FRST Scans with the two text files attatched
Frst:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2015 03
Ran by home (administrator) on ACER-D928810BF0 (22-08-2015 00:38:00)
Running from C:\Documents and Settings\home\Desktop
Loaded Profiles: home (Available Profiles: home & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe
(Acer Inc.) C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
() C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
(Cyberlink) C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
(Cyberlink) C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(HP) C:\WINDOWS\System32\HPZipm12.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
() C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
(ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe
() C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\WINDOWS\System32\Wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\System32\wscntfy.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ePower_DMC] => C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [421888 2006-05-30] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3780520 2015-07-31] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2006-04-27] (ATI Technologies Inc.)
HKU\S-1-5-21-3344879686-2638717043-3166630987-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-17] (Piriform Ltd)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restartsdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3344879686-2638717043-3166630987-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://ca.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://ca.yahoo.com
HKU\S-1-5-21-3344879686-2638717043-3166630987-1005\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
HKU\S-1-5-21-3344879686-2638717043-3166630987-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-07] (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-07] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9
Tcpip\..\Interfaces\{F9660150-E81B-42D0-850D-AF7A2B5B319A}: [DhcpNameServer] 192.168.1.254 75.153.176.9
FireFox:
========
FF ProfilePath: C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\xw8srnc8.default
FF DefaultSearchEngine: Yahoo
FF Homepage: hxxps://ca.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-15] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-07] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Extension: Facebook Ads Block - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\xw8srnc8.default\Extensions\[email protected] [2015-08-20]
FF Extension: Adblock Plus - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\xw8srnc8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-08-20]
FF Extension: Adblock Plus Pop-up Addon - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\xw8srnc8.default\Extensions\[email protected] [2015-08-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-22]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AcerMemUsageCheckService; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672 2006-03-29] (Acer Inc.) [File not signed]
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3633576 2015-07-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [335656 2015-07-31] (AVG Technologies CZ, s.r.o.)
R2 CLCapSvc; C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [254050 2006-04-27] () [File not signed]
R2 CLSched; C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [114784 2006-04-27] () [File not signed]
R2 CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [61440 2006-04-27] (Cyberlink) [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242880 2015-07-02] (Foxit Software Inc.)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2006-02-17] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [73728 2007-08-09] (HP) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [143360 2005-01-21] () [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-04] (Microsoft Corporation)
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [43672 2009-04-11] (Oak Technology Inc.)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-05-10] (Advanced Micro Devices)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [238000 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [190944 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-07-23] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [207328 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [186800 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [213984 2015-05-12] (AVG Technologies CZ, s.r.o.)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [424320 2005-11-02] (Broadcom Corporation)
R3 EMSCR; C:\WINDOWS\System32\DRIVERS\EMS7SK.sys [61056 2006-05-24] (ENE Technology Inc.)
R3 ESDCR; C:\WINDOWS\System32\DRIVERS\ESD7SK.sys [40064 2006-05-24] (ENE Technology Inc.)
R3 ESMCR; C:\WINDOWS\System32\DRIVERS\ESM7SK.sys [74752 2006-05-24] (ENE Technology Inc.)
R3 HidUsb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [9600 2004-08-04] (Microsoft Corporation) [File not signed]
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [208384 2006-06-12] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [990592 2006-06-12] (Conexant Systems, Inc.)
R2 int15; C:\WINDOWS\system32\drivers\int15.sys [69632 2006-06-02] () [File not signed]
S3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 NTIDrvr; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [6144 2006-06-20] (NewTech Infosystems, Inc.) [File not signed]
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [46592 2004-12-09] (SMSC)
R2 tvicport; C:\WINDOWS\system32\drivers\tvicport.sys [14544 2006-06-02] (EnTech Taiwan) [File not signed]
R2 zntport; C:\WINDOWS\system32\drivers\zntport.sys [6080 2006-06-02] (Zeal SoftStudio) [File not signed]
S3 eapihdrv; \??\C:\DOCUME~1\home\LOCALS~1\Temp\ehdrv.sys [X]
S0 qieyd; System32\drivers\jvuygmhy.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-22 00:38 - 2015-08-22 00:38 - 00011720 _____ C:\Documents and Settings\home\Desktop\FRST.txt
2015-08-22 00:37 - 2015-08-22 00:37 - 00000000 ____D C:\FRST
2015-08-22 00:35 - 2015-08-22 00:36 - 01677824 _____ (Farbar) C:\Documents and Settings\home\Desktop\FRST.exe
2015-08-20 13:18 - 2015-08-20 13:18 - 00000079 _____ C:\WINDOWS\wininit.ini
2015-08-20 08:15 - 2015-08-20 08:15 - 00158778 _____ C:\Documents and Settings\home\My Documents\Auslogics Disk Defrag Report.htm
2015-08-19 18:24 - 2015-08-19 18:24 - 00000000 ____D C:\Program Files\ESET
2015-08-19 07:09 - 2015-08-19 07:09 - 00000282 _____ C:\Shortcut to Downloads.lnk
2015-08-19 00:15 - 2015-08-19 00:15 - 00000000 ____D C:\Favorites backup
2015-08-19 00:08 - 2015-08-19 00:08 - 00000000 ____D C:\Documents and Settings\home\My Documents\Recipes
2015-08-18 23:02 - 2015-08-18 23:03 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-18 23:00 - 2015-08-18 23:00 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-18 23:00 - 2015-08-18 23:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-18 23:00 - 2015-06-18 08:41 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-18 23:00 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-18 22:59 - 2015-08-18 22:59 - 00000000 ____D C:\Documents and Settings\home\Application Data\SpeedBit
2015-08-18 22:59 - 2015-08-18 22:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2015-08-18 22:59 - 2015-08-18 22:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SpeedBit
2015-08-18 15:35 - 2015-08-18 15:35 - 00000000 ____D C:\Repair Info
2015-08-18 00:21 - 2015-08-18 00:21 - 00000000 ____D C:\UDownload
2015-08-18 00:20 - 2015-08-18 00:20 - 00000000 ____D C:\Documents and Settings\home\Application Data\uTorrent
2015-08-17 08:36 - 2015-08-17 08:36 - 00001726 _____ C:\AdwCleaner[C1].txt
2015-08-17 06:47 - 2015-08-17 06:49 - 00001518 _____ C:\AdwCleaner[S2].txt
2015-08-17 05:58 - 2015-08-17 05:59 - 00000510 _____ C:\AdwCleaner[S1].txt
2015-08-15 21:33 - 2015-08-15 21:33 - 00000000 ____D C:\Program Files\CCleaner
2015-08-15 21:33 - 2015-08-15 21:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2015-08-14 03:13 - 2015-08-14 03:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-12 14:04 - 2015-08-12 14:04 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-12 13:52 - 2015-08-13 00:20 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2015-08-12 13:52 - 2015-08-12 13:52 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-08-09 22:33 - 2015-08-09 22:33 - 00008192 ___SH C:\WINDOWS\Thumbs.db
2015-08-09 22:33 - 2015-08-09 22:33 - 00003072 ___SH C:\Thumbs.db
2015-08-09 21:51 - 2015-08-09 21:51 - 00005914 _____ C:\Documents and Settings\home\Local Settings\Application Data\HWVendorDetection.log
2015-08-09 14:05 - 2015-08-09 14:05 - 00000000 ____D C:\WINDOWS\system32\URTTEMP
2015-08-07 19:59 - 2015-08-09 22:33 - 00003584 _____ C:\Documents and Settings\home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-07 19:57 - 2015-08-07 19:57 - 00000000 ____D C:\Program Files\PhotoScape
2015-08-07 19:57 - 2015-08-07 19:57 - 00000000 ____D C:\Documents and Settings\home\Application Data\PhotoScape
2015-08-07 19:57 - 2015-08-07 19:57 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PhotoScape
2015-08-07 19:30 - 2015-08-07 19:30 - 00000000 ____D C:\Documents and Settings\home\Application Data\AVG2015
2015-08-07 19:29 - 2015-08-07 19:29 - 00000000 ___HD C:\$AVG
2015-08-07 19:29 - 2015-08-07 19:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-08-07 19:29 - 2015-08-07 19:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2015
2015-08-07 19:26 - 2015-08-07 19:26 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\MFAData
2015-08-07 19:26 - 2015-08-07 19:26 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\Avg2015
2015-08-07 19:26 - 2015-08-07 19:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2015-08-07 18:36 - 2015-08-09 22:15 - 00315928 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2015-08-07 18:23 - 2015-08-07 18:23 - 00005285 _____ C:\Documents and Settings\home\My Documents\fido conversation.txt
2015-08-07 18:05 - 2015-08-07 18:05 - 00000677 _____ C:\Documents and Settings\home\My Documents\New Fido.txt
2015-08-07 17:28 - 2015-08-07 17:29 - 01226962 _____ C:\Documents and Settings\home\My Documents\sys info.nfo
2015-08-07 16:16 - 2015-08-07 16:16 - 00000000 ____D C:\Documents and Settings\home\My Documents\Extracted Files
2015-08-07 15:44 - 2015-08-07 15:44 - 00070677 _____ C:\Documents and Settings\home\My Documents\overview windows.mht
2015-08-07 15:42 - 2015-08-07 15:42 - 00070677 _____ C:\Documents and Settings\home\My Documents\windows 7 update.mht
2015-08-07 15:39 - 2015-08-07 15:39 - 00001776 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2015-08-07 15:39 - 2015-08-07 15:39 - 00000000 ____D C:\WINDOWS\Performance
2015-08-07 15:39 - 2015-08-07 15:39 - 00000000 ____D C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2015-08-07 15:39 - 2015-08-07 15:39 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\Microsoft Corporation
2015-08-07 15:33 - 2015-08-07 15:33 - 00000000 ____D C:\Documents and Settings\home\Application Data\Foxit Software
2015-08-07 15:33 - 2015-08-07 15:33 - 00000000 ____D C:\Documents and Settings\All Users\Foxit Software
2015-08-07 15:32 - 2015-08-07 15:32 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Foxit Software
2015-08-07 15:32 - 2015-08-07 15:32 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
2015-08-07 15:30 - 2015-08-07 15:30 - 00000000 ____D C:\Program Files\Foxit Software
2015-08-07 15:06 - 2015-08-07 15:06 - 00000000 ____D C:\Program Files\Common Files\Java
2015-08-07 15:05 - 2015-08-07 15:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Oracle
2015-08-07 12:18 - 2015-08-07 12:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2015-08-06 20:18 - 2015-08-06 20:18 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\AvgSetupLog
2015-08-06 18:13 - 2015-08-06 18:13 - 00023482 _____ C:\Documents and Settings\home\My Documents\duplicate.txt
2015-08-06 17:47 - 2015-08-06 17:47 - 00000696 _____ C:\Documents and Settings\Donna\Start Menu\Programs\Windows Media Player.lnk
2015-08-06 17:47 - 2015-08-06 17:47 - 00000000 __SHD C:\Documents and Settings\Donna\IETldCache
2015-08-06 17:47 - 2008-04-13 16:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpns.dll
2015-08-06 17:46 - 2015-08-06 17:57 - 00000178 ___SH C:\Documents and Settings\Donna\ntuser.ini
2015-08-06 17:46 - 2015-08-06 17:47 - 00000711 _____ C:\Documents and Settings\Donna\Start Menu\Programs\Internet Explorer.lnk
2015-08-06 17:46 - 2015-08-06 17:47 - 00000646 _____ C:\Documents and Settings\Donna\Start Menu\Programs\Outlook Express.lnk
2015-08-06 17:46 - 2015-08-06 17:46 - 00000000 ____D C:\Documents and Settings\Donna
2015-08-06 17:46 - 2014-03-13 09:49 - 00000000 ____D C:\Documents and Settings\Donna\Application Data\TuneUp Software
2015-08-06 17:46 - 2006-06-20 15:00 - 00000000 ____D C:\Documents and Settings\Donna\Local Settings\Application Data\Adobe
2015-08-06 17:46 - 2006-06-20 15:00 - 00000000 ____D C:\Documents and Settings\Donna\Application Data\Adobe
2015-08-06 17:46 - 2006-06-20 14:50 - 00034232 _____ C:\Documents and Settings\Donna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-08-06 17:46 - 2006-06-20 13:50 - 00000000 ____D C:\Documents and Settings\Donna\Local Settings\Application Data\Acer Arcade
2015-08-06 17:46 - 2006-06-20 13:41 - 00000136 _____ C:\Documents and Settings\Donna\Local Settings\Application Data\fusioncache.dat
2015-08-06 17:46 - 2006-06-20 13:41 - 00000000 ____D C:\Documents and Settings\Donna\Local Settings\Application Data\ATI
2015-08-06 17:46 - 2006-06-20 13:41 - 00000000 ____D C:\Documents and Settings\Donna\Application Data\ATI
2015-08-06 17:46 - 2006-06-20 13:26 - 00001507 _____ C:\Documents and Settings\Donna\Start Menu\Programs\Remote Assistance.lnk
2015-08-06 17:46 - 2006-06-20 13:24 - 00000000 ___RD C:\Documents and Settings\Donna\Start Menu\Programs\Accessories
2015-08-06 17:46 - 2006-06-20 13:18 - 00000000 ____D C:\Documents and Settings\Donna\Local Settings\Temp
2015-08-06 15:06 - 2015-08-18 00:25 - 00013312 ___SH C:\Documents and Settings\home\My Documents\Thumbs.db
2015-08-06 15:01 - 2015-08-06 15:01 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\Avg
2015-07-28 11:02 - 2015-07-28 11:02 - 00238000 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys
2015-07-28 11:02 - 2015-07-28 11:02 - 00186800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2015-07-23 16:44 - 2015-07-23 16:44 - 00031664 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsshimx.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-22 00:38 - 2014-01-21 12:33 - 01063374 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-22 00:34 - 2014-01-21 10:42 - 00000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{3B11F248-9E1D-4583-9DDA-3BBA1F0533B1}.job
2015-08-22 00:31 - 2006-06-20 15:15 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-22 00:30 - 2014-01-21 12:34 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-08-22 00:30 - 2006-06-20 15:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-22 00:28 - 2014-01-21 12:34 - 00032624 _____ C:\WINDOWS\SchedLgU.Txt
2015-08-22 00:28 - 2014-01-21 12:34 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-08-22 00:28 - 2008-11-12 18:49 - 00000178 ___SH C:\Documents and Settings\home\ntuser.ini
2015-08-22 00:28 - 2006-06-20 14:07 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2015-08-19 00:07 - 2008-12-04 12:50 - 00002479 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2015-08-15 02:53 - 2014-01-22 09:59 - 00778440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-08-15 02:53 - 2014-01-22 09:59 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-08-09 14:05 - 2006-06-20 13:51 - 00513338 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-07 19:21 - 2009-04-05 16:37 - 00009904 _____ C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-08-07 15:05 - 2014-01-22 09:56 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-08-07 15:05 - 2014-01-22 09:56 - 00096352 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-08-06 18:54 - 2014-01-27 16:13 - 00040480 _____ C:\Documents and Settings\home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-08-06 18:52 - 2006-06-20 14:49 - 00209696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-06 17:47 - 2006-06-20 14:50 - 00045184 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-08-06 17:29 - 2014-01-21 12:38 - 00001945 _____ C:\WINDOWS\epplauncher.mif
==================== Files in the root of some directories =======
2014-01-21 12:34 - 2014-01-21 12:34 - 0000127 _____ () C:\Documents and Settings\home\Local Settings\Application Data\fusioncache.dat
2015-08-07 19:59 - 2015-08-09 22:33 - 0003584 _____ () C:\Documents and Settings\home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-09 21:51 - 2015-08-09 21:51 - 0005914 _____ () C:\Documents and Settings\home\Local Settings\Application Data\HWVendorDetection.log
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of log ============================
Addtitions:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-08-2015 03
Ran by home (2015-08-22 00:38:53)
Running from C:\Documents and Settings\home\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3344879686-2638717043-3166630987-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-3344879686-2638717043-3166630987-1003 - Limited - Enabled)
Guest (S-1-5-21-3344879686-2638717043-3166630987-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-3344879686-2638717043-3166630987-1004 - Limited - Disabled)
home (S-1-5-21-3344879686-2638717043-3166630987-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\home
SUPPORT_388945a0 (S-1-5-21-3344879686-2638717043-3166630987-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acer Arcade (HKLM\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: - )
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.03.2024 - Acer)
Acer ePerformance Management (HKLM\...\{7057702F-6D71-4F30-8000-9E72BC771887}) (Version: 2.00.2007 - Acer)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.00.2016a - )
Acer eSettings Management (HKLM\...\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}) (Version: 2.03.2017 - Acer)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.54 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1014 - )
ATI Catalyst Control Center (HKLM\...\{79B05AF4-8894-49A1-9FF4-53F0142D85E1}) (Version: 1.2.2308.14812 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.251-060427a-034514C-Acer - )
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.0.1.0 - Auslogics Labs Pty Ltd)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6125 - AVG Technologies)
AVG 2015 (Version: 15.0.4392 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6125 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Destinations (Version: 70.0.170.000 - Hewlett-Packard) Hidden
DocProc (Version: 7.0.0.0 - Hewlett-Packard) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.6.122.702 - Foxit Software Inc.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
InstantShareDevicesMFC (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
LightScribe 1.4.74.1 (Version: 1.4.74.1 - http://www.lightscribe.com)Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PanoStandAlone (Version: 70.0.170.000 - Hewlett-Packard) Hidden
PhotoScape (HKLM\...\PhotoScape) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5273 - Realtek Semiconductor Corp.)
ScannerCopy (Version: 7.0.0.0 - Hewlett-Packard) Hidden
SMSC IrCC V5.1.3600.7 (HKLM\...\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}) (Version: r1.02 - )
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2BFA&SUBSYS_1025009F) (Version: - )
Status (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.19.0 - Synaptics)
Toolbox (Version: 70.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0) (HKLM\...\9E140F48C9836B9B78539C08FB2B17146BDB3F65) (Version: 04/28/2006 1.3.1.0 - Advanced Micro Devices)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
31-07-2015 07:39:02 Software Distribution Service 3.0
06-08-2015 14:43:03 Software Distribution Service 3.0
06-08-2015 15:33:52 Installed Content Manager
06-08-2015 16:50:25 Removed AVG 2014
06-08-2015 16:51:19 Removed AVG 2014
06-08-2015 16:51:36 Removed Content Manager
06-08-2015 17:14:01 Removed Adobe Reader 9.1.
06-08-2015 17:19:47 Removed Content Transfer.
06-08-2015 17:25:12 Removed Media Manager for WALKMAN 1.2
06-08-2015 17:29:46 Configured NTI Backup NOW! 4
06-08-2015 17:30:09 Configured NTI CD & DVD-Maker
06-08-2015 17:31:29 Removed QuickTime
06-08-2015 18:35:01 Removed HP Memories Disc
06-08-2015 18:35:16 Removed HP Photosmart Essential
06-08-2015 18:47:20 Removed Microsoft Streets and Trips 2005
06-08-2015 20:35:48 Installed AVG 2015
06-08-2015 20:36:03 Installed AVG 2015
06-08-2015 20:40:40 Installed AVG 2015
06-08-2015 20:40:48 Removed AVG 2015
07-08-2015 12:10:01 Software Distribution Service 3.0
07-08-2015 15:34:11 Printer Driver Foxit Reader PDF Printer Driver Installed
07-08-2015 15:39:12 Installed Windows 7 Upgrade Advisor
07-08-2015 19:16:33 Removed ATI Parental Control & Encoder
07-08-2015 19:16:47 Removed HP Update.
07-08-2015 19:17:30 Removed Apple Software Update
07-08-2015 19:17:55 Removed Microsoft .NET Framework 1.1
07-08-2015 19:23:30 Removed MSXML 4.0 SP2 (KB954430)
07-08-2015 19:28:52 Installed AVG 2015
07-08-2015 19:29:04 Installed AVG 2015
08-08-2015 03:00:16 Software Distribution Service 3.0
09-08-2015 03:00:16 Software Distribution Service 3.0
09-08-2015 14:04:56 Installed Microsoft .NET Framework 1.1
09-08-2015 22:08:21 Installed WIDCOMM Bluetooth Software
09-08-2015 22:10:16 Unsigned driver install
09-08-2015 22:15:27 Removed WIDCOMM Bluetooth Software
09-08-2015 22:20:54 Removed Acer ePresentation Management
10-08-2015 22:47:03 System Checkpoint
12-08-2015 15:43:14 System Checkpoint
13-08-2015 19:10:57 System Checkpoint
14-08-2015 22:31:09 System Checkpoint
16-08-2015 15:11:33 System Checkpoint
17-08-2015 09:17:06 JRT Pre-Junkware Removal
18-08-2015 14:38:45 Restore Point Created by FRST
19-08-2015 19:19:04 System Checkpoint
20-08-2015 20:56:44 System Checkpoint
22-08-2015 00:12:03 System Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-08-04 05:00 - 2004-08-04 05:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{3B11F248-9E1D-4583-9DDA-3BBA1F0533B1}.job => C:\WINDOWS\system32\msfeedssync.exe
==================== Loaded Modules (Whitelisted) ==============
2015-08-09 14:05 - 2015-08-09 14:05 - 03289088 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7511b2f2\mscorlib.dll
2015-08-09 14:05 - 2015-08-09 14:05 - 01929216 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_103bcdb3\system.dll
2006-04-27 12:10 - 2006-04-27 12:10 - 00254050 ____N () C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
2006-04-27 12:10 - 2006-04-27 12:10 - 00192616 ____N () C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll
2004-08-04 05:00 - 2008-04-13 16:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 05:00 - 2008-04-13 16:12 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2006-04-27 12:10 - 2006-04-27 12:10 - 00028672 ____N () C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll
2005-01-21 19:37 - 2005-01-21 19:37 - 00143360 ____N () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2006-04-27 12:10 - 2006-04-27 12:10 - 00114784 ____N () C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
2006-04-27 12:10 - 2006-04-27 12:10 - 00061538 ____N () C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll
2008-11-12 18:52 - 2005-10-11 13:18 - 00028672 _____ () C:\Acer\Empowering Technology\ePower\SysHook.dll
2005-10-19 10:17 - 2005-10-19 10:17 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll
2008-11-12 18:52 - 2006-05-30 12:11 - 00421888 _____ () C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
2015-08-09 14:05 - 2015-08-09 14:05 - 02994176 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_4d92b817\system.windows.forms.dll
2015-08-09 14:05 - 2015-08-09 14:05 - 00835584 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_0469f7da\system.drawing.dll
2008-11-12 18:52 - 2005-10-20 17:20 - 00208896 _____ () C:\Acer\Empowering Technology\ePower\DialogDLL.dll
==================== Alternate Data Streams (Whitelisted) =========
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3344879686-2638717043-3166630987-1005\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\home\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.254 - 75.153.176.9
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer Empowering Technology.lnk => C:\WINDOWS\pss\Acer Empowering Technology.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk => C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupreg: Acer ePresentation HPD => C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
MSCONFIG\startupreg: ATICCC => "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
MSCONFIG\startupreg: AzMixerSel => C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
MSCONFIG\startupreg: Boot => C:\Acer\Empowering Technology\ePower\Boot.exe
MSCONFIG\startupreg: ContentTransferWMDetector.exe => C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: ntiMUI => C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
StandardProfile\AuthorizedApplications: [C:\Program Files\Acer\Acer Arcade\PCMService.exe] => Enabled:CyberLink PowerCinema Resident Program
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\MSMSGS.EXE] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [D:\setup\HPZNET01.EXE] => Enabled:hpznet01.exe
StandardProfile\AuthorizedApplications: [D:\setup\HPONICIFS01.EXE] => Enabled:hponicifs01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\HPQTRA08.EXE] => Enabled:hpqtra08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpqste08.exe] => Enabled:hpqste08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpofxm08.exe] => Enabled:hpofxm08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hposfx08.exe] => Enabled:hposfx08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hposid01.exe] => Enabled:hposid01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpqscnvw.exe] => Enabled:hpqscnvw.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpqkygrp.exe] => Enabled:hpqkygrp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpqCopy.exe] => Enabled:hpqcopy.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpfccopy.exe] => Enabled:hpfccopy.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpzwiz01.exe] => Enabled:hpzwiz01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe] => Enabled:hpqphunl.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe] => Enabled:hpqdia.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpoews01.exe] => Enabled:hpoews01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpqnrs08.exe] => Enabled:hpqnrs08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgdiagex.exe] => Enabled:AVG Diagnostics 2015
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgemcx.exe] => Enabled:Personal Email Scanner
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\DAP\DAP.exe] => Enabled:Download Accelerator Plus (DAP)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
==================== Faulty Device Manager Devices =============
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8023xp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/22/2015 12:30:24 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.
Error: (08/21/2015 12:28:19 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.
Error: (08/20/2015 01:38:49 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.
Error: (08/20/2015 01:20:29 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.
Error: (08/20/2015 08:18:28 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.
Error: (08/20/2015 06:37:27 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.
Error: (08/19/2015 09:08:59 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.
Error: (08/19/2015 03:49:55 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.
Error: (08/19/2015 03:17:41 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.
Error: (08/19/2015 05:10:05 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.
System errors:
=============
Error: (08/20/2015 08:19:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053
Error: (08/20/2015 08:19:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Error: (08/20/2015 08:19:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053
Error: (08/20/2015 08:19:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.
Error: (08/20/2015 06:38:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053
Error: (08/20/2015 06:38:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Error: (08/19/2015 09:10:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053
Error: (08/19/2015 09:10:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Error: (08/19/2015 03:51:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053
Error: (08/19/2015 03:51:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Microsoft Office:
=========================
Error: (08/22/2015 12:30:24 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (08/21/2015 12:28:19 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (08/20/2015 01:38:49 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (08/20/2015 01:20:29 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (08/20/2015 08:18:28 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (08/20/2015 06:37:27 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (08/19/2015 09:08:59 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (08/19/2015 03:49:55 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (08/19/2015 03:17:41 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (08/19/2015 05:10:05 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
==================== Memory info ===========================
Processor: AMD Turion 64 Mobile Technology MK-38
Percentage of memory in use: 25%
Total physical RAM: 1790.1 MB
Available physical RAM: 1339.27 MB
Total Virtual: 3427.15 MB
Available Virtual: 2974.61 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:93.13 GB) (Free:75.67 GB) FAT32 ==>[drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 93.2 GB) (Disk ID: 5EA4F703)
Partition 1: (Active) - (Size=93.2 GB) - (Type=0C)
==================== End of log ============================