Jump to content

Malicious Website Blocked - am I protected?

kitkat7332

By kitkat7332
in Resolved Malware Removal Logs

 Share

Recommended Posts

kitkat7332

kitkat7332

Posted
Posted

We got some kind of scary malware on our home computer.  I just need to keep my computer working for another month when I'm going to get a new one.  I downloaded the trail version and it's going to expire in two days.  I am getting "malicious website blocked" repeatedly whenever the Google Chrome window is open, and the computer is lagging very badly.  I am concerned I won't be able to use the internet once my trial version expires, and more importantly, I'm concerned I'm not protected presently.

 

Here are my Farbar logs:

***********************************

***********************************

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-12-2015
Ran by william fern (administrator) on DH4XDHB1 (05-12-2015 15:59:53)
Running from F:\File Storage\Downloads
Loaded Profiles: william fern (Available Profiles: william fern & LogMeInRemoteUser & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: https://protect-us.mimecast.com/s/kJMMBouL1Q9tD
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Starfield Technologies, Inc.) C:\Program Files\Starfield\offSyncService.exe
() C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
() C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Sonic Solutions) C:\WINDOWS\system32\DLA\DLACTRLW.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
(BVRP Software) C:\Program Files\Digital Line Detect\DLG.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
(SAMSUNG Electornics Co., Ltd.) C:\Documents and Settings\william fern\Application Data\VERIZON\UA_ar\UA.exe
(Microsoft Corporation) C:\WINDOWS\system32\WISPTIS.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [soundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [122940 2005-09-08] (Sonic Solutions)
HKLM\...\Run: [iSUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [MSKDetectorExe] => C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [1117184 2005-07-12] (McAfee, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2008-08-11] (LogMeIn, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [3826600 2015-10-30] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll [2014-01-22] (LogMeIn, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-101615180-2126340230-2843861955-1006\...\Run: [My Duplicate File Finder Reminder] => C:\Program Files\ConsumerSoft\My Duplicate File Finder\MDFFReminder.exe [1064360 2012-07-23] (ConsumerSoft)
HKU\S-1-5-21-101615180-2126340230-2843861955-1006\...\Run: [HLBackupScheduler] => "C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe"
HKU\S-1-5-21-101615180-2126340230-2843861955-1006\...\MountPoints2: {1041d9f7-f9bd-11e4-98e6-00137224984f} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-101615180-2126340230-2843861955-1006\...\MountPoints2: {2a7b5d6a-0b0e-11e5-98e7-00137224984f} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-101615180-2126340230-2843861955-1006\...\MountPoints2: {454e0113-f848-11e4-98e5-00137224984f} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-101615180-2126340230-2843861955-1006\...\MountPoints2: {6afea93b-df38-11e1-9856-00137224984f} - G:\MotoCastSetup.exe -a
HKU\S-1-5-21-101615180-2126340230-2843861955-1006\...\MountPoints2: {6afea945-df38-11e1-9856-00137224984f} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-101615180-2126340230-2843861955-1006\...\MountPoints2: {bc6c9e98-a0df-11e4-98da-00137224984f} - E:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-101615180-2126340230-2843861955-1006\...\MountPoints2: {d36358b9-3377-11e3-98ac-00137224984f} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-101615180-2126340230-2843861955-1006\...\MountPoints2: {d792af73-30d2-11e4-98d2-00137224984f} - H:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-101615180-2126340230-2843861955-1006\...\MountPoints2: {e1f94c84-edfc-11e3-98ce-00137224984f} - E:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-101615180-2126340230-2843861955-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2008-04-13] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-11-04] (Google)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk [2006-07-27]
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk [2006-07-27]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-07-31]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk [2012-10-31]
ShortcutTarget: HP Image Zone Fast Start.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2011-04-05]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\william fern\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2015-11-08]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Documents and Settings\william fern\Application Data\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\Av\avgrsx.exe /sync /restart
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{B23DB6C5-6D4E-4F2B-BCF4-6CD546199F80}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
HKU\S-1-5-21-101615180-2126340230-2843861955-1006\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08] (Sonic Solutions)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-18] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15] ()
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll [2011-08-11] (Google Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-18] (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15] ()
Toolbar: HKU\S-1-5-21-101615180-2126340230-2843861955-1006 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15] ()
Toolbar: HKU\S-1-5-21-101615180-2126340230-2843861955-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} hxxp://www.alternatiff.com/distribution/alternatiff-ax-w32-2.0.1.cab
DPF: {4A0106B5-AC06-4385-8005-2BD46BA7AA1D} hxxp://vu.realbiz360.com/js/ImageUploader5.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} hxxp://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {81CAFF02-900E-43A1-A10D-2CC8092403C5} hxxp://vu.realbiz360.com/js/WebLaunch.cab
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} file://C:\WINDOWS\msxml4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {B23146AD-BB71-41CB-8C4F-CFB2A29C5591} hxxp://vu.realbiz360.com/js/RBAssetManager.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_03-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://buffiniandcompany.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc.cab
DPF: {F375116A-793C-11D2-BFE1-444553540001} hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-101615180-2126340230-2843861955-1006: @starfield.com/off -> C:\Documents and Settings\william fern\Application Data\Mozilla\Plugins\npoff.dll [2011-04-18] ( Starfield Technologies, Inc.)
FF Plugin HKU\S-1-5-21-101615180-2126340230-2843861955-1006: @starfield.com/wbe -> C:\Documents and Settings\william fern\Application Data\Mozilla\Plugins\npwbe.dll [2011-04-18] (Starfield Technology, Inc.)
FF Plugin HKU\S-1-5-21-101615180-2126340230-2843861955-1006: @unity3d.com/UnityPlayer,version=1.0 -> C:\Documents and Settings\william fern\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-23] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\william fern\Application Data\mozilla\plugins\npoff.dll [2011-04-18] ( Starfield Technologies, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\william fern\Application Data\mozilla\plugins\npwbe.dll [2011-04-18] (Starfield Technology, Inc.)
FF Extension: WBE Paste - C:\Documents and Settings\william fern\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2011-04-18] [not signed]
FF Extension: Starfield Zoom - C:\Documents and Settings\william fern\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield [2011-04-18] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-08-14] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Documents and Settings\william fern\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\william fern\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (Google Docs) - C:\Documents and Settings\william fern\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Documents and Settings\william fern\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Documents and Settings\william fern\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Documents and Settings\william fern\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Documents and Settings\william fern\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\william fern\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-24]
CHR Extension: (Facebook Event Invite/Select All Friends 2016) - C:\Documents and Settings\william fern\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jjgfeibcphdoepjnmplpgbnpkngnmdmn [2015-11-26]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\william fern\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Gmail) - C:\Documents and Settings\william fern\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [595376 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [3815648 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [862632 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [579776 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 File Backup; C:\Program Files\Starfield\offSyncService.exe [1215216 2011-02-02] (Starfield Technologies, Inc.)
R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
R2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not signed]
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-12] (DEVGURU Co., LTD.)
S3 getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [156080 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [243632 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [231344 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [31664 2015-08-14] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [229296 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [308656 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [192944 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [36784 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [231856 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-09-08] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5628 2005-08-25] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86524 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-09-08] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-08-25] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-09-08] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-09-08] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2004-10-05] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-10-05] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-10-05] (HP)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2015-12-05] (Malwarebytes)
S3 MR97310_VGA_DUAL_CAMERA; C:\WINDOWS\System32\DRIVERS\mr97310v.sys [114105 2004-03-17] (Mars Semiconductor Corp.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [20576 2005-01-26] (Sonic Solutions) [File not signed]
S3 slabbus; C:\WINDOWS\System32\DRIVERS\slabbus.sys [55312 2005-05-13] (MCCI)
S3 slabser; C:\WINDOWS\System32\DRIVERS\slabser.sys [89808 2005-05-13] (MCCI)
S3 USBAAPL; C:\WINDOWS\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S3 bvrp_pci; no ImagePath
S4 LMIRfsClientNP; no ImagePath
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-05 15:58 - 2015-12-05 15:59 - 00000000 ____D C:\FRST
2015-11-29 12:26 - 2015-12-05 14:13 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-29 12:25 - 2015-11-29 12:25 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-29 12:25 - 2015-11-29 12:25 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-11-29 12:25 - 2015-11-29 12:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-11-29 12:25 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-29 12:25 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-27 19:50 - 2015-11-27 19:50 - 00000000 ____D C:\Documents and Settings\william fern\Application Data\AVG
2015-11-27 19:48 - 2015-11-27 19:48 - 00000000 ____D C:\Documents and Settings\william fern\Application Data\TuneUp Software
2015-11-27 19:48 - 2015-11-27 19:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-11-27 19:45 - 2015-11-27 19:45 - 00000000 ___HD C:\$AVG
2015-11-27 19:42 - 2015-12-05 15:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2015-11-27 19:42 - 2015-11-27 19:42 - 00000000 ____D C:\Documents and Settings\william fern\Local Settings\Application Data\MFAData
2015-11-27 19:41 - 2015-11-27 19:41 - 00000689 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk
2015-11-27 19:41 - 2015-11-27 19:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG Zen
2015-11-27 19:36 - 2015-11-27 19:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
2015-11-27 19:36 - 2015-11-27 19:44 - 00000000 ____D C:\Program Files\AVG
2015-11-27 19:35 - 2015-11-27 19:50 - 00000000 ____D C:\Documents and Settings\william fern\Local Settings\Application Data\Avg
2015-11-27 19:35 - 2015-11-27 19:40 - 00000000 ____D C:\Documents and Settings\william fern\Local Settings\Application Data\AvgSetupLog
2015-11-08 12:43 - 2015-11-08 12:43 - 00001542 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2015-11-08 12:43 - 2015-11-08 12:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2015-11-08 12:41 - 2015-11-08 12:41 - 00000000 ____D C:\Program Files\iPod
2015-11-08 12:39 - 2015-11-08 12:42 - 00000000 ____D C:\Program Files\iTunes
2015-11-08 12:39 - 2015-11-08 12:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-11-08 12:26 - 2015-12-03 07:51 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-11-08 12:26 - 2015-11-08 16:15 - 00002265 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-05 16:01 - 2006-08-01 13:20 - 00000000 ____D C:\Documents and Settings\william fern\Local Settings\Temp
2015-12-05 15:59 - 2006-07-27 18:00 - 00000000 ____D C:\WINDOWS
2015-12-05 15:42 - 2013-10-12 12:22 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-05 15:39 - 2014-08-30 23:50 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-05 14:54 - 2007-09-12 07:14 - 00000000 ____D C:\temp
2015-12-05 12:39 - 2014-08-30 23:50 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-05 06:27 - 2007-03-23 12:40 - 00000436 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{441F5492-BA78-4EA9-96F4-07725214E8DC}.job
2015-12-04 19:41 - 2014-03-11 18:41 - 00000476 _____ C:\WINDOWS\Tasks\Motorola Device Manager Engine.job
2015-12-04 15:42 - 2004-08-11 16:20 - 00032538 _____ C:\WINDOWS\SchedLgU.Txt
2015-12-03 20:37 - 2014-08-30 23:51 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-12-03 07:01 - 2011-04-05 13:17 - 00002521 _____ C:\Documents and Settings\william fern\Desktop\Outlook 2007.lnk
2015-12-02 20:40 - 2011-04-08 12:54 - 00002515 _____ C:\Documents and Settings\william fern\Desktop\Microsoft Office Word 2007.lnk
2015-12-02 20:03 - 2004-08-11 16:11 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-12-02 19:48 - 2011-11-30 13:34 - 00000000 ____D C:\Documents and Settings\william fern\Application Data\HpUpdate
2015-12-01 19:41 - 2014-03-11 18:41 - 00000492 _____ C:\WINDOWS\Tasks\Motorola Device Manager Update.job
2015-11-30 20:50 - 2015-05-13 17:46 - 00000000 ____D C:\Documents and Settings\william fern\Start Menu\Programs\Verizon
2015-11-30 20:50 - 2015-05-13 16:08 - 00000000 ____D C:\Documents and Settings\william fern\Application Data\VERIZON
2015-11-29 14:51 - 2006-08-01 13:20 - 00000000 ____D C:\Documents and Settings\william fern\Local Settings\Application Data\ApplicationHistory
2015-11-29 14:47 - 2014-03-15 08:17 - 00000236 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-11-29 14:47 - 2011-04-06 21:03 - 00000260 _____ C:\WINDOWS\Tasks\WGASetup.job
2015-11-29 14:47 - 2006-07-27 18:04 - 00003880 _____ C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2015-11-29 14:47 - 2004-08-11 16:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-11-29 14:45 - 2011-08-03 10:33 - 00000000 ____D C:\Program Files\Apple Software Update
2015-11-29 14:45 - 2004-08-11 16:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-29 14:44 - 2011-04-07 12:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB950762$
2015-11-29 14:43 - 2006-08-01 13:20 - 00000278 ___SH C:\Documents and Settings\william fern\ntuser.ini
2015-11-29 14:43 - 2006-08-01 13:20 - 00000000 ____D C:\Documents and Settings\william fern
2015-11-29 14:42 - 2013-04-01 08:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\APN
2015-11-27 21:02 - 2011-04-18 13:40 - 00000000 ____D C:\Program Files\Starfield
2015-11-27 19:48 - 2004-08-11 16:02 - 00000000 ___HD C:\WINDOWS\inf
2015-11-27 19:09 - 2006-12-18 07:20 - 00000000 ____D C:\WINDOWS\network diagnostic
2015-11-25 12:36 - 2015-02-01 13:54 - 00001767 _____ C:\Documents and Settings\All Users\Desktop\Google Slides.lnk
2015-11-25 12:36 - 2015-02-01 13:54 - 00001765 _____ C:\Documents and Settings\All Users\Desktop\Google Sheets.lnk
2015-11-25 12:36 - 2015-02-01 13:54 - 00001755 _____ C:\Documents and Settings\All Users\Desktop\Google Docs.lnk
2015-11-25 12:36 - 2015-02-01 13:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
2015-11-15 21:25 - 2011-04-08 12:54 - 00002473 _____ C:\Documents and Settings\william fern\Desktop\Microsoft Office Excel 2007.lnk
2015-11-11 03:32 - 2011-04-05 12:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-11-11 03:31 - 2013-08-15 02:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-11 03:12 - 2006-11-21 12:03 - 143250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 14:42 - 2012-04-11 11:53 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-11-10 14:42 - 2011-05-16 10:56 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-11-08 15:00 - 2014-03-15 08:17 - 00000230 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-11-08 12:41 - 2011-08-03 10:33 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-11-08 12:38 - 2014-08-31 01:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2015-11-08 12:04 - 2004-08-11 16:07 - 00558114 _____ C:\WINDOWS\system32\PerfStringBackup.INI
 
==================== Files in the root of some directories =======
 
2015-09-18 19:38 - 2015-09-18 19:38 - 0000070 _____ () C:\Documents and Settings\william fern\Application Data\05A71AD.html
2013-10-23 21:34 - 2013-10-23 21:34 - 0000070 _____ () C:\Documents and Settings\william fern\Application Data\13AEAE2.html
2014-02-15 10:31 - 2014-02-15 10:31 - 0000070 _____ () C:\Documents and Settings\william fern\Application Data\21146FC.html
2014-10-25 07:13 - 2014-10-25 07:13 - 0000070 _____ () C:\Documents and Settings\william fern\Application Data\214F56E.html
2015-01-29 10:19 - 2015-01-29 10:19 - 0000070 _____ () C:\Documents and Settings\william fern\Application Data\2F15261.html
2015-01-31 12:41 - 2015-01-31 12:41 - 0000070 _____ () C:\Documents and Settings\william fern\Application Data\442BA7B.html
2014-10-25 06:55 - 2014-10-25 06:55 - 0000070 _____ () C:\Documents and Settings\william fern\Application Data\4442D01.html
2014-01-30 08:08 - 2014-01-30 08:08 - 0000070 _____ () C:\Documents and Settings\william fern\Application Data\54AD17B.html
2015-09-18 20:26 - 2015-09-18 20:26 - 0000070 _____ () C:\Documents and Settings\william fern\Application Data\5BCE740.html
2013-11-29 23:12 - 2013-11-29 23:12 - 0000070 _____ () C:\Documents and Settings\william fern\Application Data\7BFBD14.html
2014-02-15 10:38 - 2014-02-15 10:38 - 0000070 _____ () C:\Documents and Settings\william fern\Application Data\83634F1.html
2015-11-01 14:47 - 2015-11-01 14:47 - 0000070 _____ () C:\Documents and Settings\william fern\Application Data\85FA396.html
2015-11-01 14:02 - 2015-11-01 14:02 - 0000070 _____ () C:\Documents and Settings\william fern\Application Data\9E6F76E.html
2014-05-03 15:25 - 2014-05-03 15:25 - 0000070 _____ () C:\Documents and Settings\william fern\Application Data\A7913EF.html
2014-01-21 23:51 - 2014-01-21 23:51 - 0000070 _____ () C:\Documents and Settings\william fern\Application Data\AA5257C.html
2014-02-15 10:37 - 2014-02-15 10:37 - 0000070 _____ () C:\Documents and Settings\william fern\Application Data\C07D4D9.html
2014-08-31 00:08 - 2014-08-31 00:08 - 0000070 _____ () C:\Documents and Settings\william fern\Application Data\C879590.html
2011-08-03 14:14 - 2012-08-11 17:07 - 0027245 ____C () C:\Documents and Settings\william fern\Application Data\Comma Separated Values (Windows).ADR
2014-09-02 16:14 - 2014-09-02 16:14 - 0012999 _____ () C:\Documents and Settings\william fern\Application Data\Comma Separated Values (Windows).CAL
2013-10-20 15:43 - 2013-10-20 15:43 - 0000070 _____ () C:\Documents and Settings\william fern\Application Data\D4921E2.html
2014-06-18 14:04 - 2014-06-18 14:04 - 0000070 _____ () C:\Documents and Settings\william fern\Application Data\D927CB5.html
2013-09-09 00:40 - 2013-09-09 00:40 - 0000070 _____ () C:\Documents and Settings\william fern\Application Data\D95DBAA.html
2011-10-18 11:23 - 2012-08-11 15:55 - 0000847 ____C () C:\Documents and Settings\william fern\Application Data\Rim.Desktop.Exception.log
2011-10-18 11:22 - 2013-03-02 09:34 - 0001917 ____C () C:\Documents and Settings\william fern\Application Data\Rim.Desktop.HttpServerSetup.log
2011-10-18 11:23 - 2012-08-11 15:55 - 0000847 ____C () C:\Documents and Settings\william fern\Application Data\Rim.DesktopHelper.Exception.log
2007-02-23 07:46 - 2015-10-12 19:12 - 0184320 _____ () C:\Documents and Settings\william fern\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-01 13:27 - 2012-11-01 13:27 - 0000135 _____ () C:\Documents and Settings\william fern\Local Settings\Application Data\fusioncache.dat
2011-11-20 11:35 - 2012-09-29 12:20 - 0004096 ___HC () C:\Documents and Settings\william fern\Local Settings\Application Data\keyfile3.drm
2014-12-22 18:37 - 2014-12-22 18:37 - 0000872 _____ () C:\Documents and Settings\william fern\Local Settings\Application Data\recently-used.xbel
 
Files to move or delete:
====================
C:\Documents and Settings\william fern\dbCache.dat
 
 
Some files in TEMP:
====================
C:\Documents and Settings\william fern\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\william fern\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\william fern\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\william fern\Local Settings\Temp\jre-7u65-windows-i586-iftw.exe
C:\Documents and Settings\william fern\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\william fern\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
C:\Documents and Settings\william fern\Local Settings\Temp\jre-8u31-windows-au.exe
C:\Documents and Settings\william fern\Local Settings\Temp\jre-8u40-windows-au.exe
C:\Documents and Settings\william fern\Local Settings\Temp\jre-8u45-windows-au.exe
C:\Documents and Settings\william fern\Local Settings\Temp\jre-8u66-windows-au.exe
C:\Documents and Settings\william fern\Local Settings\Temp\LiveUpdater.exe
C:\Documents and Settings\william fern\Local Settings\Temp\MotorolaDeviceManager_2.0405.exe
C:\Documents and Settings\william fern\Local Settings\Temp\ms.exe
C:\Documents and Settings\william fern\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\william fern\Local Settings\Temp\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
C:\Documents and Settings\william fern\Local Settings\Temp\sqlite-3.6.20-sqlitejdbc.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
 
***********************************

***********************************

Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-12-2015
Ran by william fern (2015-12-05 16:02:31)
Running from F:\File Storage\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2006-08-01 19:20:33)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-101615180-2126340230-2843861955-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-101615180-2126340230-2843861955-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-101615180-2126340230-2843861955-1005 - Limited - Disabled)
LogMeInRemoteUser (S-1-5-21-101615180-2126340230-2843861955-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\LogMeInRemoteUser
SUPPORT_388945a0 (S-1-5-21-101615180-2126340230-2843861955-1002 - Limited - Disabled)
william fern (S-1-5-21-101615180-2126340230-2843861955-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\william fern
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7300 (Version: 47.0.1.000 - Hewlett-Packard) Hidden
7300_Help (Version: 47.0.1.000 - Hewlett-Packard) Hidden
7300Trb (Version: 47.0.1.000 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat 6.0 Standard (HKLM\...\{AC76BA86-1033-0000-BA7E-000000000001}) (Version: 006.000.000 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AiO_Scan (Version: 47.0.1.000 - Hewlett-Packard) Hidden
AiOSoftware (Version: 47.0.1.000 - Hewlett-Packard) Hidden
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.22.1.40089 - AVG Technologies)
AVG (Version: 16.7.7227 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4477 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.7.7227 - AVG Technologies)
AVG Zen (Version: 1.22.1 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Advanced Control Suite (HKLM\...\{058B32E2-6310-4359-B2D4-1988390C3B83}) (Version: 8.20.01 - Broadcom Corporation)
BufferChm (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
Copy (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CP_AtenaShokunin1Config (Version: 45.4.131.000 - Hewlett-Packard) Hidden
cp_dwShrek2Albums1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
cp_dwShrek2Cards1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjects (Version: 45.4.157.000 - Hewlett-Packard) Hidden
CreativeProjectsTemplates (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
CueTour (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Destinations (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc)
Director (Version: 45.4.157.000 - Hewlett-Packard) Hidden
DocProc (Version: 4.5.0.0 - Hewlett-Packard) Hidden
DocumentViewer (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Fax (Version: 47.0.1.000 - Hewlett-Packard) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
FlipShare (HKLM\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
FMW 1 (Version: 1.32.2 - AVG Technologies) Hidden
Free M4a to MP3 Converter 7.0 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube to MP3 Converter Studio 8.4 (HKLM\...\Free YouTube to MP3 Converter Studio_is1) (Version:  - mediaprolab.com)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.)
Google Drive (HKLM\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
HP Driver Diagnostics (HKLM\...\{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}) (Version: 1.02.0014 - Hewlett-Packard)
HP Image Zone 4.7 (HKLM\...\HP Photo & Imaging) (Version: 4.7 - HP)
HP Image Zone Express (HKLM\...\{8F7A4D82-B168-4F89-99C2-B9873EC877AF}) (Version: 1.1.3.40 - Hewlett-Packard)
HP Officejet Pro K550 Series (HKLM\...\HP Officejet Pro K550 Series) (Version: 1.3 - HP)
HP PSC & OfficeJet 4.7 (HKLM\...\{342C7C88-D335-4bc2-8CF1-281857629CE2}) (Version:  - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPSystemDiagnostics (Version: 1.6.0.0 - Your Company Name) Hidden
InstantShare (Version: 45.4.157.000 - Hewlett-Packard) Hidden
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
Java 2 Runtime Environment, SE v1.4.2_03 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142030}) (Version: 1.4.2_03 - Sun Microsystems, Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
LOGiTpc Interface (HKLM\...\LOGiTpc_Supco_Software) (Version:  - )
LogMeIn (HKLM\...\{34F93E31-E1A0-421C-8E86-BCF7C4193A91}) (Version: 4.0.982 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MCU (Version: 1.00.0000 - Dell) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version:  - Microsoft Corporation)
Misc (Version: 1.00.0000 - Hewlett-Packard) Hidden
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 2.40 - BVRP Software)
Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{A55747C1-4651-433D-B082-478874FF7516}) (Version: 6.3.0 - Motorola Mobility LLC)
Move Networks Media Player for Internet Explorer (HKU\S-1-5-21-101615180-2126340230-2843861955-1006\...\Move Networks Player - IE) (Version:  - )
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Duplicate File Finder (HKLM\...\{0DB31141-0A75-4723-9F4F-C02265D9FC5C}) (Version: 1.0 - ConsumerSoft)
office Convert Pdf to Jpg Jpeg Tiff Free 6.5 (HKLM\...\office Convert Pdf to Jpg Jpeg Tiff Free_is1) (Version:  - Officeconvert Software, Inc.)
PanoStandAlone (Version: 45.4.157.000 - Hewlett-Packard) Hidden
PhotoGallery (Version: 45.4.157.000 - Hewlett-Packard) Hidden
PowerDVD 5.7 (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
ProductContext (Version: 47.1.14.000 - Hewlett-Packard) Hidden
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Quicken 2011 (HKLM\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Readme (Version: 47.0.1.000 - Hewlett-Packard) Hidden
Roxio DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 5.2.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Roxio)
Roxio RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Roxio)
Roxio RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Roxio)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 4.5.0.0 - Hewlett-Packard) Hidden
ScannerCopy (Version: 4.5.0.0 - Hewlett-Packard) Hidden
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
SkinsHP1 (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
SUABnR (HKLM\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
Tiff Viewer (HKLM\...\{1632F7CB-FB7D-402E-BC20-CAA1CC01EEDA}) (Version: 1.0.0 - COMPACT)
Toolbox (Version: 1.00.0000 - Hewlett-Packard) Hidden
TrayApp (Version: 45.4.157.000 - Hewlett-Packard) Hidden
UGuide (Version: 1.00.0000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-101615180-2126340230-2843861955-1006\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unload (Version: 4.5.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
USB Data Logger Interface (HKLM\...\SLOGCOMM&10C4&8105) (Version:  - )
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM\...\{002CFA1B-7085-4489-A1CD-DAFC05BAA545}) (Version: 2.15.1003 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM\...\{9E835F39-6633-4D1C-92CC-006F4D2F5E08}) (Version: 2.15.1001 - Samsung Electronics Co., Ltd.)
VGA Dual Camera (HKLM\...\{44E75850-B838-43D2-8F37-84D3FB71FF6E}) (Version: 2.02.0000 - Mars Semiconductor Corp.)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebEx (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 45.4.157.000 - Hewlett-Packard) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0018.5 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version:  - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows NT Messaging (HKLM\...\WMS) (Version:  - )
Windows Rights Management Client Backwards Compatibility SP2 (HKLM\...\{EC905264-BCFE-423B-9C42-C3A106266790}) (Version: 5.2.70 - Microsoft)
Windows Rights Management Client with Service Pack 2 (HKLM\...\{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}) (Version: 5.2.70 - Microsoft)
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Workspace Desktop (HKU\S-1-5-21-101615180-2126340230-2843861955-1006\...\workspacedesktop) (Version:  - Starfield Technologies)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-101615180-2126340230-2843861955-1006_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Documents and Settings\william fern\Local Settings\Application Data\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-101615180-2126340230-2843861955-1006_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Documents and Settings\william fern\Application Data\Move Networks\ie_bin\qsp2ie07051001.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-101615180-2126340230-2843861955-1006_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Documents and Settings\william fern\Application Data\Move Networks\ie_bin\qsp2ie07051001.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-101615180-2126340230-2843861955-1006_Classes\CLSID\{FE0D8F60-5A07-40a1-85EC-4FFB7E0F2306}\localserver32 -> C:\Documents and Settings\william fern\Local Settings\Application Data\RobloxVersions\version-6ca07d (the data entry has 35 more characters).
 
==================== Restore Points =========================
 
12-11-2015 03:18:17 System Checkpoint
13-11-2015 03:24:17 System Checkpoint
14-11-2015 04:17:56 System Checkpoint
15-11-2015 05:10:09 System Checkpoint
16-11-2015 06:04:06 System Checkpoint
17-11-2015 06:57:29 System Checkpoint
18-11-2015 07:54:09 System Checkpoint
19-11-2015 08:49:39 System Checkpoint
20-11-2015 09:45:27 System Checkpoint
21-11-2015 10:41:12 System Checkpoint
22-11-2015 11:36:58 System Checkpoint
23-11-2015 12:32:34 System Checkpoint
24-11-2015 13:28:06 System Checkpoint
25-11-2015 14:23:58 System Checkpoint
26-11-2015 15:20:39 System Checkpoint
27-11-2015 16:16:30 System Checkpoint
27-11-2015 19:44:17 Installed AVG 2016
27-11-2015 19:45:08 Installed AVG
28-11-2015 20:14:19 System Checkpoint
29-11-2015 20:50:19 System Checkpoint
30-11-2015 20:49:46 Removed Verizon Wireless Software Upgrade Assistant - Samsung(ar).
30-11-2015 20:50:06 Installed Verizon Wireless Software Upgrade Assistant - Samsung(ar).
01-12-2015 21:46:36 System Checkpoint
02-12-2015 22:42:08 System Checkpoint
03-12-2015 23:38:52 System Checkpoint
05-12-2015 00:34:06 System Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-11 16:00 - 2004-08-04 04:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Motorola Device Manager Engine.job => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe
Task: C:\WINDOWS\Tasks\Motorola Device Manager Update.job => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{441F5492-BA78-4EA9-96F4-07725214E8DC}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-05-06 12:07 - 2011-05-06 12:07 - 00460144 _____ () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
2010-10-25 23:06 - 2010-10-25 23:06 - 02248704 _____ () C:\Program Files\Flip Video\FlipShare\QtCore4.dll
2011-05-06 12:07 - 2011-05-06 12:07 - 04317184 _____ () C:\Program Files\Flip Video\FlipShare\Core.dll
2011-05-06 12:02 - 2011-05-06 12:02 - 00737280 _____ () C:\Program Files\Flip Video\FlipShare\qca2.dll
2010-10-25 23:23 - 2010-10-25 23:23 - 08351744 _____ () C:\Program Files\Flip Video\FlipShare\QtGui4.dll
2010-10-25 23:08 - 2010-10-25 23:08 - 00983040 _____ () C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
2010-10-25 23:23 - 2010-10-25 23:23 - 00204800 _____ () C:\Program Files\Flip Video\FlipShare\QtSql4.dll
2010-10-25 23:06 - 2010-10-25 23:06 - 00364544 _____ () C:\Program Files\Flip Video\FlipShare\QtXml4.dll
2010-10-26 07:34 - 2010-10-26 07:34 - 11853824 _____ () C:\Program Files\Flip Video\FlipShare\QtWebKit4.dll
2010-10-25 23:37 - 2010-10-25 23:37 - 00258048 _____ () C:\Program Files\Flip Video\FlipShare\phonon4.dll
2010-05-20 12:49 - 2010-05-20 12:49 - 00258048 _____ () C:\Program Files\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 01199104 _____ () C:\Program Files\Flip Video\FlipShare\PocoFoundation.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00642048 _____ () C:\Program Files\Flip Video\FlipShare\PocoNet.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00511488 _____ () C:\Program Files\Flip Video\FlipShare\PocoXML.dll
2011-05-06 11:58 - 2011-05-06 11:58 - 01085440 _____ () C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
2010-10-25 23:06 - 2010-10-25 23:06 - 02248704 _____ () C:\Program Files\Flip Video\FlipShareServer\QtCore4.dll
2010-10-25 23:08 - 2010-10-25 23:08 - 00983040 _____ () C:\Program Files\Flip Video\FlipShareServer\QtNetwork4.dll
2010-10-25 23:23 - 2010-10-25 23:23 - 00204800 _____ () C:\Program Files\Flip Video\FlipShareServer\QtSql4.dll
2010-05-20 12:49 - 2010-05-20 12:49 - 00258048 _____ () C:\Program Files\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 01199104 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoFoundation.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00642048 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoNet.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00175616 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoNetSSL.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00291840 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoUtil.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00511488 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoXML.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00110592 _____ () C:\Program Files\Flip Video\FlipShareServer\PocoCrypto.dll
2013-10-31 09:05 - 2013-10-31 09:05 - 00172032 _____ () C:\Program Files\Motorola Mobility\Motorola Device Manager\css_core.dll
2015-11-27 19:36 - 2015-11-27 19:35 - 40500224 _____ () C:\Program Files\AVG\UiDll\2171\libcef.dll
2013-07-10 02:23 - 2013-07-10 02:23 - 03391488 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a4644fd7\mscorlib.dll
2013-07-10 02:23 - 2013-07-10 02:23 - 03035136 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_827d8092\system.windows.forms.dll
2013-07-10 02:23 - 2013-07-10 02:23 - 01966080 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_fcf8e646\system.dll
2013-07-10 02:23 - 2013-07-10 02:23 - 00843776 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_72dbcc78\system.drawing.dll
2013-07-10 02:23 - 2013-07-10 02:23 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_3da59686\system.xml.dll
2004-08-11 16:00 - 2008-04-13 18:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-11 16:00 - 2008-04-13 18:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-08-31 00:01 - 2014-02-10 12:44 - 04592128 _____ () C:\Documents and Settings\william fern\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-08-31 00:01 - 2014-02-10 12:44 - 00112128 _____ () C:\Documents and Settings\william fern\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2015-12-03 20:36 - 2015-11-24 02:00 - 16496456 _____ () C:\Program Files\Google\Chrome\Application\47.0.2526.73\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-101615180-2126340230-2843861955-1006\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\william fern\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^william fern^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
MSCONFIG\startupreg: DVDLauncher => "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: HLBackupScheduler => C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
MSCONFIG\startupreg: HPWUTOOLBOX => C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe "-i"
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [D:\bin\IA\Core\MDM_Util.exe] => Enabled:MDM_Util
StandardProfile\AuthorizedApplications: [D:\WRV210SetupWizard.exe] => Enabled:WRV210 Setup Wizard
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
StandardProfile\AuthorizedApplications: [C:\Program Files\Backup Assistant Plus\verizon.exe] => Disabled:verizon
StandardProfile\AuthorizedApplications: [C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe] => Disabled:V CAST Backup Scheduler
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dmwu.exe] => Enabled:dmwu
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\ARFC\wrtc.exe] => Enabled:wrtc
StandardProfile\AuthorizedApplications: [C:\Program Files\Verizon Cloud\verizon.exe] => Enabled:verizon
StandardProfile\AuthorizedApplications: [C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe] => Disabled:Verizon Cloud Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe] => Disabled:BlackBerry Desktop Software
StandardProfile\AuthorizedApplications: [C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe] => Disabled:MotoCast-thumbnailer
StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\Steam.exe] => Enabled:Steam
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [F:\File Storage\Downloads\runtime\jre-x32\1.8.0_25\bin\javaw.exe] => Enabled:Java Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgdiagex.exe] => Enabled:AVG Diagnostics
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgemcx.exe] => Enabled:Personal Email Scanner
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [24726:TCP] => Enabled:FlipShareServer
StandardProfile\GloballyOpenPorts: [24727:TCP] => Enabled:FlipShareServer
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/22/2015 07:30:42 PM) (Source: Microsoft Office 12) (EventID: 5000) (User: )
Description: EventType officelifeboathang, P1 winword.exe, P2 12.0.6727.5000, P3 msptls.dll, P4 12.0.6727.5000, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 officelifeboathang0, P10 officelifeboathang1.
 
Error: (09/14/2015 10:09:43 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 574871467.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.
 
Error: (09/14/2015 10:09:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application distnoted.exe, version 1.750.29.0, faulting module corefoundation.dll, version 1.750.29.0, fault address 0x000b9eb9.
Processing media-specific event for [distnoted.exe!ws!]
 
Error: (07/26/2015 02:44:37 PM) (Source: Microsoft Office 12) (EventID: 1000) (User: )
Description: Faulting application outlook.exe, version 12.0.6691.5000, stamp 52e8c57c, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x3bda44d1.
 
Error: (07/11/2015 02:58:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <MAPI://{S-1-5-21-101615180-2126340230-2843861955-1006}/PERSONAL FOLDERS($FFA4D1A3)/0/INBOX/가가가가간갭곊갣갬걽겅걆겙걜겯갦걲곲겿걔갤갋걎가/AT=걅갡갏가:10827988_766633276707583_6423595095660839924_O.JPG> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (06/11/2015 08:10:52 PM) (Source: Microsoft Office 12) (EventID: 1000) (User: )
Description: Faulting application outlook.exe, version 12.0.6691.5000, stamp 52e8c57c, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x084d0e82.
 
Error: (06/10/2015 08:26:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application ua.exe, version 1.0.0.1, faulting module msvcr90.dll, version 9.0.30729.6161, fault address 0x00056b1d.
Processing media-specific event for [ua.exe!ws!]
 
Error: (05/26/2015 08:59:44 PM) (Source: Microsoft Office 12) (EventID: 5000) (User: )
Description: EventType officelifeboathang, P1 outlook.exe, P2 12.0.6691.5000, P3 ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 officelifeboathang0, P10 officelifeboathang1.
 
 
System errors:
=============
Error: (11/29/2015 02:50:38 PM) (Source: DCOM) (EventID: 10005) (User: DH4XDHB1)
Description: DCOM got error "%%1058" attempting to start the service LogMeIn with arguments ""
in order to run the server:
{C3ADA61A-4E0E-48D4-A2B1-AE5F76D01044}
 
Error: (11/29/2015 02:47:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 96%
Total physical RAM: 1014.07 MB
Available physical RAM: 37.5 MB
Total Virtual: 2443.41 MB
Available Virtual: 803.59 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.46 GB) (Free:4.16 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive f: (Seagate Replica) (Fixed) (Total:1863.01 GB) (Free:175.21 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
Link to post
Share on other sites
TwinHeadedEagle

TwinHeadedEagle

Posted
Posted

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 

Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • Click the History tab.
  • Click Application Logs and click on the newest Protection Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and attach it in your next reply.

FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please upload them into your next reply.
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.