Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

couple issues


  • This topic is locked This topic is locked

#16
dolface755

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts

Ok, I'm on my way to the hospital shortly so unless there's something I need to watch while this scan is running,, I'll just let it run while I'm there then post the results to you

Again, thank you so much fo the help. I don't know where my Mother's took her computer courses, or for that matter in what century, but all of her machines are a mess.


  • 0

Advertisements


#17
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
OK.

That's fine. This computer actually does not look bad, other then being a 13 year old operating system and unsupported now too.
  • 0

#18
dolface755

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts

yes i was hoping to add another 2 gig of RAM because unless I'm reading the information wrong I should be able to put windows7 on here...I downloaded that program from microsoft that tells you if it's compatiblie. Just some of the newer stuff is a little confusing to me. I've just been rebuidling and adding onto the computer I built in '97 for my b/f and finally broke down and got him a new one last year....I hate throwing things away lololol

After I do the final scan for you could I possibly send you the file that microsoft sent me about windows 7 or is that another department?


  • 0

#19
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts

could I possibly send you the file that microsoft sent me about windows 7


Yes you may send the file that Microsoft sent you.
  • 0

#20
dolface755

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts

I ran the ESET scan and will post the log. I think I messed up on the settings though I'm not quite sure.

It only found 2 things 1 was malware bytes and the other was ccleaner

 

Here's the log. Please let me know if I messed up somehow and I'll re run the scan. In the settings I didn't find anything Anti-stealth technology or anthing.

 

C:\Documents and Settings\Administrator\Desktop\CCleaner\ccsetup407.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Downloads\ccsetup508.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
 

 

Thank you for having so much patience with me


  • 0

#21
dolface755

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts

Because I was unsure if I missed some of the settings your had requested me to click on during the ESET scan I re-ran the scan and am including the second scan results with this information.

Thank you so much

 

 

C:\Documents and Settings\Administrator\Desktop\CCleaner\ccsetup407.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\System Volume Information\_restore{F68596F9-AD7D-4816-BA1D-AFA61CF8236A}\RP195\A0045085.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\System Volume Information\_restore{F68596F9-AD7D-4816-BA1D-AFA61CF8236A}\RP195\A0045086.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Downloads\ccsetup508.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application

 

 

 

P.S. Just for your informtion, when I finished the scan the second time around I got a pop up ad come up on my computer asking me to complete a survey for Telus Communications, which also included my IPS address and a promise of $75 in rewards to complete. Being the untrusting sole I am, I immediately phned Telus and asked them about it, and they concluded thought their research that this was a pop ad and a n attempt to get my personal informmation.

I just thought I'd let you know
 


Edited by dolface755, 20 August 2015 - 03:07 AM.

  • 0

#22
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Strange add / pop up indeed so,

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  • 0

#23
dolface755

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts

FRST Scans with the two text files attatched

 

Frst:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2015 03
Ran by home (administrator) on ACER-D928810BF0 (22-08-2015 00:38:00)
Running from C:\Documents and Settings\home\Desktop
Loaded Profiles: home (Available Profiles: home & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe
(Acer Inc.) C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
() C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
(Cyberlink) C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
(Cyberlink) C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(HP) C:\WINDOWS\System32\HPZipm12.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
() C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
(ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe
() C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\WINDOWS\System32\Wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\System32\wscntfy.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ePower_DMC] => C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [421888 2006-05-30] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3780520 2015-07-31] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2006-04-27] (ATI Technologies Inc.)
HKU\S-1-5-21-3344879686-2638717043-3166630987-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-17] (Piriform Ltd)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restartsdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3344879686-2638717043-3166630987-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://ca.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://ca.yahoo.com
HKU\S-1-5-21-3344879686-2638717043-3166630987-1005\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
HKU\S-1-5-21-3344879686-2638717043-3166630987-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-07] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-07] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9
Tcpip\..\Interfaces\{F9660150-E81B-42D0-850D-AF7A2B5B319A}: [DhcpNameServer] 192.168.1.254 75.153.176.9

FireFox:
========
FF ProfilePath: C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\xw8srnc8.default
FF DefaultSearchEngine: Yahoo
FF Homepage: hxxps://ca.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-15] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-07] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Extension: Facebook Ads Block - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\xw8srnc8.default\Extensions\[email protected] [2015-08-20]
FF Extension: Adblock Plus - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\xw8srnc8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-08-20]
FF Extension: Adblock Plus Pop-up Addon - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\xw8srnc8.default\Extensions\[email protected] [2015-08-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-22]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcerMemUsageCheckService; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672 2006-03-29] (Acer Inc.) [File not signed]
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3633576 2015-07-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [335656 2015-07-31] (AVG Technologies CZ, s.r.o.)
R2 CLCapSvc; C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [254050 2006-04-27] () [File not signed]
R2 CLSched; C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [114784 2006-04-27] () [File not signed]
R2 CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [61440 2006-04-27] (Cyberlink) [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242880 2015-07-02] (Foxit Software Inc.)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2006-02-17] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [73728 2007-08-09] (HP) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [143360 2005-01-21] () [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-04] (Microsoft Corporation)
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [43672 2009-04-11] (Oak Technology Inc.)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-05-10] (Advanced Micro Devices)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [238000 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [190944 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-07-23] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [207328 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [186800 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [213984 2015-05-12] (AVG Technologies CZ, s.r.o.)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [424320 2005-11-02] (Broadcom Corporation)
R3 EMSCR; C:\WINDOWS\System32\DRIVERS\EMS7SK.sys [61056 2006-05-24] (ENE Technology Inc.)
R3 ESDCR; C:\WINDOWS\System32\DRIVERS\ESD7SK.sys [40064 2006-05-24] (ENE Technology Inc.)
R3 ESMCR; C:\WINDOWS\System32\DRIVERS\ESM7SK.sys [74752 2006-05-24] (ENE Technology Inc.)
R3 HidUsb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [9600 2004-08-04] (Microsoft Corporation) [File not signed]
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [208384 2006-06-12] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [990592 2006-06-12] (Conexant Systems, Inc.)
R2 int15; C:\WINDOWS\system32\drivers\int15.sys [69632 2006-06-02] () [File not signed]
S3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 NTIDrvr; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [6144 2006-06-20] (NewTech Infosystems, Inc.) [File not signed]
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [46592 2004-12-09] (SMSC)
R2 tvicport; C:\WINDOWS\system32\drivers\tvicport.sys [14544 2006-06-02] (EnTech Taiwan) [File not signed]
R2 zntport; C:\WINDOWS\system32\drivers\zntport.sys [6080 2006-06-02] (Zeal SoftStudio) [File not signed]
S3 eapihdrv; \??\C:\DOCUME~1\home\LOCALS~1\Temp\ehdrv.sys [X]
S0 qieyd; System32\drivers\jvuygmhy.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-22 00:38 - 2015-08-22 00:38 - 00011720 _____ C:\Documents and Settings\home\Desktop\FRST.txt
2015-08-22 00:37 - 2015-08-22 00:37 - 00000000 ____D C:\FRST
2015-08-22 00:35 - 2015-08-22 00:36 - 01677824 _____ (Farbar) C:\Documents and Settings\home\Desktop\FRST.exe
2015-08-20 13:18 - 2015-08-20 13:18 - 00000079 _____ C:\WINDOWS\wininit.ini
2015-08-20 08:15 - 2015-08-20 08:15 - 00158778 _____ C:\Documents and Settings\home\My Documents\Auslogics Disk Defrag Report.htm
2015-08-19 18:24 - 2015-08-19 18:24 - 00000000 ____D C:\Program Files\ESET
2015-08-19 07:09 - 2015-08-19 07:09 - 00000282 _____ C:\Shortcut to Downloads.lnk
2015-08-19 00:15 - 2015-08-19 00:15 - 00000000 ____D C:\Favorites backup
2015-08-19 00:08 - 2015-08-19 00:08 - 00000000 ____D C:\Documents and Settings\home\My Documents\Recipes
2015-08-18 23:02 - 2015-08-18 23:03 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-18 23:00 - 2015-08-18 23:00 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-18 23:00 - 2015-08-18 23:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-18 23:00 - 2015-06-18 08:41 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-18 23:00 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-18 22:59 - 2015-08-18 22:59 - 00000000 ____D C:\Documents and Settings\home\Application Data\SpeedBit
2015-08-18 22:59 - 2015-08-18 22:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2015-08-18 22:59 - 2015-08-18 22:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SpeedBit
2015-08-18 15:35 - 2015-08-18 15:35 - 00000000 ____D C:\Repair Info
2015-08-18 00:21 - 2015-08-18 00:21 - 00000000 ____D C:\UDownload
2015-08-18 00:20 - 2015-08-18 00:20 - 00000000 ____D C:\Documents and Settings\home\Application Data\uTorrent
2015-08-17 08:36 - 2015-08-17 08:36 - 00001726 _____ C:\AdwCleaner[C1].txt
2015-08-17 06:47 - 2015-08-17 06:49 - 00001518 _____ C:\AdwCleaner[S2].txt
2015-08-17 05:58 - 2015-08-17 05:59 - 00000510 _____ C:\AdwCleaner[S1].txt
2015-08-15 21:33 - 2015-08-15 21:33 - 00000000 ____D C:\Program Files\CCleaner
2015-08-15 21:33 - 2015-08-15 21:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2015-08-14 03:13 - 2015-08-14 03:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-12 14:04 - 2015-08-12 14:04 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-12 13:52 - 2015-08-13 00:20 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2015-08-12 13:52 - 2015-08-12 13:52 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-08-09 22:33 - 2015-08-09 22:33 - 00008192 ___SH C:\WINDOWS\Thumbs.db
2015-08-09 22:33 - 2015-08-09 22:33 - 00003072 ___SH C:\Thumbs.db
2015-08-09 21:51 - 2015-08-09 21:51 - 00005914 _____ C:\Documents and Settings\home\Local Settings\Application Data\HWVendorDetection.log
2015-08-09 14:05 - 2015-08-09 14:05 - 00000000 ____D C:\WINDOWS\system32\URTTEMP
2015-08-07 19:59 - 2015-08-09 22:33 - 00003584 _____ C:\Documents and Settings\home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-07 19:57 - 2015-08-07 19:57 - 00000000 ____D C:\Program Files\PhotoScape
2015-08-07 19:57 - 2015-08-07 19:57 - 00000000 ____D C:\Documents and Settings\home\Application Data\PhotoScape
2015-08-07 19:57 - 2015-08-07 19:57 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PhotoScape
2015-08-07 19:30 - 2015-08-07 19:30 - 00000000 ____D C:\Documents and Settings\home\Application Data\AVG2015
2015-08-07 19:29 - 2015-08-07 19:29 - 00000000 ___HD C:\$AVG
2015-08-07 19:29 - 2015-08-07 19:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-08-07 19:29 - 2015-08-07 19:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2015
2015-08-07 19:26 - 2015-08-07 19:26 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\MFAData
2015-08-07 19:26 - 2015-08-07 19:26 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\Avg2015
2015-08-07 19:26 - 2015-08-07 19:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2015-08-07 18:36 - 2015-08-09 22:15 - 00315928 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2015-08-07 18:23 - 2015-08-07 18:23 - 00005285 _____ C:\Documents and Settings\home\My Documents\fido conversation.txt
2015-08-07 18:05 - 2015-08-07 18:05 - 00000677 _____ C:\Documents and Settings\home\My Documents\New Fido.txt
2015-08-07 17:28 - 2015-08-07 17:29 - 01226962 _____ C:\Documents and Settings\home\My Documents\sys info.nfo
2015-08-07 16:16 - 2015-08-07 16:16 - 00000000 ____D C:\Documents and Settings\home\My Documents\Extracted Files
2015-08-07 15:44 - 2015-08-07 15:44 - 00070677 _____ C:\Documents and Settings\home\My Documents\overview windows.mht
2015-08-07 15:42 - 2015-08-07 15:42 - 00070677 _____ C:\Documents and Settings\home\My Documents\windows 7 update.mht
2015-08-07 15:39 - 2015-08-07 15:39 - 00001776 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2015-08-07 15:39 - 2015-08-07 15:39 - 00000000 ____D C:\WINDOWS\Performance
2015-08-07 15:39 - 2015-08-07 15:39 - 00000000 ____D C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2015-08-07 15:39 - 2015-08-07 15:39 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\Microsoft Corporation
2015-08-07 15:33 - 2015-08-07 15:33 - 00000000 ____D C:\Documents and Settings\home\Application Data\Foxit Software
2015-08-07 15:33 - 2015-08-07 15:33 - 00000000 ____D C:\Documents and Settings\All Users\Foxit Software
2015-08-07 15:32 - 2015-08-07 15:32 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Foxit Software
2015-08-07 15:32 - 2015-08-07 15:32 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
2015-08-07 15:30 - 2015-08-07 15:30 - 00000000 ____D C:\Program Files\Foxit Software
2015-08-07 15:06 - 2015-08-07 15:06 - 00000000 ____D C:\Program Files\Common Files\Java
2015-08-07 15:05 - 2015-08-07 15:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Oracle
2015-08-07 12:18 - 2015-08-07 12:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2015-08-06 20:18 - 2015-08-06 20:18 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\AvgSetupLog
2015-08-06 18:13 - 2015-08-06 18:13 - 00023482 _____ C:\Documents and Settings\home\My Documents\duplicate.txt
2015-08-06 17:47 - 2015-08-06 17:47 - 00000696 _____ C:\Documents and Settings\Donna\Start Menu\Programs\Windows Media Player.lnk
2015-08-06 17:47 - 2015-08-06 17:47 - 00000000 __SHD C:\Documents and Settings\Donna\IETldCache
2015-08-06 17:47 - 2008-04-13 16:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpns.dll
2015-08-06 17:46 - 2015-08-06 17:57 - 00000178 ___SH C:\Documents and Settings\Donna\ntuser.ini
2015-08-06 17:46 - 2015-08-06 17:47 - 00000711 _____ C:\Documents and Settings\Donna\Start Menu\Programs\Internet Explorer.lnk
2015-08-06 17:46 - 2015-08-06 17:47 - 00000646 _____ C:\Documents and Settings\Donna\Start Menu\Programs\Outlook Express.lnk
2015-08-06 17:46 - 2015-08-06 17:46 - 00000000 ____D C:\Documents and Settings\Donna
2015-08-06 17:46 - 2014-03-13 09:49 - 00000000 ____D C:\Documents and Settings\Donna\Application Data\TuneUp Software
2015-08-06 17:46 - 2006-06-20 15:00 - 00000000 ____D C:\Documents and Settings\Donna\Local Settings\Application Data\Adobe
2015-08-06 17:46 - 2006-06-20 15:00 - 00000000 ____D C:\Documents and Settings\Donna\Application Data\Adobe
2015-08-06 17:46 - 2006-06-20 14:50 - 00034232 _____ C:\Documents and Settings\Donna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-08-06 17:46 - 2006-06-20 13:50 - 00000000 ____D C:\Documents and Settings\Donna\Local Settings\Application Data\Acer Arcade
2015-08-06 17:46 - 2006-06-20 13:41 - 00000136 _____ C:\Documents and Settings\Donna\Local Settings\Application Data\fusioncache.dat
2015-08-06 17:46 - 2006-06-20 13:41 - 00000000 ____D C:\Documents and Settings\Donna\Local Settings\Application Data\ATI
2015-08-06 17:46 - 2006-06-20 13:41 - 00000000 ____D C:\Documents and Settings\Donna\Application Data\ATI
2015-08-06 17:46 - 2006-06-20 13:26 - 00001507 _____ C:\Documents and Settings\Donna\Start Menu\Programs\Remote Assistance.lnk
2015-08-06 17:46 - 2006-06-20 13:24 - 00000000 ___RD C:\Documents and Settings\Donna\Start Menu\Programs\Accessories
2015-08-06 17:46 - 2006-06-20 13:18 - 00000000 ____D C:\Documents and Settings\Donna\Local Settings\Temp
2015-08-06 15:06 - 2015-08-18 00:25 - 00013312 ___SH C:\Documents and Settings\home\My Documents\Thumbs.db
2015-08-06 15:01 - 2015-08-06 15:01 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\Avg
2015-07-28 11:02 - 2015-07-28 11:02 - 00238000 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys
2015-07-28 11:02 - 2015-07-28 11:02 - 00186800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2015-07-23 16:44 - 2015-07-23 16:44 - 00031664 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsshimx.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-22 00:38 - 2014-01-21 12:33 - 01063374 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-22 00:34 - 2014-01-21 10:42 - 00000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{3B11F248-9E1D-4583-9DDA-3BBA1F0533B1}.job
2015-08-22 00:31 - 2006-06-20 15:15 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-22 00:30 - 2014-01-21 12:34 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-08-22 00:30 - 2006-06-20 15:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-22 00:28 - 2014-01-21 12:34 - 00032624 _____ C:\WINDOWS\SchedLgU.Txt
2015-08-22 00:28 - 2014-01-21 12:34 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-08-22 00:28 - 2008-11-12 18:49 - 00000178 ___SH C:\Documents and Settings\home\ntuser.ini
2015-08-22 00:28 - 2006-06-20 14:07 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2015-08-19 00:07 - 2008-12-04 12:50 - 00002479 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2015-08-15 02:53 - 2014-01-22 09:59 - 00778440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-08-15 02:53 - 2014-01-22 09:59 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-08-09 14:05 - 2006-06-20 13:51 - 00513338 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-07 19:21 - 2009-04-05 16:37 - 00009904 _____ C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-08-07 15:05 - 2014-01-22 09:56 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-08-07 15:05 - 2014-01-22 09:56 - 00096352 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-08-06 18:54 - 2014-01-27 16:13 - 00040480 _____ C:\Documents and Settings\home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-08-06 18:52 - 2006-06-20 14:49 - 00209696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-06 17:47 - 2006-06-20 14:50 - 00045184 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-08-06 17:29 - 2014-01-21 12:38 - 00001945 _____ C:\WINDOWS\epplauncher.mif

==================== Files in the root of some directories =======

2014-01-21 12:34 - 2014-01-21 12:34 - 0000127 _____ () C:\Documents and Settings\home\Local Settings\Application Data\fusioncache.dat
2015-08-07 19:59 - 2015-08-09 22:33 - 0003584 _____ () C:\Documents and Settings\home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-09 21:51 - 2015-08-09 21:51 - 0005914 _____ () C:\Documents and Settings\home\Local Settings\Application Data\HWVendorDetection.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

 

 

Addtitions:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-08-2015 03
Ran by home (2015-08-22 00:38:53)
Running from C:\Documents and Settings\home\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3344879686-2638717043-3166630987-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-3344879686-2638717043-3166630987-1003 - Limited - Enabled)
Guest (S-1-5-21-3344879686-2638717043-3166630987-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-3344879686-2638717043-3166630987-1004 - Limited - Disabled)
home (S-1-5-21-3344879686-2638717043-3166630987-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\home
SUPPORT_388945a0 (S-1-5-21-3344879686-2638717043-3166630987-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Arcade (HKLM\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version:  - )
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.03.2024 - Acer)
Acer ePerformance Management (HKLM\...\{7057702F-6D71-4F30-8000-9E72BC771887}) (Version: 2.00.2007 - Acer)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.00.2016a - )
Acer eSettings Management (HKLM\...\{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}) (Version: 2.03.2017 - Acer)
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.54 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1014 - )
ATI Catalyst Control Center (HKLM\...\{79B05AF4-8894-49A1-9FF4-53F0142D85E1}) (Version: 1.2.2308.14812 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.251-060427a-034514C-Acer - )
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.0.1.0 - Auslogics Labs Pty Ltd)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6125 - AVG Technologies)
AVG 2015 (Version: 15.0.4392 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6125 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Destinations (Version: 70.0.170.000 - Hewlett-Packard) Hidden
DocProc (Version: 7.0.0.0 - Hewlett-Packard) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.6.122.702 - Foxit Software Inc.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
HPPhotoSmartExpress (Version: 70.0.170.000 - Hewlett-Packard) Hidden
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
InstantShareDevicesMFC (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
LightScribe  1.4.74.1 (Version: 1.4.74.1 - http://www.lightscribe.com)Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PanoStandAlone (Version: 70.0.170.000 - Hewlett-Packard) Hidden
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5273 - Realtek Semiconductor Corp.)
ScannerCopy (Version: 7.0.0.0 - Hewlett-Packard) Hidden
SMSC IrCC V5.1.3600.7 (HKLM\...\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}) (Version: r1.02 - )
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2BFA&SUBSYS_1025009F) (Version:  - )
Status (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 8.2.19.0 - Synaptics)
Toolbox (Version: 70.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Unload (Version: 7.0.0 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor  (04/28/2006 1.3.1.0) (HKLM\...\9E140F48C9836B9B78539C08FB2B17146BDB3F65) (Version: 04/28/2006 1.3.1.0 - Advanced Micro Devices)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

31-07-2015 07:39:02 Software Distribution Service 3.0
06-08-2015 14:43:03 Software Distribution Service 3.0
06-08-2015 15:33:52 Installed Content Manager
06-08-2015 16:50:25 Removed AVG 2014
06-08-2015 16:51:19 Removed AVG 2014
06-08-2015 16:51:36 Removed Content Manager
06-08-2015 17:14:01 Removed Adobe Reader 9.1.
06-08-2015 17:19:47 Removed Content Transfer.
06-08-2015 17:25:12 Removed Media Manager for WALKMAN 1.2
06-08-2015 17:29:46 Configured NTI Backup NOW! 4
06-08-2015 17:30:09 Configured NTI CD & DVD-Maker
06-08-2015 17:31:29 Removed QuickTime
06-08-2015 18:35:01 Removed HP Memories Disc
06-08-2015 18:35:16 Removed HP Photosmart Essential
06-08-2015 18:47:20 Removed Microsoft Streets and Trips 2005
06-08-2015 20:35:48 Installed AVG 2015
06-08-2015 20:36:03 Installed AVG 2015
06-08-2015 20:40:40 Installed AVG 2015
06-08-2015 20:40:48 Removed AVG 2015
07-08-2015 12:10:01 Software Distribution Service 3.0
07-08-2015 15:34:11 Printer Driver Foxit Reader PDF Printer Driver Installed
07-08-2015 15:39:12 Installed Windows 7 Upgrade Advisor
07-08-2015 19:16:33 Removed ATI Parental Control & Encoder
07-08-2015 19:16:47 Removed HP Update.
07-08-2015 19:17:30 Removed Apple Software Update
07-08-2015 19:17:55 Removed Microsoft .NET Framework 1.1
07-08-2015 19:23:30 Removed MSXML 4.0 SP2 (KB954430)
07-08-2015 19:28:52 Installed AVG 2015
07-08-2015 19:29:04 Installed AVG 2015
08-08-2015 03:00:16 Software Distribution Service 3.0
09-08-2015 03:00:16 Software Distribution Service 3.0
09-08-2015 14:04:56 Installed Microsoft .NET Framework 1.1
09-08-2015 22:08:21 Installed WIDCOMM Bluetooth Software
09-08-2015 22:10:16 Unsigned driver install
09-08-2015 22:15:27 Removed WIDCOMM Bluetooth Software
09-08-2015 22:20:54 Removed Acer ePresentation Management
10-08-2015 22:47:03 System Checkpoint
12-08-2015 15:43:14 System Checkpoint
13-08-2015 19:10:57 System Checkpoint
14-08-2015 22:31:09 System Checkpoint
16-08-2015 15:11:33 System Checkpoint
17-08-2015 09:17:06 JRT Pre-Junkware Removal
18-08-2015 14:38:45 Restore Point Created by FRST
19-08-2015 19:19:04 System Checkpoint
20-08-2015 20:56:44 System Checkpoint
22-08-2015 00:12:03 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 05:00 - 2004-08-04 05:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{3B11F248-9E1D-4583-9DDA-3BBA1F0533B1}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-09 14:05 - 2015-08-09 14:05 - 03289088 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7511b2f2\mscorlib.dll
2015-08-09 14:05 - 2015-08-09 14:05 - 01929216 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_103bcdb3\system.dll
2006-04-27 12:10 - 2006-04-27 12:10 - 00254050 ____N () C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
2006-04-27 12:10 - 2006-04-27 12:10 - 00192616 ____N () C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll
2004-08-04 05:00 - 2008-04-13 16:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 05:00 - 2008-04-13 16:12 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2006-04-27 12:10 - 2006-04-27 12:10 - 00028672 ____N () C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll
2005-01-21 19:37 - 2005-01-21 19:37 - 00143360 ____N () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2006-04-27 12:10 - 2006-04-27 12:10 - 00114784 ____N () C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
2006-04-27 12:10 - 2006-04-27 12:10 - 00061538 ____N () C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll
2008-11-12 18:52 - 2005-10-11 13:18 - 00028672 _____ () C:\Acer\Empowering Technology\ePower\SysHook.dll
2005-10-19 10:17 - 2005-10-19 10:17 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll
2008-11-12 18:52 - 2006-05-30 12:11 - 00421888 _____ () C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
2015-08-09 14:05 - 2015-08-09 14:05 - 02994176 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_4d92b817\system.windows.forms.dll
2015-08-09 14:05 - 2015-08-09 14:05 - 00835584 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_0469f7da\system.drawing.dll
2008-11-12 18:52 - 2005-10-20 17:20 - 00208896 _____ () C:\Acer\Empowering Technology\ePower\DialogDLL.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3344879686-2638717043-3166630987-1005\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\home\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.254 - 75.153.176.9
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer Empowering Technology.lnk => C:\WINDOWS\pss\Acer Empowering Technology.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk => C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupreg: Acer ePresentation HPD => C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
MSCONFIG\startupreg: ATICCC => "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
MSCONFIG\startupreg: AzMixerSel => C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
MSCONFIG\startupreg: Boot => C:\Acer\Empowering Technology\ePower\Boot.exe
MSCONFIG\startupreg: ContentTransferWMDetector.exe => C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: ntiMUI => C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Acer\Acer Arcade\PCMService.exe] => Enabled:CyberLink PowerCinema Resident Program
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\MSMSGS.EXE] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [D:\setup\HPZNET01.EXE] => Enabled:hpznet01.exe
StandardProfile\AuthorizedApplications: [D:\setup\HPONICIFS01.EXE] => Enabled:hponicifs01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\HPQTRA08.EXE] => Enabled:hpqtra08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpqste08.exe] => Enabled:hpqste08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpofxm08.exe] => Enabled:hpofxm08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hposfx08.exe] => Enabled:hposfx08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hposid01.exe] => Enabled:hposid01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpqscnvw.exe] => Enabled:hpqscnvw.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpqkygrp.exe] => Enabled:hpqkygrp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpqCopy.exe] => Enabled:hpqcopy.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpfccopy.exe] => Enabled:hpfccopy.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpzwiz01.exe] => Enabled:hpzwiz01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe] => Enabled:hpqphunl.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqDIA.exe] => Enabled:hpqdia.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpoews01.exe] => Enabled:hpoews01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Hewlett-Packard\Digital Imaging\BIN\hpqnrs08.exe] => Enabled:hpqnrs08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgdiagex.exe] => Enabled:AVG Diagnostics 2015
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgemcx.exe] => Enabled:Personal Email Scanner
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\DAP\DAP.exe] => Enabled:Download Accelerator Plus (DAP)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002

==================== Faulty Device Manager Devices =============

Name: Realtek RTL8139/810x Family Fast Ethernet NIC
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8023xp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/22/2015 12:30:24 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (08/21/2015 12:28:19 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (08/20/2015 01:38:49 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (08/20/2015 01:20:29 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (08/20/2015 08:18:28 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (08/20/2015 06:37:27 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (08/19/2015 09:08:59 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (08/19/2015 03:49:55 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (08/19/2015 03:17:41 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (08/19/2015 05:10:05 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.


System errors:
=============
Error: (08/20/2015 08:19:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (08/20/2015 08:19:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (08/20/2015 08:19:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (08/20/2015 08:19:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (08/20/2015 06:38:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (08/20/2015 06:38:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (08/19/2015 09:10:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (08/19/2015 09:10:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (08/19/2015 03:51:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (08/19/2015 03:51:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.


Microsoft Office:
=========================
Error: (08/22/2015 12:30:24 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (08/21/2015 12:28:19 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (08/20/2015 01:38:49 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (08/20/2015 01:20:29 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (08/20/2015 08:18:28 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (08/20/2015 06:37:27 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (08/19/2015 09:08:59 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (08/19/2015 03:49:55 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (08/19/2015 03:17:41 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (08/19/2015 05:10:05 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:


==================== Memory info ===========================

Processor: AMD Turion™ 64 Mobile Technology MK-38
Percentage of memory in use: 25%
Total physical RAM: 1790.1 MB
Available physical RAM: 1339.27 MB
Total Virtual: 3427.15 MB
Available Virtual: 2974.61 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:93.13 GB) (Free:75.67 GB) FAT32 ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 93.2 GB) (Disk ID: 5EA4F703)
Partition 1: (Active) - (Size=93.2 GB) - (Type=0C)

==================== End of log ============================


  • 0

#24
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hello,

Run this and let me know if we still have the pop up you referred to, I'm not seeing much here.

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
 
start
CloseProcesses:
CreateRestorePoint:
S3 eapihdrv; \??\C:\DOCUME~1\home\LOCALS~1\Temp\ehdrv.sys [X]
S0 qieyd; System32\drivers\jvuygmhy.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  • 0

#25
dolface755

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts

New Log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2015 03
Ran by home (administrator) on ACER-D928810BF0 (22-08-2015 00:38:00)
Running from C:\Documents and Settings\home\Desktop
Loaded Profiles: home (Available Profiles: home & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe
(Acer Inc.) C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
() C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
(Cyberlink) C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
(Cyberlink) C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(HP) C:\WINDOWS\System32\HPZipm12.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
() C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
(ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe
() C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\WINDOWS\System32\Wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\System32\wscntfy.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ePower_DMC] => C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [421888 2006-05-30] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3780520 2015-07-31] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2006-04-27] (ATI Technologies Inc.)
HKU\S-1-5-21-3344879686-2638717043-3166630987-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-17] (Piriform Ltd)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restartsdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3344879686-2638717043-3166630987-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://ca.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://ca.yahoo.com
HKU\S-1-5-21-3344879686-2638717043-3166630987-1005\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
HKU\S-1-5-21-3344879686-2638717043-3166630987-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-08-07] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-07] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.9
Tcpip\..\Interfaces\{F9660150-E81B-42D0-850D-AF7A2B5B319A}: [DhcpNameServer] 192.168.1.254 75.153.176.9

FireFox:
========
FF ProfilePath: C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\xw8srnc8.default
FF DefaultSearchEngine: Yahoo
FF Homepage: hxxps://ca.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-15] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-07] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Extension: Facebook Ads Block - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\xw8srnc8.default\Extensions\[email protected] [2015-08-20]
FF Extension: Adblock Plus - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\xw8srnc8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-08-20]
FF Extension: Adblock Plus Pop-up Addon - C:\Documents and Settings\home\Application Data\Mozilla\Firefox\Profiles\xw8srnc8.default\Extensions\[email protected] [2015-08-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-11-22]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcerMemUsageCheckService; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672 2006-03-29] (Acer Inc.) [File not signed]
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3633576 2015-07-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [335656 2015-07-31] (AVG Technologies CZ, s.r.o.)
R2 CLCapSvc; C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [254050 2006-04-27] () [File not signed]
R2 CLSched; C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [114784 2006-04-27] () [File not signed]
R2 CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [61440 2006-04-27] (Cyberlink) [File not signed]
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242880 2015-07-02] (Foxit Software Inc.)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2006-02-17] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [73728 2007-08-09] (HP) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [143360 2005-01-21] () [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-04] (Microsoft Corporation)
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [43672 2009-04-11] (Oak Technology Inc.)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-05-10] (Advanced Micro Devices)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [238000 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [190944 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-07-23] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [207328 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [186800 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [213984 2015-05-12] (AVG Technologies CZ, s.r.o.)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [424320 2005-11-02] (Broadcom Corporation)
R3 EMSCR; C:\WINDOWS\System32\DRIVERS\EMS7SK.sys [61056 2006-05-24] (ENE Technology Inc.)
R3 ESDCR; C:\WINDOWS\System32\DRIVERS\ESD7SK.sys [40064 2006-05-24] (ENE Technology Inc.)
R3 ESMCR; C:\WINDOWS\System32\DRIVERS\ESM7SK.sys [74752 2006-05-24] (ENE Technology Inc.)
R3 HidUsb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [9600 2004-08-04] (Microsoft Corporation) [File not signed]
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [208384 2006-06-12] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [990592 2006-06-12] (Conexant Systems, Inc.)
R2 int15; C:\WINDOWS\system32\drivers\int15.sys [69632 2006-06-02] () [File not signed]
S3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 NTIDrvr; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [6144 2006-06-20] (NewTech Infosystems, Inc.) [File not signed]
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [46592 2004-12-09] (SMSC)
R2 tvicport; C:\WINDOWS\system32\drivers\tvicport.sys [14544 2006-06-02] (EnTech Taiwan) [File not signed]
R2 zntport; C:\WINDOWS\system32\drivers\zntport.sys [6080 2006-06-02] (Zeal SoftStudio) [File not signed]
S3 eapihdrv; \??\C:\DOCUME~1\home\LOCALS~1\Temp\ehdrv.sys [X]
S0 qieyd; System32\drivers\jvuygmhy.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-22 00:38 - 2015-08-22 00:38 - 00011720 _____ C:\Documents and Settings\home\Desktop\FRST.txt
2015-08-22 00:37 - 2015-08-22 00:37 - 00000000 ____D C:\FRST
2015-08-22 00:35 - 2015-08-22 00:36 - 01677824 _____ (Farbar) C:\Documents and Settings\home\Desktop\FRST.exe
2015-08-20 13:18 - 2015-08-20 13:18 - 00000079 _____ C:\WINDOWS\wininit.ini
2015-08-20 08:15 - 2015-08-20 08:15 - 00158778 _____ C:\Documents and Settings\home\My Documents\Auslogics Disk Defrag Report.htm
2015-08-19 18:24 - 2015-08-19 18:24 - 00000000 ____D C:\Program Files\ESET
2015-08-19 07:09 - 2015-08-19 07:09 - 00000282 _____ C:\Shortcut to Downloads.lnk
2015-08-19 00:15 - 2015-08-19 00:15 - 00000000 ____D C:\Favorites backup
2015-08-19 00:08 - 2015-08-19 00:08 - 00000000 ____D C:\Documents and Settings\home\My Documents\Recipes
2015-08-18 23:02 - 2015-08-18 23:03 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-18 23:00 - 2015-08-18 23:00 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-18 23:00 - 2015-08-18 23:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-18 23:00 - 2015-06-18 08:41 - 00121560 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-18 23:00 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-18 22:59 - 2015-08-18 22:59 - 00000000 ____D C:\Documents and Settings\home\Application Data\SpeedBit
2015-08-18 22:59 - 2015-08-18 22:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2015-08-18 22:59 - 2015-08-18 22:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SpeedBit
2015-08-18 15:35 - 2015-08-18 15:35 - 00000000 ____D C:\Repair Info
2015-08-18 00:21 - 2015-08-18 00:21 - 00000000 ____D C:\UDownload
2015-08-18 00:20 - 2015-08-18 00:20 - 00000000 ____D C:\Documents and Settings\home\Application Data\uTorrent
2015-08-17 08:36 - 2015-08-17 08:36 - 00001726 _____ C:\AdwCleaner[C1].txt
2015-08-17 06:47 - 2015-08-17 06:49 - 00001518 _____ C:\AdwCleaner[S2].txt
2015-08-17 05:58 - 2015-08-17 05:59 - 00000510 _____ C:\AdwCleaner[S1].txt
2015-08-15 21:33 - 2015-08-15 21:33 - 00000000 ____D C:\Program Files\CCleaner
2015-08-15 21:33 - 2015-08-15 21:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2015-08-14 03:13 - 2015-08-14 03:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-12 14:04 - 2015-08-12 14:04 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-12 13:52 - 2015-08-13 00:20 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2015-08-12 13:52 - 2015-08-12 13:52 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-08-09 22:33 - 2015-08-09 22:33 - 00008192 ___SH C:\WINDOWS\Thumbs.db
2015-08-09 22:33 - 2015-08-09 22:33 - 00003072 ___SH C:\Thumbs.db
2015-08-09 21:51 - 2015-08-09 21:51 - 00005914 _____ C:\Documents and Settings\home\Local Settings\Application Data\HWVendorDetection.log
2015-08-09 14:05 - 2015-08-09 14:05 - 00000000 ____D C:\WINDOWS\system32\URTTEMP
2015-08-07 19:59 - 2015-08-09 22:33 - 00003584 _____ C:\Documents and Settings\home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-07 19:57 - 2015-08-07 19:57 - 00000000 ____D C:\Program Files\PhotoScape
2015-08-07 19:57 - 2015-08-07 19:57 - 00000000 ____D C:\Documents and Settings\home\Application Data\PhotoScape
2015-08-07 19:57 - 2015-08-07 19:57 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PhotoScape
2015-08-07 19:30 - 2015-08-07 19:30 - 00000000 ____D C:\Documents and Settings\home\Application Data\AVG2015
2015-08-07 19:29 - 2015-08-07 19:29 - 00000000 ___HD C:\$AVG
2015-08-07 19:29 - 2015-08-07 19:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-08-07 19:29 - 2015-08-07 19:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2015
2015-08-07 19:26 - 2015-08-07 19:26 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\MFAData
2015-08-07 19:26 - 2015-08-07 19:26 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\Avg2015
2015-08-07 19:26 - 2015-08-07 19:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2015-08-07 18:36 - 2015-08-09 22:15 - 00315928 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2015-08-07 18:23 - 2015-08-07 18:23 - 00005285 _____ C:\Documents and Settings\home\My Documents\fido conversation.txt
2015-08-07 18:05 - 2015-08-07 18:05 - 00000677 _____ C:\Documents and Settings\home\My Documents\New Fido.txt
2015-08-07 17:28 - 2015-08-07 17:29 - 01226962 _____ C:\Documents and Settings\home\My Documents\sys info.nfo
2015-08-07 16:16 - 2015-08-07 16:16 - 00000000 ____D C:\Documents and Settings\home\My Documents\Extracted Files
2015-08-07 15:44 - 2015-08-07 15:44 - 00070677 _____ C:\Documents and Settings\home\My Documents\overview windows.mht
2015-08-07 15:42 - 2015-08-07 15:42 - 00070677 _____ C:\Documents and Settings\home\My Documents\windows 7 update.mht
2015-08-07 15:39 - 2015-08-07 15:39 - 00001776 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2015-08-07 15:39 - 2015-08-07 15:39 - 00000000 ____D C:\WINDOWS\Performance
2015-08-07 15:39 - 2015-08-07 15:39 - 00000000 ____D C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2015-08-07 15:39 - 2015-08-07 15:39 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\Microsoft Corporation
2015-08-07 15:33 - 2015-08-07 15:33 - 00000000 ____D C:\Documents and Settings\home\Application Data\Foxit Software
2015-08-07 15:33 - 2015-08-07 15:33 - 00000000 ____D C:\Documents and Settings\All Users\Foxit Software
2015-08-07 15:32 - 2015-08-07 15:32 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Foxit Software
2015-08-07 15:32 - 2015-08-07 15:32 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
2015-08-07 15:30 - 2015-08-07 15:30 - 00000000 ____D C:\Program Files\Foxit Software
2015-08-07 15:06 - 2015-08-07 15:06 - 00000000 ____D C:\Program Files\Common Files\Java
2015-08-07 15:05 - 2015-08-07 15:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Oracle
2015-08-07 12:18 - 2015-08-07 12:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
2015-08-06 20:18 - 2015-08-06 20:18 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\AvgSetupLog
2015-08-06 18:13 - 2015-08-06 18:13 - 00023482 _____ C:\Documents and Settings\home\My Documents\duplicate.txt
2015-08-06 17:47 - 2015-08-06 17:47 - 00000696 _____ C:\Documents and Settings\Donna\Start Menu\Programs\Windows Media Player.lnk
2015-08-06 17:47 - 2015-08-06 17:47 - 00000000 __SHD C:\Documents and Settings\Donna\IETldCache
2015-08-06 17:47 - 2008-04-13 16:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpns.dll
2015-08-06 17:46 - 2015-08-06 17:57 - 00000178 ___SH C:\Documents and Settings\Donna\ntuser.ini
2015-08-06 17:46 - 2015-08-06 17:47 - 00000711 _____ C:\Documents and Settings\Donna\Start Menu\Programs\Internet Explorer.lnk
2015-08-06 17:46 - 2015-08-06 17:47 - 00000646 _____ C:\Documents and Settings\Donna\Start Menu\Programs\Outlook Express.lnk
2015-08-06 17:46 - 2015-08-06 17:46 - 00000000 ____D C:\Documents and Settings\Donna
2015-08-06 17:46 - 2014-03-13 09:49 - 00000000 ____D C:\Documents and Settings\Donna\Application Data\TuneUp Software
2015-08-06 17:46 - 2006-06-20 15:00 - 00000000 ____D C:\Documents and Settings\Donna\Local Settings\Application Data\Adobe
2015-08-06 17:46 - 2006-06-20 15:00 - 00000000 ____D C:\Documents and Settings\Donna\Application Data\Adobe
2015-08-06 17:46 - 2006-06-20 14:50 - 00034232 _____ C:\Documents and Settings\Donna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-08-06 17:46 - 2006-06-20 13:50 - 00000000 ____D C:\Documents and Settings\Donna\Local Settings\Application Data\Acer Arcade
2015-08-06 17:46 - 2006-06-20 13:41 - 00000136 _____ C:\Documents and Settings\Donna\Local Settings\Application Data\fusioncache.dat
2015-08-06 17:46 - 2006-06-20 13:41 - 00000000 ____D C:\Documents and Settings\Donna\Local Settings\Application Data\ATI
2015-08-06 17:46 - 2006-06-20 13:41 - 00000000 ____D C:\Documents and Settings\Donna\Application Data\ATI
2015-08-06 17:46 - 2006-06-20 13:26 - 00001507 _____ C:\Documents and Settings\Donna\Start Menu\Programs\Remote Assistance.lnk
2015-08-06 17:46 - 2006-06-20 13:24 - 00000000 ___RD C:\Documents and Settings\Donna\Start Menu\Programs\Accessories
2015-08-06 17:46 - 2006-06-20 13:18 - 00000000 ____D C:\Documents and Settings\Donna\Local Settings\Temp
2015-08-06 15:06 - 2015-08-18 00:25 - 00013312 ___SH C:\Documents and Settings\home\My Documents\Thumbs.db
2015-08-06 15:01 - 2015-08-06 15:01 - 00000000 ____D C:\Documents and Settings\home\Local Settings\Application Data\Avg
2015-07-28 11:02 - 2015-07-28 11:02 - 00238000 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdriverlx.sys
2015-07-28 11:02 - 2015-07-28 11:02 - 00186800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2015-07-23 16:44 - 2015-07-23 16:44 - 00031664 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsshimx.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-22 00:38 - 2014-01-21 12:33 - 01063374 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-22 00:34 - 2014-01-21 10:42 - 00000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{3B11F248-9E1D-4583-9DDA-3BBA1F0533B1}.job
2015-08-22 00:31 - 2006-06-20 15:15 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-22 00:30 - 2014-01-21 12:34 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-08-22 00:30 - 2006-06-20 15:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-22 00:28 - 2014-01-21 12:34 - 00032624 _____ C:\WINDOWS\SchedLgU.Txt
2015-08-22 00:28 - 2014-01-21 12:34 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-08-22 00:28 - 2008-11-12 18:49 - 00000178 ___SH C:\Documents and Settings\home\ntuser.ini
2015-08-22 00:28 - 2006-06-20 14:07 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2015-08-19 00:07 - 2008-12-04 12:50 - 00002479 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2015-08-15 02:53 - 2014-01-22 09:59 - 00778440 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-08-15 02:53 - 2014-01-22 09:59 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-08-09 14:05 - 2006-06-20 13:51 - 00513338 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-07 19:21 - 2009-04-05 16:37 - 00009904 _____ C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-08-07 15:05 - 2014-01-22 09:56 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2015-08-07 15:05 - 2014-01-22 09:56 - 00096352 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2015-08-06 18:54 - 2014-01-27 16:13 - 00040480 _____ C:\Documents and Settings\home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-08-06 18:52 - 2006-06-20 14:49 - 00209696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-06 17:47 - 2006-06-20 14:50 - 00045184 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-08-06 17:29 - 2014-01-21 12:38 - 00001945 _____ C:\WINDOWS\epplauncher.mif

==================== Files in the root of some directories =======

2014-01-21 12:34 - 2014-01-21 12:34 - 0000127 _____ () C:\Documents and Settings\home\Local Settings\Application Data\fusioncache.dat
2015-08-07 19:59 - 2015-08-09 22:33 - 0003584 _____ () C:\Documents and Settings\home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-09 21:51 - 2015-08-09 21:51 - 0005914 _____ () C:\Documents and Settings\home\Local Settings\Application Data\HWVendorDetection.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================


  • 0

Advertisements


#26
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Wrong log,

I want the Fixlog.txt. Copy- Save- Run fix, like we did before. See post #24 again..

Thanks
Joe :)
  • 0

#27
dolface755

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts

I apologize....I'm not used to having this many things on my desktop...or anything for that matter...llol

 Here's the Fixlog

 

Fix result of Farbar Recovery Scan Tool (x86) Version:21-08-2015 03
Ran by home (2015-08-22 19:26:57) Run:1
Running from C:\Documents and Settings\home\Desktop
Loaded Profiles: home (Available Profiles: home & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
S3 eapihdrv; \??\C:\DOCUME~1\home\LOCALS~1\Temp\ehdrv.sys [X]
S0 qieyd; System32\drivers\jvuygmhy.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
eapihdrv => service removed successfully.
qieyd => service removed successfully.
ScsiPort => service removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.

=========  bitsadmin /reset /allusers =========

'bitsadmin' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========


=========  ipconfig /flushdns =========



Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========

EmptyTemp: => 23.6 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 19:27:16 ====


  • 0

#28
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hello,

One more scan with Combofix,

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

Please post the Log from Combofix
  • 0

#29
dolface755

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts

I will do the ComboFix scan tonight when the kitties are a little less rambucous makes it ieasier to work on puter without then two of them thinking i'm a laptoy

One question I did have for you if you don't mind. When we're done all the scans, would it be possible for you to help me fix the page file sys on this machine. It's been a while and my brain can't seem to find the right calculations to do it. Or would I have to go to another section of the forum for help with that?


  • 0

#30
dolface755

dolface755

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts

Sorry one problem with the ComboFix. It said that I didn't have Windows Restore on my system and wanted to download something.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP