I have run malwarebytes and have Avast virus protection. I actually bought another computer because I just couldn't deal with this one anymore. But now I need this computer and feel it must have some type of root kit. Any help would be much appreciated.
Here is the scan done by FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-08-2015 01
Ran by Administrator (administrator) on CL-6B338E5B2BC0 (05-08-2015 19:37:56)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: UpdatusUser & Administrator (Available Profiles: UpdatusUser & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avid Technology, Inc.) C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Prolific Technology Inc.) C:\WINDOWS\system32\IoctlSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998104 2015-07-07] (Adobe Systems Incorporated)
HKLM\...\Run: [dla] => C:\WINDOWS\system32\dla\tfswctrl.exe [114741 2003-08-06] (Sonic Solutions)
HKLM\...\Run: [StorageGuard] => C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [155648 2003-02-13] (Sonic Solutions)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [M-Audio Taskbar Icon] => C:\WINDOWS\system32\M-AudioTaskBarIcon.exe [644104 2010-12-07] (Avid Technology, Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-10] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll [2005-06-22] (Intel Corporation)
HKU\S-1-5-21-725345543-1229272821-839522115-500\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2014-05-06] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-06-20] (Google)
CHR HKU\S-1-5-21-725345543-1229272821-839522115-500\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
URLSearchHook: [S-1-5-21-725345543-1229272821-839522115-1005] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-08-08] (Sun Microsystems, Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-05-06] (AVAST Software)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-08-08] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-08-08] (Sun Microsystems, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B952C3B0-2E27-4437-BA3F-613CBCEB2D1F}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vnfrwbf1.default
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-05] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_32 -> C:\WINDOWS\system32\npdeployJava1.dll [2012-08-08] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-08-08] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Extension: Search.com Bar - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vnfrwbf1.default\Extensions\{9f85f783-362b-4373-afb4-4999ef33aa35} [2012-04-13]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-02-26]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-08-08]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vnfrwbf1.default\extensions\
[email protected] [not found]
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vnfrwbf1.default\extensions\
[email protected] [not found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
Chrome:
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Pin It) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aeocpmaimgdkdkkhnilgfoicilnefefh [2013-11-20]
CHR Extension: (File Converter) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alblmaecejifbilchdofkdanifpmnmfk [2014-08-10]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-19]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2013-11-19]
CHR Extension: (AdBlock) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-07-03]
CHR Extension: (Pin It Button) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2013-12-01]
CHR Extension: (Lunapic Photo Editor) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifimmnanlabnljjnaegjmgnelmdmjabn [2013-11-19]
CHR Extension: (Clearly) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2013-11-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-04]
CHR Extension: (Quick Note) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2013-11-19]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Amopic) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmnefpehffecmjnhhncoacgdcecnckac [2014-02-09]
CHR Extension: (PhotoFunia) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\obnehienhdpajabikpikmifcdmnddjol [2013-11-19]
CHR Extension: (Evernote Web Clipper) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-11-19]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-06]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-06] (AVAST Software)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2012-08-08] (Sun Microsystems, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-05-06] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-05-06] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-08-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-05-06] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [777488 2014-08-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411680 2014-08-10] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-05-06] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180632 2014-05-06] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2005-03-21] (Adaptec, Inc.) [File not signed]
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [84576 2003-07-31] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40448 2003-06-20] (Sonic Solutions) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-08-05] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\DRIVERS\PxHelp20.sys [17168 2003-07-30] (Sonic Solutions) [File not signed]
S3 RT2500; C:\WINDOWS\System32\DRIVERS\RT2500.sys [242176 2005-04-21] (Ralink Technology Inc.) [File not signed]
R3 RTL8192cu; C:\WINDOWS\System32\DRIVERS\RTL8192cu.sys [987904 2011-02-11] (Realtek Semiconductor Corporation )
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5621 2003-07-14] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23219 2003-07-14] (Sonic Solutions) [File not signed]
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25685 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34837 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4117 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2233 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [83284 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14229 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6357 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98068 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100373 2003-08-06] (Sonic Solutions) [File not signed]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-05 19:37 - 2015-08-05 19:38 - 00017708 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2015-08-05 19:37 - 2015-08-05 19:38 - 00000000 ____D C:\FRST
2015-08-05 19:33 - 2015-08-05 19:33 - 01673728 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2015-08-05 12:03 - 2015-08-05 12:04 - 00044473 _____ C:\WINDOWS\iis6.log
2015-08-05 12:03 - 2015-08-05 12:04 - 00017934 _____ C:\WINDOWS\ocgen.log
2015-08-05 12:03 - 2015-08-05 12:04 - 00011018 _____ C:\WINDOWS\FaxSetup.log
2015-08-05 12:03 - 2015-08-05 12:04 - 00009052 _____ C:\WINDOWS\msmqinst.log
2015-08-05 12:03 - 2015-08-05 12:04 - 00008140 _____ C:\WINDOWS\tsoc.log
2015-08-05 12:03 - 2015-08-05 12:04 - 00005855 _____ C:\WINDOWS\comsetup.log
2015-08-05 12:03 - 2015-08-05 12:04 - 00005341 _____ C:\WINDOWS\ntdtcsetup.log
2015-08-05 12:03 - 2015-08-05 12:04 - 00004507 _____ C:\WINDOWS\imsins.log
2015-08-05 12:03 - 2015-08-05 12:04 - 00002161 _____ C:\WINDOWS\netfxocm.log
2015-08-05 12:03 - 2015-08-05 12:04 - 00001207 _____ C:\WINDOWS\MedCtrOC.log
2015-08-05 12:03 - 2015-08-05 12:04 - 00000885 _____ C:\WINDOWS\ocmsn.log
2015-08-05 12:03 - 2015-08-05 12:04 - 00000877 _____ C:\WINDOWS\msgsocm.log
2015-08-05 12:03 - 2015-08-05 12:04 - 00000311 _____ C:\WINDOWS\tabletoc.log
2015-08-05 12:03 - 2015-08-05 12:03 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-08-05 12:03 - 2015-08-05 12:03 - 00000000 _____ C:\WINDOWS\setupact.log
2015-08-04 19:43 - 2015-08-05 12:04 - 00021895 _____ C:\WINDOWS\setupapi.log
2015-08-04 17:43 - 2015-08-04 17:43 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\2A3B6631.sys
2015-08-04 17:39 - 2015-08-05 12:06 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-08-04 17:39 - 2015-08-05 12:06 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-08-04 17:39 - 2015-08-04 17:39 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2015-08-04 17:37 - 2015-08-05 18:27 - 00032618 _____ C:\WINDOWS\SchedLgU.Txt
2015-08-04 17:35 - 2015-08-05 15:28 - 00108090 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-04 16:29 - 2015-08-05 16:34 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0cef4520f2c14.job
2015-08-04 16:29 - 2015-08-04 16:30 - 00000000 ____D C:\Program Files\GUM1C.tmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-05 19:38 - 2012-02-19 16:23 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-08-05 19:37 - 2012-08-08 07:32 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-05 19:28 - 2012-10-24 17:29 - 00000900 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-05 17:18 - 2014-08-10 12:58 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-05 16:34 - 2012-10-24 17:29 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-05 13:40 - 2012-08-08 07:32 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-08-05 13:40 - 2012-02-20 13:56 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-08-05 12:11 - 2014-05-06 21:33 - 00000378 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-08-05 12:06 - 2004-08-04 08:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-05 12:05 - 2014-03-29 14:40 - 00000238 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-08-05 12:05 - 2013-04-28 09:21 - 00000000 ____D C:\Program Files\MarkAny
2015-08-05 12:05 - 2012-02-19 16:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-05 12:04 - 2012-02-19 16:23 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-08-05 12:04 - 2012-02-19 16:15 - 00000000 ____D C:\Program Files\Windows NT
2015-08-05 12:04 - 2012-02-19 11:05 - 00646260 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-05 12:04 - 2012-02-19 10:59 - 00000000 ____D C:\WINDOWS\Help
2015-08-05 12:04 - 2012-02-19 10:59 - 00000000 ____D C:\WINDOWS\Cursors
2015-08-05 12:03 - 2012-02-19 16:16 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Games
2015-08-05 12:03 - 2012-02-19 16:14 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2015-08-05 12:03 - 2012-02-19 10:59 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-08-05 12:01 - 2013-04-28 09:10 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Samsung
2015-08-05 12:01 - 2013-04-28 09:10 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Samsung
2015-08-05 12:01 - 2012-05-31 14:01 - 00000000 ____D C:\Program Files\Samsung
2015-08-05 11:59 - 2012-05-31 14:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Samsung
2015-08-05 11:59 - 2012-02-20 10:39 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-08-05 11:53 - 2012-05-02 11:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2015-08-05 11:48 - 2013-04-01 14:45 - 00000000 ____D C:\Program Files\Common Files\Intuit
2015-08-05 11:41 - 2012-04-02 13:36 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\MP3Rocket
2015-08-05 11:41 - 2012-02-20 11:13 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2015-08-05 11:27 - 2012-02-20 13:31 - 00000000 ____D C:\Program Files\Microsoft Office
2015-08-05 11:27 - 2012-02-19 11:05 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-08-05 11:25 - 2012-06-28 19:36 - 00000000 ____D C:\Program Files\Amazon
2015-08-05 11:25 - 2012-06-28 19:36 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\Amazon
2015-08-05 11:15 - 2012-02-19 16:22 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-08-04 23:24 - 2013-07-22 03:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-04 21:30 - 2012-10-24 17:30 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
2015-08-04 19:50 - 2012-02-19 10:59 - 00000000 ____D C:\WINDOWS\msagent
2015-08-04 17:37 - 2012-11-18 21:51 - 00001813 _____ C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
2015-08-04 17:35 - 2012-02-19 16:23 - 00000000 ____D C:\Documents and Settings\Administrator
2015-08-04 16:28 - 2014-08-10 12:51 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-04 16:28 - 2014-08-10 12:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-04 16:28 - 2014-08-10 12:50 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-04 15:28 - 2014-03-29 14:40 - 00000232 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-08-04 12:09 - 2012-03-16 15:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight
==================== Files in the root of some directories =======
2014-08-10 11:57 - 2014-08-10 11:57 - 6010880 _____ () C:\Program Files\GUT1F.tmp
2012-05-31 14:02 - 2012-05-31 14:02 - 0002528 _____ () C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
2012-04-21 21:04 - 2013-07-28 12:23 - 0013824 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of log ============================
Here is the Addition.txt:
Broadcom 440x 10/100 Integrated Controller (HKLM\...\InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}) (Version: 3.29 - Broadcom)
Broadcom 440x 10/100 Integrated Controller (Version: 3.29 - Broadcom) Hidden
Broadcom Management Programs (HKLM\...\InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}) (Version: 4.01.0000 - Broadcom)
Broadcom Management Programs (Version: 4.01.0000 - Broadcom) Hidden
Canon iP1800 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 3.23 - Piriform)
Cool Edit Pro 2.0 (HKLM\...\Cool Edit Pro 2.0) (Version: - )
Dropbox (HKU\S-1-5-21-725345543-1229272821-839522115-500\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)
FormatFactory 2.96 (HKLM\...\FormatFactory) (Version: 2.96 - Free Time)
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Drive (HKLM\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
Intel® Extreme Graphics Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - )
iTunes (HKLM\...\{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}) (Version: 10.6.0.40 - Apple Inc.)
Java 6 Update 32 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle)
Java SE Runtime Environment 6 Update 1 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
M-Audio FastTrack Driver 6.0.6 (x86) (HKLM\...\{96472D82-0239-11E0-9776-199EDFD72085}) (Version: 6.0.6 - M-Audio)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-725345543-1229272821-839522115-500\...\MyFreeCodec) (Version: - )
Nero 7 Ultra Edition (HKLM\...\{C6115A28-F277-4E82-B067-84D28BF21033}) (Version: 7.03.1357 - Nero AG)
NVIDIA nView 136.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.18 - NVIDIA Corporation)
NVIDIA Update 1.7.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.11 - NVIDIA Corporation)
Origin (HKLM\...\Origin) (Version: 8.5.2.23 - Electronic Arts, Inc.)
Paint Shop Pro 7 (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.05.0000 - Jasc Software Inc)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.50 - Sonic Solutions)
Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 6.5.0 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}) (Version: 2.80 - Sonic Solutions)
Sony Super Duper Music Looper 2.0 (HKLM\...\{9DECE42F-ABBD-4832-8735-D77F6032EF6E}) (Version: 2.0.63 - Sony)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
Spotify (HKU\S-1-5-21-725345543-1229272821-839522115-500\...\Spotify) (Version: 0.9.1.53.g876fa9df - Spotify AB)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VideoFileDownload (HKLM\...\vfd-adk) (Version: 1.0 - VideoFileDownload)
Vuze Remote Toolbar v9.1 (HKLM\...\{5C265DA2-F845-471E-A4FD-8F8D890F618F}) (Version: 9.1 - Spigot, Inc.) <==== ATTENTION
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-725345543-1229272821-839522115-500_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-725345543-1229272821-839522115-500_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-725345543-1229272821-839522115-500_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-725345543-1229272821-839522115-500_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-725345543-1229272821-839522115-500_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-725345543-1229272821-839522115-500_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-725345543-1229272821-839522115-500_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-725345543-1229272821-839522115-500_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-725345543-1229272821-839522115-500_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-725345543-1229272821-839522115-500_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-725345543-1229272821-839522115-500_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-725345543-1229272821-839522115-500_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-725345543-1229272821-839522115-500_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-725345543-1229272821-839522115-500_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\WINDOWS\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-725345543-1229272821-839522115-500_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\psu (the data entry has 15 more characters).
CustomCLSID: HKU\S-1-5-21-725345543-1229272821-839522115-500_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-725345543-1229272821-839522115-500_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-725345543-1229272821-839522115-500_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-725345543-1229272821-839522115-500_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-725345543-1229272821-839522115-500_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-725345543-1229272821-839522115-500_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\psu (the data entry has 15 more characters).
==================== Restore Points =========================
05-08-2015 11:43:17 Removed Compatibility Pack for the 2007 Office system
05-08-2015 11:52:46 Removed Skype Click to Call
05-08-2015 11:53:27 Removed Skype™ 6.11
05-08-2015 11:56:34 Removed Samsung Kies
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-08-04 08:00 - 2004-08-04 08:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0cef4520f2c14.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
==================== Loaded Modules (Whitelisted) ==============
2015-08-05 16:07 - 2015-08-05 16:07 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15080502\algo.dll
2014-05-06 21:30 - 2014-05-06 21:30 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-725345543-1229272821-839522115-1005\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-21-725345543-1229272821-839522115-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.1
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: chromium => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe --no-startup-window
MSCONFIG\startupreg: EA Core => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: nwiz => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sonic RecordNow! =>
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe
MSCONFIG\startupreg: Spotify => "C:\Documents and Settings\Administrator\Application Data\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Documents and Settings\Administrator\Application Data\Spotify\Data\SpotifyWebHelper.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Application Data\Spotify\spotify.exe] => Enabled:Spotify
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe] => Disabled:Java Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\Java\jre6\bin\javaw.exe] => Enabled:Java Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Disabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe] => Disabled:Daemonu.exe
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Program Files\Vuze\Azureus.exe] => Enabled:Azureus / Vuze
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\muzapp.exe] => Enabled:MUZ AOD APP player
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/05/2015 07:36:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application chrome.exe, version 44.0.2403.130, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (08/05/2015 12:00:09 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (08/05/2015 12:00:08 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (08/05/2015 11:11:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (08/05/2015 11:11:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (08/04/2015 05:44:44 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (08/04/2015 05:44:44 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <
http://www.download....uthrootstl.cab>with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (08/10/2014 12:30:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application avastui.exe, version 9.0.2018.397, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (08/10/2014 12:07:29 PM) (Source: ESENT) (EventID: 485) (User: )
Description: svchost (1212) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb" failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).
Error: (08/10/2014 12:07:25 PM) (Source: ESENT) (EventID: 485) (User: )
Description: svchost (1212) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb" failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ". The delete file operation will fail with error -1022 (0xfffffc02).
System errors:
=============
Error: (08/05/2015 12:06:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
Error: (08/05/2015 11:43:13 AM) (Source: 0) (EventID: 1) (User: )
Description: 0xC000000Echange.logHarddiskVolume4
Error: (08/05/2015 11:17:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
%%1053
Error: (08/05/2015 11:17:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the MBAMScheduler service to connect.
Error: (08/05/2015 11:15:56 AM) (Source: Microsoft Antimalware) (EventID: 2042) (User: )
Description: %%8604.5.0216.0
Error: (08/05/2015 11:15:54 AM) (Source: Microsoft Antimalware) (EventID: 2042) (User: )
Description: %%8604.5.0216.0
Error: (08/05/2015 11:10:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intuit Update Service v4 service terminated unexpectedly. It has done this 1 time(s).
Error: (08/05/2015 11:10:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (08/05/2015 07:43:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
Error: (08/05/2015 07:41:31 AM) (Source: Microsoft Antimalware) (EventID: 2042) (User: )
Description: %%8604.5.0216.0
Microsoft Office:
=========================
Error: (08/05/2015 07:36:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe44.0.2403.130hungapp0.0.0.000000000
Error: (08/05/2015 12:00:09 PM) (Source: crypt32) (EventID: 11) (User: )
Description:
http://www.download....uthrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (08/05/2015 12:00:08 PM) (Source: crypt32) (EventID: 11) (User: )
Description:
http://www.download....uthrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (08/05/2015 11:11:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000
Error: (08/05/2015 11:11:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000
Error: (08/04/2015 05:44:44 PM) (Source: crypt32) (EventID: 11) (User: )
Description:
http://www.download....uthrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (08/04/2015 05:44:44 PM) (Source: crypt32) (EventID: 11) (User: )
Description:
http://www.download....uthrootstl.cabArequired certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
Error: (08/10/2014 12:30:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: avastui.exe9.0.2018.397hungapp0.0.0.000000000
Error: (08/10/2014 12:07:29 PM) (Source: ESENT) (EventID: 485) (User: )
Description: svchost1212C:\WINDOWS\system32\CatRoot2\tmp.edb-1022 (0xfffffc02)1392 (0x00000570)The file or directory is corrupted and unreadable.
Error: (08/10/2014 12:07:25 PM) (Source: ESENT) (EventID: 485) (User: )
Description: svchost1212C:\WINDOWS\system32\CatRoot2\tmp.edb-1022 (0xfffffc02)1392 (0x00000570)The file or directory is corrupted and unreadable.
==================== Memory info ===========================
Processor: Intel® Pentium® 4 CPU 2.80GHz
Percentage of memory in use: 46%
Total physical RAM: 1022 MB
Available physical RAM: 550.11 MB
Total Virtual: 1426.66 MB
Available Virtual: 847.94 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:71.06 GB) (Free:38.76 GB) NTFS ==>[drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=71.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3.4 GB) - (Type=DB)
==================== End of log ============================