-2015 07:39:03 System Checkpoint
31-05-2015 12:56:17 System Checkpoint
01-06-2015 17:35:04 System Checkpoint
02-06-2015 18:24:02 System Checkpoint
03-06-2015 21:06:29 System Checkpoint
04-06-2015 23:03:02 System Checkpoint
05-06-2015 23:33:39 System Checkpoint
07-06-2015 00:21:39 System Checkpoint
08-06-2015 08:36:34 System Checkpoint
09-06-2015 08:48:09 System Checkpoint
10-06-2015 12:04:11 System Checkpoint
10-06-2015 17:04:09 Software Distribution Service 3.0
11-06-2015 19:52:41 System Checkpoint
13-06-2015 07:39:36 System Checkpoint
14-06-2015 09:16:04 System Checkpoint
15-06-2015 10:34:23 System Checkpoint
16-06-2015 10:48:11 System Checkpoint
17-06-2015 10:53:28 System Checkpoint
18-06-2015 11:13:20 System Checkpoint
19-06-2015 11:42:41 System Checkpoint
20-06-2015 12:41:50 System Checkpoint
21-06-2015 13:48:13 System Checkpoint
22-06-2015 14:08:45 System Checkpoint
23-06-2015 14:38:19 System Checkpoint
24-06-2015 15:03:03 System Checkpoint
26-06-2015 07:02:50 System Checkpoint
27-06-2015 12:16:37 System Checkpoint
28-06-2015 12:26:42 System Checkpoint
29-06-2015 13:10:04 System Checkpoint
30-06-2015 13:28:52 System Checkpoint
01-07-2015 13:57:06 System Checkpoint
02-07-2015 18:29:50 System Checkpoint
03-07-2015 18:57:45 System Checkpoint
04-07-2015 22:09:16 Installed e-tax 2015
06-07-2015 11:05:14 System Checkpoint
07-07-2015 11:08:55 System Checkpoint
08-07-2015 11:30:54 System Checkpoint
09-07-2015 11:51:25 System Checkpoint
10-07-2015 12:21:38 System Checkpoint
11-07-2015 13:34:17 System Checkpoint
12-07-2015 13:55:16 System Checkpoint
13-07-2015 16:59:34 System Checkpoint
14-07-2015 17:27:49 System Checkpoint
15-07-2015 07:15:56 Software Distribution Service 3.0
16-07-2015 01:29:54 Software Distribution Service 3.0
17-07-2015 07:10:33 System Checkpoint
18-07-2015 10:16:36 System Checkpoint
19-07-2015 11:02:44 System Checkpoint
20-07-2015 14:05:44 System Checkpoint
21-07-2015 14:42:34 System Checkpoint
22-07-2015 16:01:25 System Checkpoint
23-07-2015 21:50:30 System Checkpoint
25-07-2015 09:45:01 Restore Operation
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2008-04-14 22:00 - 2008-04-14 22:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job => 0x010501009E45306A4BEBEF45B9F79DDA44D2743F46008601000000003C000500200000000014730F0000000000130400F0008021DF0707000600190009003B000800BF0201003E0043003A005C00500072006F006700720061006D002000460069006C00650073005C0043004F004D004F0044004F005C0043004F004D004F0044004F00200049006E007400650072006E00650074002000530065006300750072006900740079005C0063006600700063006F006E00660067002E00650078006500000038002D002D006C00610075006E00630068005300630068006500640075006C00650020007B00300046004200370037003600370034002D0037003900300035002D0034004600330034002D0041003300360032002D004300350041003900410032003600460038004300460039007D00000000001F0043004F004D004F0044004F00200053006500630075007200690074007900200053006F006C007500740069006F006E007300200049006E0063002E0000000000000008000000000000000000010030000000DF07070019000000000000000800310000000000000000000000000005000000010000000000000000000000
Task: C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2008-04-14 22:00 - 2008-04-14 22:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 22:00 - 2008-04-14 22:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-04-15 18:39 - 2015-01-09 08:02 - 00061152 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2015-07-22 11:29 - 2015-07-14 15:55 - 16308040 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.89\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\java.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\javaw.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\javaws.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\WS_ATLMovie.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\avgdiskx.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\avgidsshimx.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\avgldx86.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\avglogx.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\avgmfx86.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\avgrkx86.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WsAudio_DeviceS(1).sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WsAudio_DeviceS(2).sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WsAudio_DeviceS(3).sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WsAudio_DeviceS(4).sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WsAudio_DeviceS(5).sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\dllcache\ksproxy.ax:$CmdTcID
AlternateDataStreams: C:\Documents and Settings\User\Desktop\slc-elusive-dream-peace-am-aoc.jpg:$CmdZnID
AlternateDataStreams: C:\Documents and Settings\User\My Documents\dendrobium-collection.htm:$CmdZnID
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1177238915-1123561945-1417001333-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-1177238915-1123561945-1417001333-1005\Control Panel\Desktop\\Wallpaper -> (None)
DNS Servers: 192.168.1.1
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
StandardProfile\AuthorizedApplications: [C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe] => Enabled:Daemonu.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2013\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE] => Enabled:Microsoft OneNote
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1544\Agent.exe] => Enabled:Battle.net Update Agent
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1737\Agent.exe] => Enabled:Battle.net Update Agent
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\User\Local Settings\Apps\2.0\T7NQ2MJ9.TRH\6C3DWODV.WAX\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe] => Enabled:Curse Client 4.0
StandardProfile\AuthorizedApplications: [C:\Program Files\bittorent\BitTorrent.exe] => Enabled:BitTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Plugin Manager\skypePM.exe] => Enabled:Skype Extras Manager
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.2045\Agent.exe] => Enabled:Battle.net Update Agent
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.2328\Agent.exe] => Enabled:Battle.net Update Agent
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.2380\Agent.exe] => Enabled:Battle.net Update Agent
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2014\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.2717\Agent.exe] => Enabled:Battle.net Update Agent
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.3322\Agent.exe] => Enabled:Battle.net Update Agent
StandardProfile\AuthorizedApplications: [C:\Program Files\Battle.net\Battle.net.exe] => Enabled:Battle.net
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.3427\Agent.exe] => Enabled:Battle.net Update Agent
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.3478\Agent.exe] => Enabled:Battle.net Update Agent
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.3526\Agent.exe] => Enabled:Battle.net Update Agent
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.3634\Agent.exe] => Enabled:Battle.net Update Agent
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgdiagex.exe] => Enabled:AVG Diagnostics 2015
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgemcx.exe] => Enabled:Personal Email Scanner
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/25/2015 08:49:04 AM) (Source: Application Error) (EventID: 1004) (User: )
Description: Faulting application mbamservice.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Error in creating result PEAP-TLV in response to received PEAP-TLV (mbamservice.exe!ld!)
 
Error: (07/25/2015 08:44:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]
 
Error: (07/25/2015 08:29:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbamservice.exe, version 3.2.13.0, faulting module mbamservice.exe, version 3.2.13.0, fault address 0x00006008.
Processing media-specific event for [mbamservice.exe!ws!]
 
Error: (07/21/2015 02:20:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module comctl32.dll, version 6.0.2900.6028, fault address 0x0004dbe4.
Processing media-specific event for [explorer.exe!ws!]
 
Error: (07/21/2015 02:14:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]
 
Error: (07/21/2015 02:14:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]
 
Error: (07/13/2015 01:29:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]
 
Error: (07/13/2015 01:29:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [explorer.exe!ws!]
 
Error: (07/13/2015 01:23:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module comctl32.dll, version 6.0.2900.6028, fault address 0x0004dbe4.
Processing media-specific event for [explorer.exe!ws!]
 
Error: (07/13/2015 01:03:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]
 
 
System errors:
=============
Error: (07/25/2015 11:08:49 AM) (Source: DCOM) (EventID: 10005) (User: USER-AEE4542569)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (07/25/2015 11:02:27 AM) (Source: DCOM) (EventID: 10005) (User: USER-AEE4542569)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (07/25/2015 10:53:12 AM) (Source: DCOM) (EventID: 10005) (User: USER-AEE4542569)
Description: DCOM got error "%%1084" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
 
Error: (07/25/2015 10:50:29 AM) (Source: DCOM) (EventID: 10005) (User: USER-AEE4542569)
Description: DCOM got error "%%1084" attempting to start the service cmdAgent with arguments ""
in order to run the server:
{C288AC5A-D846-4696-8028-2DF6F508D0D9}
 
Error: (07/25/2015 10:48:07 AM) (Source: DCOM) (EventID: 10005) (User: USER-AEE4542569)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (07/25/2015 10:19:33 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Avgdiskx
AVGIDSDriverl
AVGIDSShim
Avgldx86
Avglogx
cmdGuard
Fips
intelppm
SASDIFSV
SASKUTIL
 
Error: (07/25/2015 10:19:33 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The AVGIDSAgent service depends on the AVGIDSDriverl service which failed to start because of the following error: 
%%31
 
Error: (07/25/2015 10:18:39 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (07/25/2015 10:16:56 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (07/25/2015 10:11:45 AM) (Source: DCOM) (EventID: 10005) (User: USER-AEE4542569)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
 
 
Microsoft Office:
=========================
Error: (07/25/2015 08:49:04 AM) (Source: Application Error) (EventID: 1004) (User: )
Description: mbamservice.exe0.0.0.0unknown0.0.0.000000000
 
Error: (07/25/2015 08:44:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 0.0.0.0unknown0.0.0.000000000
 
Error: (07/25/2015 08:29:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.2.13.0mbamservice.exe3.2.13.000006008
 
Error: (07/21/2015 02:20:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5512comctl32.dll6.0.2900.60280004dbe4
 
Error: (07/21/2015 02:14:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: drwtsn32.exe5.1.2600.0dbghelp.dll5.1.2600.55120001295d
 
Error: (07/21/2015 02:14:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.55120.0.0.000000000
 
Error: (07/13/2015 01:29:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: drwtsn32.exe5.1.2600.0dbghelp.dll5.1.2600.55120001295d
 
Error: (07/13/2015 01:29:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.55120.0.0.000000000
 
Error: (07/13/2015 01:23:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5512comctl32.dll6.0.2900.60280004dbe4
 
Error: (07/13/2015 01:03:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: drwtsn32.exe5.1.2600.0dbghelp.dll5.1.2600.55120001295d
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 31%
Total physical RAM: 3071.17 MB
Available physical RAM: 2103.39 MB
Total Virtual: 4961.33 MB
Available Virtual: 3779.12 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.51 GB) (Free:745.78 GB) NTFS ==>[drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: AD54AD54)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of log ============================
 
If anyone can offer any help with this it would be much appreciated. Please let me know if any other information I can provide would help,
 
Thank you!
 
 

 

 

 

 


  • 0

Advertisements


#2
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Hello mallorye and Welcome! :welcome:

My name is Dan, and I'll be helping you with your issues. If someone else is helping you, either here or at another malware removal assistance site, please let me know so that I may direct my efforts to helping another user.  The Staff at Geeks To Go are ALL volunteers; please keep that in mind if I don’t answer your post as quickly as you’d like. I give what time I can.  PLEASE be patient. ;)

I am currently in training, so there will be another person reviewing my work.  This may cause a bit of a delay in my responses, but on the positive side, you will have two sets of eyes reviewing your logs instead of one... :cool:
 

  • Please note that you should have Administrator rights to perform any fixes.
     
  • Before we proceed, you may wish to print instructions for easy reference during the fix.  Please be aware that many of the required URLs are hyperlinks in the blue names shown on your screen. Part of the fix may require you to be in Safe Mode, which might not allow you to access the internet, or my instructions.
     
  • Please understand that malware removal is a complicated, multi-step process.  Therefore please stay with me until I tell you that your system is clean.  
     
  • Please do not make any system or program changes, or run any tools unless I specifically ask you to.  Attempting malware removal or clean-up yourself will only extend the time it will take to get your system clean.    If you get stuck or have questions, please stop and ask so I can help you.
     
  • Be sure to back up any personal data files you need to keep (documents, photos, etc.) to a USB flash drive or external hard disk.  While every attempt will be made to precisely repair the infections on your computer, due to the complexity and unpredictability of malware clean-up, there is always a risk of data loss.
     
  • When posting logs, please Copy & Paste the log file contents into a reply.  Use multiple posts if necessary, but please do not attach them or post them on a file hosting site, unless specifically asked to do so.

OK, let's get started...

Now

 

 

Please sit tight while I review your logs.  I will be back with some instructions.  :)
 


  • 0

#3
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,153 posts

Hello mallorye,
 
We have to address a couple of things here and then I'll have you try some steps.

 

Please note, if the First step fails, stop there and let me know.  :)

 

Ready?  Let's go...
 
First
Boot into the Advanced Options menu

Note: Please print these instructions or copy/paste them into a notepad file in case you are unable to access this site.

  • Turn your computer off through Shut Down.
  • Wait a few seconds, then turn it back on.
  • Once your computer's manufacturer logo (eg. 'Dell') starts to show, start pressing the F8 key repeatedly.
  • Keep pressing it until the Windows Advanced Options Menu loads up.
  • Make sure 'Last Known Good Configuration' is selected, navigate to it by using the arrow keys.
  • Press Enter, and your computer should load the last good registry backup and hopefully boot up.

If the computer doesn't boot into Normal Windows, stop here and let me know please!
 
Second
Multiple Anti-Virus programs installed
 
IMPORTANT: It is not recommended to run more than one firewall or anti-virus program. Running more than one of these at a time can cause system crashes, high system usage and/or conflicts with each other.
 
You have AVG and Comodo installed.  Please choose one of these, tell me which you want to keep, and then go to the Control Panel > Add/Remove Programs and uninstall the other one(s).

Third
P2P Software Warning:
It seems you have BitTorrent P2P software installed.  While this software may have been intentionally installed on the system, and the program itself may be safe, the files shared with these programs often carry an unknown malware payload.  Some of this malware is Ransomware which encrypts user files for ransom with a time limit.  

Pretty nasty stuff.

Besides installing malware,  the use of these programs can expose sensitive information belonging to you or your employer to the Internet, make your system vulnerable to unwanted attacks by exploiting known security issues, block your Internet access, and can possibly subject you to copyright infringement prosecution.

If you do decide to keep any P2P programs, please uninstall them or disable and keep from using them until after we've finished and your system is declared clean.

You can read more about the risks of using P2P software at these links:

Fourth
Programs uninstall
Go to the Control Panel >Add/Remove Programs, and uninstall the following programs:

  • Adobe Flash Player 17 ActiveX (outdated)
  • Java 8 Update 31 (outdated)

Fifth
Run a FRST Fix

  • Download the attached fixlist.txt file and save it to the DesktopAttached File  fixlist.txt   3.38KB   91 downloads
     
  • You can download this to a USB stick if needed and transfer to the ill computer's Desktop.
    (Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

     
  • Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
  • Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
    FRST_Fix_zps8lrdygec.png
  • If for some reason the tool needs a restart, please make sure you let the system restart normally.  After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

Finally
In your next reply, please copy/paste the contents of the following logs:

  • FRST fixlog.txt

And tell me:

  • Whether or not you can boot to Normal Windows.
  • Which A/V program you decided to keep, and
  • How the system is running.

:)


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP