joemagiera
2015-11-05, 00:20
I read the "before you post" and if I missed something, I apologize in advance if I didn't do something quite right.
On a Windows XP machine. Problems are an internet browser home page hi-jack, which also opens multiple sub-pages as soon as you go to any web site. Problems started when downloaded and ran the following software:
KeyFinderInstaller.exe (provides keys for installed software)
-and-
WiFiPasswordRevealerInstaller.exe (provides wifipasswords)
both this morning (11-4-2015).
both downloaded from www. magicaljellybean. com (NOT RECOMMENDED!)
One thing I wasn't sure of is whether to post the logs inline in this message or attach. The instructions mention both. I decided to do both. Below (and attached) are the three requested logs, in order:
FRST.txt
Addition.txt
aswMBR.txt
Any questions or actions to take, please let me know. Thank you,
Joe
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:04-11-2015
Ran by Dad (administrator) on JOE (04-11-2015 14:39:15)
Running from C:\Documents and Settings\Dad\My Documents\Downloads
Loaded Profiles: Dad (Available Profiles: Dad & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\AT&T tReader\treader.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19523616 2010-05-07] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [6111824 2015-08-25] (AVAST Software)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\RunOnce: [20150107] => C:\Program Files\Alwil Software\Avast5\setup\emupdate\7dd83ed3-c31e-4525-8913-8cfc68352e80.exe [183232 2015-11-04] (AVAST Software)
HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\Run: [treader.exe] => C:\Program Files\AT&T tReader\treader.exe [1304576 2007-10-23] ()
HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-1390067357-926492609-839522115-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2008-04-13] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2015-08-11] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{2C5F3C20-16B4-4DFC-A15E-75825F4A8998}: [DhcpNameServer] 192.168.88.1
Internet Explorer:
==================
HKU\S-1-5-21-1390067357-926492609-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1390067357-926492609-839522115-1003 -> Default = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.google.com" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1390067357-926492609-839522115-1003 -> DefaultScope {40C1DB81-4E42-4296-B026-A44077934BA1} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADRA_en
SearchScopes: HKU\S-1-5-21-1390067357-926492609-839522115-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1390067357-926492609-839522115-1003 -> {40C1DB81-4E42-4296-B026-A44077934BA1} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADRA_en
SearchScopes: HKU\S-1-5-21-1390067357-926492609-839522115-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll => No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-16] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-08-11] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-16] (Oracle Corporation)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll => No File
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll No File
Toolbar: HKLM - No Name - {00011268-E188-40DF-A514-835FCD78B1BF} - No File
Toolbar: HKU\S-1-5-21-1390067357-926492609-839522115-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} hxxps://gassl10.vpn.att.com/+CSCOL+/relayp.cab
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://missl10.vpn.att.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} hxxps://usmiclient.vpn.att.com/CACHE/stc/3/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {A5A5E1FF-FFEF-3FEF-B592-C6D194F4383F} hxxps://gassl10.vpn.att.com/CACHE/sdesktop/install/binaries/instweb.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} hxxps://gassl10.vpn.att.com/CACHE/sdesktop/install/binaries/instweb.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll [2011-08-10] (Belarc, Inc.)
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\itss.dll [2005-05-26] (Microsoft Corporation)
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\itss.dll [2005-05-26] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\81ilz7pn.default-1443317241296
FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFEScQ4IA11EDAVAJl8VVV1HGBgaeAxaTFpDRAUSd1oNUwgXFhNBNARaB0tXUUEeGGlxR1dMclBCMlpQLFYDRH5NL04=
FF DefaultSearchEngine: Default
FF DefaultSearchEngine.US: Default
FF SelectedSearchEngine: Default
FF Homepage: www.google.com (http://www.google.com)
FF Keyword.URL: hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV0JUA5BQ1EWbQlbB19cFVEVeRQBWQwTDFYRJQkJVlpEEwRFdx9aFQQTR0cFME0FB18EURNNfWpdAEsSSXhMMlxzD1YG&q={searchTerms}
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1390067357-926492609-839522115-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Dad\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-08-27] (Citrix Online)
FF Plugin HKU\S-1-5-21-1390067357-926492609-839522115-1003: @tnt2npapi.com/Plugin -> C:\Documents and Settings\Dad\Local Settings\Application Data\TNT2\2.0.0.1995\npTNT2.dll [No File]
FF user.js: detected! => C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\81ilz7pn.default-1443317241296\user.js [2015-11-04]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npatgpc.dll [2015-02-04] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Dad\Application Data\mozilla\plugins\npatgpc.dll [2015-02-04] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Dad\Application Data\mozilla\plugins\npMeetingJoinPluginAOCUser.dll [2014-05-01] ()
FF SearchPlugin: C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\81ilz7pn.default-1443317241296\searchplugins\default.xml [2015-11-04]
FF SearchPlugin: C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\81ilz7pn.default-1443317241296\searchplugins\search-simple.xml [2015-11-04]
FF Extension: SearchMoreKnow - C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\81ilz7pn.default-1443317241296\Extensions\{44c81f55-fe84-4145-8f1c-0da2c7ea8500}.xpi [2015-11-03] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-11-06] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2015-11-04] [not signed]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff => not found
Chrome:
=======
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHcQgPUVsVFBgTI19eTA0VFwwOeQENAxQSE1ATcQ5bVAtARwIFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE8TkdGC1dXFg=="
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV0JUA5BQ1EWbQlbB19cFVEVeRQBWQwTDFYRJQkJVlpEEwRFdx9aFQQTQkcFME0FBloEURNNfWpdAEsSSXhMMlxzD1YG&q={searchTerms}
CHR DefaultSearchKeyword: Default -> searchinterneat-a.akamaihd.net
CHR DefaultNewTabURL: Default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFEScQ4IA11EDAVAJl8VVV1HGBgaeAxaTFpDRAUSd1oNUwgXFhNBNARaAktXUUEeJ1pNER8fHGZGIUtbCXQeU1BoLlZP
CHR Profile: C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-21]
CHR Extension: (YouTube) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04]
CHR Extension: (Google Search) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-18]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-25]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Gmail) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-18]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-05-28]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [146600 2015-08-11] (AVAST Software)
S3 r_server; C:\WINDOWS\system32\r_server.exe [724992 2004-08-06] () [File not signed]
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [560528 2014-03-12] (Cisco Systems, Inc.)
S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 acsint; C:\WINDOWS\System32\DRIVERS\acsint.sys [40304 2014-03-12] (Cisco Systems, Inc.)
S3 acsmux; C:\WINDOWS\System32\DRIVERS\acsmux.sys [58736 2014-03-12] (Cisco Systems, Inc.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-08-11] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-08-11] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-08-11] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-08-11] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788784 2015-08-11] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433264 2015-08-11] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [161472 2015-08-11] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-08-11] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-08-11] (AVAST Software)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2011-08-09] () [File not signed]
S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5315 2005-05-17] (Cisco Systems, Inc.)
S4 DLPortIO; C:\WINDOWS\System32\DRIVERS\DLPortIO.sys [3584 1999-01-10] () [File not signed]
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
R2 giveio; C:\WINDOWS\system32\drivers\giveio.sys [5248 1996-05-13] () [File not signed]
S3 HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [907456 2001-08-17] (Conexant)
S3 mcdbus; C:\WINDOWS\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
S3 mirrorv3; C:\WINDOWS\System32\DRIVERS\rminiv3.sys [3328 2010-04-21] (Famatech International Corp.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R1 oxmf; C:\WINDOWS\System32\DRIVERS\oxmf.sys [15779 2003-06-26] (Lite-On Technology Corporation.)
S3 Oxmfuf; C:\WINDOWS\System32\DRIVERS\oxmfuf.sys [5111 2003-06-26] (Lite-On Technology Corporation.)
R1 oxpar; C:\WINDOWS\System32\DRIVERS\oxpar.sys [76800 2003-12-25] (Lite-On Technology Corporation.)
S1 oxser; C:\WINDOWS\System32\DRIVERS\oxser.sys [51269 2003-06-26] (Lite-On Technology Corporation.)
S2 RadPciNT; C:\WINDOWS\system32\Drivers\RadPciNT.sys [9417 2000-04-24] (MediaForte Products Pte. Ltd.) [File not signed]
R2 ScFBPNT; C:\WINDOWS\system32\drivers\ScFBPNT.SYS [16288 2000-02-08] () [File not signed]
R3 teamviewervpn; C:\WINDOWS\System32\DRIVERS\teamviewervpn.sys [25088 2012-11-28] (TeamViewer GmbH)
S2 USBRADIO; C:\WINDOWS\System32\Drivers\USBRADIO.sys [49444 2000-03-31] (GemTek Technology Co. LTD.) [File not signed]
R3 WmBEnum; C:\WINDOWS\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\WINDOWS\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
S3 WmVirHid; C:\WINDOWS\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\WINDOWS\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
S3 avpnnic; system32\DRIVERS\avpnnic.sys [X]
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S3 vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys [X]
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Three Months Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-04 14:36 - 2015-11-04 14:39 - 00000000 ____D C:\FRST
2015-11-04 14:03 - 2015-11-04 14:03 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-11-04 13:50 - 2015-11-04 13:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-11-04 13:48 - 2015-11-04 13:48 - 00000000 ____D C:\WINDOWS\LastGood
2015-11-04 13:46 - 2015-08-11 21:04 - 00788784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw256.tmp
2015-11-04 13:46 - 2015-08-11 21:04 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw25D.tmp
2015-11-04 13:46 - 2015-08-11 21:04 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw25F.tmp
2015-11-04 13:46 - 2015-08-11 21:04 - 00161472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw260.tmp
2015-11-04 13:46 - 2015-08-11 21:04 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw25B.tmp
2015-11-04 13:46 - 2015-08-11 21:04 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw261.tmp
2015-11-04 13:46 - 2015-08-11 21:04 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw258.tmp
2015-11-04 13:46 - 2015-08-11 21:04 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw25C.tmp
2015-11-04 13:46 - 2015-08-11 21:04 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw259.tmp
2015-11-04 13:44 - 2015-08-11 21:04 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-11-04 13:38 - 2015-11-04 14:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-11-04 07:49 - 2015-11-04 13:40 - 00000000 ____D C:\Program Files\Common Files\3a08aecf-996c-434c-872d-c3768a6d9134
2015-11-04 07:49 - 2015-11-04 13:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\3a08aecf-996c-434c-872d-c3768a6d9134
2015-11-04 07:49 - 2015-11-04 13:38 - 00000000 ____D C:\Program Files\SearchMoreKnow
2015-11-04 07:49 - 2015-11-04 13:38 - 00000000 ____D C:\Program Files\Magical Jelly Bean
2015-11-04 07:49 - 2015-11-04 13:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\KeyFinder
2015-11-04 07:49 - 2015-11-04 07:49 - 00001222 _____ C:\search-simple.xml
2015-10-12 17:25 - 2015-10-12 17:26 - 00000149 _____ C:\Documents and Settings\Dad\Desktop\TV repair.url
2015-10-09 05:59 - 2015-10-09 05:58 - 00069908 ____H C:\WINDOWS\Minidump\Mini100915-01.dmp
2015-10-08 06:19 - 2015-10-08 06:18 - 00069908 ____H C:\WINDOWS\Minidump\Mini100815-01.dmp
2015-10-07 05:55 - 2015-10-07 05:51 - 00069908 ____H C:\WINDOWS\Minidump\Mini100715-01.dmp
2015-09-26 19:27 - 2015-09-26 19:27 - 00000000 ____D C:\Documents and Settings\Dad\Desktop\Old Firefox Data
2015-09-25 20:57 - 2015-09-25 20:57 - 00000118 _____ C:\Documents and Settings\Dad\Desktop\card odds.url
2015-09-24 09:14 - 2015-09-24 09:14 - 00000282 _____ C:\Documents and Settings\Dad\Desktop\cherry master.url
2015-09-22 08:03 - 2015-09-22 08:03 - 00000126 _____ C:\Documents and Settings\Dad\Desktop\A&A John Lewis.url
2015-09-19 11:07 - 2015-09-19 11:12 - 00000000 ____D C:\Documents and Settings\Dad\Application Data\dvdcss
2015-09-18 12:39 - 2015-09-18 12:39 - 00000135 _____ C:\Documents and Settings\Dad\Desktop\website forums3.url
2015-09-18 12:38 - 2015-09-18 12:38 - 00000164 _____ C:\Documents and Settings\Dad\Desktop\website forums.url
2015-09-18 12:38 - 2015-09-18 12:38 - 00000115 _____ C:\Documents and Settings\Dad\Desktop\website forums2.url
2015-09-17 14:20 - 2015-09-17 14:20 - 00000347 _____ C:\Documents and Settings\Dad\My Documents\.htaccess
2015-09-16 05:04 - 2015-09-16 05:04 - 00000000 ____D C:\Program Files\Common Files\Java
2015-09-16 05:03 - 2015-09-16 05:03 - 00000000 ____D C:\Documents and Settings\Dad\.oracle_jre_usage
2015-09-14 18:23 - 2015-09-18 08:39 - 00001692 _____ C:\Documents and Settings\All Users\Start Menu\Full Flush Poker 8.2.lnk
2015-09-14 18:23 - 2015-09-14 18:24 - 00000000 ____D C:\Program Files\Full Flush Poker 8.2
2015-09-14 18:23 - 2015-09-14 18:23 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Full Flush Poker 8.2
2015-08-29 11:03 - 2015-08-29 11:03 - 00000114 _____ C:\Documents and Settings\Dad\Desktop\D&D Surplus.url
2015-08-24 05:53 - 2015-08-24 05:53 - 00000126 _____ C:\Documents and Settings\Dad\Desktop\Quantum front glass.url
2015-08-23 12:19 - 2015-08-23 12:19 - 00000731 _____ C:\Documents and Settings\Dad\Desktop\VLC media player.lnk
2015-08-18 20:35 - 2015-08-18 20:35 - 00000130 _____ C:\Documents and Settings\Dad\Desktop\Windows.url
2015-08-12 17:07 - 2015-08-12 17:08 - 00000246 _____ C:\Documents and Settings\Dad\Desktop\recycle.url
2015-08-11 21:05 - 2015-08-11 21:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$
2015-08-11 21:05 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2015-08-11 21:04 - 2015-11-04 13:50 - 00130612 _____ C:\WINDOWS\Wdf01009Inst.log
2015-08-11 21:04 - 2015-08-11 21:04 - 00161472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-08-11 21:04 - 2015-08-11 21:04 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-08-10 07:31 - 2015-08-10 07:32 - 00000000 ____D C:\Documents and Settings\Dad\Application Data\pdf995
2015-08-10 07:31 - 2015-08-10 07:31 - 00000028 _____ C:\WINDOWS\pdf995.ini
2015-08-10 07:31 - 2015-08-10 07:31 - 00000000 ____D C:\Documents and Settings\Dad\Local Settings\Application Data\pdf995
2015-08-10 06:48 - 2007-08-24 10:13 - 00000142 _____ C:\WINDOWS\wpd99.drv
2015-08-10 06:47 - 2015-11-04 13:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\pdf995
2015-08-10 06:47 - 2015-08-10 06:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Software995
2015-08-10 06:47 - 2015-08-10 06:47 - 01667072 _____ (TODO: <Company name>) C:\WINDOWS\system32\pdfmona.dll
2015-08-10 06:47 - 2015-08-10 06:47 - 00036864 _____ C:\WINDOWS\system32\pdf995mon.dll
==================== Three Months Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-04 14:40 - 2010-09-05 12:30 - 00000000 ____D C:\Documents and Settings\Dad\Local Settings\Temp
2015-11-04 14:15 - 2010-09-05 12:15 - 01737484 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-04 14:14 - 2014-08-27 15:56 - 00000510 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1390067357-926492609-839522115-1003.job
2015-11-04 14:03 - 2014-06-03 20:55 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-04 14:03 - 2014-06-03 20:55 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-11-04 13:56 - 2014-06-04 19:57 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-04 13:55 - 2013-10-30 15:41 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-04 13:50 - 2014-11-18 09:10 - 00001700 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2015-11-04 13:50 - 2010-12-31 10:00 - 00819640 _____ C:\WINDOWS\setupapi.log
2015-11-04 13:47 - 2012-07-11 15:38 - 00000318 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-11-04 13:42 - 2015-05-30 10:25 - 00000606 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1390067357-926492609-839522115-1003.job
2015-11-04 13:41 - 2001-08-23 06:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-11-04 13:40 - 2014-06-04 19:57 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-04 13:40 - 2014-03-06 22:25 - 00000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-11-04 13:40 - 2010-09-05 12:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-04 13:40 - 2010-09-05 03:58 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-11-04 13:40 - 2010-09-05 03:58 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-11-04 13:39 - 2013-01-15 20:27 - 00000000 ____D C:\Documents and Settings\Administrator
2015-11-04 13:39 - 2010-09-05 12:30 - 00000000 ____D C:\Documents and Settings\Dad
2015-11-04 13:39 - 2010-09-05 12:28 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-11-04 13:39 - 2010-09-05 12:18 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-11-04 13:39 - 2010-09-05 12:13 - 00000000 ____D C:\WINDOWS\Registration
2015-11-04 13:38 - 2014-02-05 06:16 - 00000000 ____D C:\sys7y6
2015-11-04 13:37 - 2013-06-30 21:56 - 03997696 _____ C:\WINDOWS\system32\config\ACVPN.evt
2015-11-04 13:37 - 2010-09-05 12:28 - 00032640 _____ C:\WINDOWS\SchedLgU.Txt
2015-11-04 09:06 - 2014-10-02 17:46 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2015-11-02 21:47 - 2010-09-05 12:30 - 00000178 ___SH C:\Documents and Settings\Dad\ntuser.ini
2015-11-02 14:40 - 2015-02-17 22:36 - 00000000 ____D C:\Program Files\PokerStars
2015-11-01 06:53 - 2010-09-05 03:56 - 01407864 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-29 06:05 - 2010-09-05 03:55 - 00176737 _____ C:\WINDOWS\setupact.log
2015-10-26 17:14 - 2010-09-11 09:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-10-26 06:19 - 2012-11-15 17:22 - 00000000 ____D C:\Program Files\Savings Bond Wizard
2015-10-25 07:41 - 2013-08-12 18:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-25 07:35 - 2010-09-10 15:47 - 141105520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-24 13:59 - 2001-08-23 06:00 - 00000618 _____ C:\WINDOWS\win.ini
2015-10-24 13:57 - 2010-09-05 12:13 - 00000063 _____ C:\WINDOWS\vbaddin.ini
2015-10-17 07:55 - 2013-10-30 15:41 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-10-17 07:55 - 2013-10-30 15:41 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-10-17 07:28 - 2014-03-07 20:11 - 00000000 ____D C:\Program Files\AT&T tReader
2015-10-14 11:33 - 2015-01-07 12:19 - 00003209 _____ C:\Documents and Settings\Dad\Desktop\myAT&T.lnk
2015-10-14 11:33 - 2015-01-07 12:19 - 00000000 ____D C:\Documents and Settings\Dad\Start Menu\Programs\AT&T Connect
2015-10-11 19:45 - 2011-05-03 16:54 - 00000000 ____D C:\Program Files\mIRC
2015-10-09 05:59 - 2011-09-12 16:05 - 00000000 ____D C:\WINDOWS\Minidump
2015-10-08 14:00 - 2014-03-06 22:25 - 00000212 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
==================== Files in the root of some directories =======
2011-12-28 11:20 - 2011-12-28 11:20 - 0002528 _____ () C:\Documents and Settings\Dad\Application Data\$_hpcst$.hpc
2011-12-14 17:16 - 2014-11-15 15:53 - 0003584 _____ () C:\Documents and Settings\Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
C:\Documents and Settings\Dad\Local Settings\Temp\20130714052212265jniverify.dll
C:\Documents and Settings\Dad\Local Settings\Temp\20130714054412734jniverify.dll
C:\Documents and Settings\Dad\Local Settings\Temp\AMPing.exe
C:\Documents and Settings\Dad\Local Settings\Temp\BetOnline Updater.exe
C:\Documents and Settings\Dad\Local Settings\Temp\CitrixOnlineLauncher.exe
C:\Documents and Settings\Dad\Local Settings\Temp\CSDJavaInstaller.dll
C:\Documents and Settings\Dad\Local Settings\Temp\CSDWebLaunch.exe
C:\Documents and Settings\Dad\Local Settings\Temp\cstub.exe
C:\Documents and Settings\Dad\Local Settings\Temp\dsHostCheckerSetup.exe
C:\Documents and Settings\Dad\Local Settings\Temp\fp_pl_pfs_installer.exe
C:\Documents and Settings\Dad\Local Settings\Temp\Full Flush Poker Updater.exe
C:\Documents and Settings\Dad\Local Settings\Temp\GdiPlus.dll
C:\Documents and Settings\Dad\Local Settings\Temp\GLF8.tmp.tbElf_.dll
C:\Documents and Settings\Dad\Local Settings\Temp\InstallerMessageBox.exe
C:\Documents and Settings\Dad\Local Settings\Temp\InstallManager_BAB_BAB.exe
C:\Documents and Settings\Dad\Local Settings\Temp\install_flashplayer14x32au_mssa_aaa_aih.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-6u32-windows-i586-iftw.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-6u33-windows-i586-iftw.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-7u11-windows-i586-iftw.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-7u13-windows-i586-iftw.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
C:\Documents and Settings\Dad\Local Settings\Temp\mirc71.exe
C:\Documents and Settings\Dad\Local Settings\Temp\miunst_.exe
C:\Documents and Settings\Dad\Local Settings\Temp\NPSInstallerProxy.exe
C:\Documents and Settings\Dad\Local Settings\Temp\NPSInstallerProxyMessageBoxHookDll.dll
C:\Documents and Settings\Dad\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\Dad\Local Settings\Temp\ose00001.exe
C:\Documents and Settings\Dad\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Dad\Local Settings\Temp\Relay.dll
C:\Documents and Settings\Dad\Local Settings\Temp\sbwcrv.exe
C:\Documents and Settings\Dad\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Dad\Local Settings\Temp\tbWhit.dll
C:\Documents and Settings\Dad\Local Settings\Temp\vlc-2.1.5-win32.exe
C:\Documents and Settings\Dad\Local Settings\Temp\vlc-2.2.1-win32.exe
C:\Documents and Settings\Dad\Local Settings\Temp\wget.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:04-11-2015
Ran by Dad (2015-11-04 14:41:11)
Running from C:\Documents and Settings\Dad\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2010-09-05 18:17:31)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1390067357-926492609-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1390067357-926492609-839522115-1006 - Limited - Enabled)
Dad (S-1-5-21-1390067357-926492609-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Dad
Guest (S-1-5-21-1390067357-926492609-839522115-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1390067357-926492609-839522115-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1390067357-926492609-839522115-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Arcade Tournament Manager (HKLM\...\{E27E085D-DAEE-41D1-B047-42DC8A01F545}) (Version: 1.7.4.0 - Danesi Designs)
ArcSoft Camera Suite (HKLM\...\{4677AAF8-8D7A-4EE2-BCE4-0068BB052353}) (Version: - )
Arduino (HKLM\...\Arduino) (Version: 1.6.3 - Arduino LLC)
AT&T Connect Participant Application v9.5.51 (HKLM\...\{E42E8753-9A8E-48E9-9829-B3571D91A945}) (Version: 9.5.51 - AT&T Inc.)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.3.2225 - AVAST Software)
Belarc Advisor 8.2 (HKLM\...\Belarc Advisor) (Version: 8.2.6.0 - Belarc Inc.)
Camera Window (Version: 4.0 - Canon) Hidden
Canon Camera WIA Driver (Version: 5.0.0 - Canon) Hidden
Canon Camera Window for ZoomBrowser EX (HKLM\...\InstallShield_{2D6BDF3A-6BDB-4169-909F-E882F23AB795}) (Version: 4.0 - Canon)
Canon PhotoRecord (HKLM\...\PhotoRecord) (Version: - )
Canon PowerShot S45 WIA Driver (HKLM\...\InstallShield_{25E671BE-87A0-40F1-ABE5-BCBC6E65B0F5}) (Version: 5.0.0 - Canon)
Canon Utilities FileViewerUtility 1.0 (HKLM\...\InstallShield_{0627E8E9-6822-4A5E-9225-286741CDC3E4}) (Version: 1.0 - Canon)
Canon Utilities PhotoStitch 3.1 (HKLM\...\InstallShield_{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}) (Version: 3.1.8 - Canon)
Canon Utilities RemoteCapture 2.6 (HKLM\...\InstallShield_{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}) (Version: 2.6.0 - Your Company Name)
Canon Utilities ZoomBrowser EX (HKLM\...\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}) (Version: 04.00.00024 - CISRA)
Catan Online World (HKLM\...\Catan Online Welt) (Version: 3.728 - Catan GmbH)
Cisco AnyConnect Secure Mobility Client (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05160 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.05160 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{3D5F07C3-1B93-47F8-9F8A-DE8E47BF1669}) (Version: 1.0.209 - Citrix)
Data Fax SoftModem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: - )
eShield Browser Security (HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\{5FD52900-79EB-488E-910D-DDFEB09AC8A6}) (Version: - eShield) <==== ATTENTION
FileViewerUtility 1.0 (Version: 1.0 - Canon) Hidden
Full Flush Poker 8.2 (HKLM\...\Full Flush Poker 8.2) (Version: 8.2.12.201509140800 - Full Flush Poker)
Google Chrome (HKLM\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
GoToMeeting 7.4.1.3770 (HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\GoToMeeting) (Version: 7.4.1.3770 - CitrixOnline)
H&R Block Deluxe + Efile + State 2014 (HKLM\...\{BDA77C08-60A6-4AAB-B5A9-849ECF399A49}) (Version: 14.05.7401 - HRB Technology, LLC.)
H&R Block Illinois 2014 (HKLM\...\{1B7D02B3-464B-4870-83AF-9FC76A8C8554}) (Version: 1.14.3401 - HRB Technology, LLC.)
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
Image Resizer Powertoy for Windows XP (HKLM\...\{1CB92574-96F2-467B-B793-5CEB35C40C29}) (Version: 1.00.0001 - Microsoft Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5273 - Intel Corporation)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Juniper Networks Host Checker (HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\Neoteris_Host_Checker) (Version: 7.1.0.18193 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\Juniper_Setup_Client) (Version: 7.1.2.10059 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
LivePix 1.1 SE (HKLM\...\LivePix) (Version: - )
Logitech Gaming Software 5.10 (HKLM\...\{60D32CDC-E3BE-4578-BA10-29322307CDDC}) (Version: 5.10.127 - Logitech)
MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version: - )
Max Loader 4.6r (HKLM\...\Max Loader_is1) (Version: - EETools, Inc.)
MeasureUp Certification Preparation (HKLM\...\InstallShield_{B9DF865A-C1BD-4DFD-9FF5-9CA5C6E23415}) (Version: 10.03 - MeasureUp Inc.)
MeasureUp Practice Tests (HKLM\...\InstallShield_{1B53F089-10BA-4538-B977-8CF8A5343E04}) (Version: 10.03 - MeasureUp Inc.)
MeasureUp Practice Tests (Version: 10.03 - MeasureUp Inc.) Hidden
MEET MANAGER 2.0 for Swimming (HKLM\...\{7CE480FF-5B49-490E-BC18-1C663ECC0B61}) (Version: 1.00.0001 - Sports-Tek Software)
MEET MANAGER 3.0 for Swimming (HKLM\...\{ED1D569E-3DA4-4D59-A1C2-80DFF72C962F}) (Version: 1.00.0001 - HY-TEK Sports Software)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Lync 2010 Attendee (HKLM\...\{6F72D695-5188-4484-B21E-E16CD89C4008}) (Version: 4.0.7577.4446 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version: - )
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
mIRC (HKLM\...\mIRC) (Version: - )
Mozilla Firefox 42.0 (x86 en-US) (HKLM\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Password Safe 1.7.1 (HKLM\...\{9886C963-FB48-4C58-8E75-64816F220D1D}) (Version: 1.7.1 - SBC)
Pdf995 (installed by H&R Block) (HKLM\...\Pdf995) (Version: - )
PdfEdit995 (installed by H&R Block) (HKLM\...\PdfEdit995) (Version: - )
PhotoStitch (Version: 3.1.8 - Canon) Hidden
PokerStars (HKLM\...\PokerStars) (Version: - PokerStars)
Radiator (remove only) (HKLM\...\Radiator) (Version: - )
Radmin Viewer 3.4 (HKLM\...\{2517B7EA-6C03-4D86-A1B1-F3FE1C3BC03B}) (Version: 3.41.0000 - Famatech)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.30.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6106 - Realtek Semiconductor Corp.)
Remote Administrator v2.2 (HKLM\...\Remote Administrator v2.2) (Version: - )
RemoteCapture 2.6 (Version: 2.6.0 - Your Company Name) Hidden
Revo Uninstaller Pro 2.5.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.9 - VS Revo Group, Ltd.)
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Savings Bond Wizard (HKLM\...\Savings Bond Wizard) (Version: - )
ScanCraft CS-P (HKLM\...\ScanCraft CS-P) (Version: - )
SecureAuthOTP (HKLM\...\{21CBD08B-1E83-4D4B-B1FE-BB5424245BB5}) (Version: 1.11.0000 - SecureAuth)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SketchUp 2013 (HKLM\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
SketchUp 2014 (HKLM\...\{A608A8D3-E77C-4BEE-8F2A-F8124F5F0FE2}) (Version: 14.0.4900 - Trimble Navigation Limited)
SmartFTP Client 2.0 (HKLM\...\{C169D3BB-9A27-43F5-9979-09A0D65FE95C}) (Version: 2.0.1000 - SmartFTP)
SmartFTP Client 2.0 Setup Files (remove only) (HKLM\...\SmartFTP Client 2.0 Setup Files) (Version: "2.0" - "SmartFTP")
Snagit 10 (HKLM\...\{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}) (Version: 10.0.0 - TechSmith Corporation)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
StudioLine Photo (HKLM\...\StudioLine Photo) (Version: - )
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{01E0A80A-97FD-4FC2-B75D-C754396CD255}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}\InprocServer32 -> C:\Program Files\TNT2\TNT2UserPS.dll => No File
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{156B30E4-2D3D-4257-A340-9BDD2E972E2E}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\Video2ActiveXWnd.ocx ()
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{2115F58A-CE09-47CC-A0B1-A8A2EC0C5423}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{638B203F-8FB6-49ec-A139-AB8C530F0CAB}\MSPowerPoint.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{48A60FE8-C446-4371-95EB-258B14DCC5AC}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{18AA4E21-D540-4a3a-9F9F-E6DE33D6F253}\MSExcel.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88}\localserver32 -> "C:\Documents and Settings\Dad\Local Settings\Application Data\TNT2\2.0.0.1995\TNT2User.exe" => No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{5A31DC2C-BC50-4F71-93B8-2EC648404AF3}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\Video2ActiveXWnd.ocx ()
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{7949C823-54C6-40F0-8D85-2348247E6820}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Utilities\IWMaterials.ocx (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{795B06EA-58E8-482C-AF11-A7E4E34DA16F}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{7A162288-DE78-473C-A6BA-23FF17F768E9}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1440\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{88BE9158-3A40-4907-B2F0-7E72496A9596}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{8A3C5585-D1ED-4EC0-B3C4-94998094E5BB}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{8CC82228-2200-4D22-9859-B762582F6D31}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{CC9F903E-1C4B-4596-B410-982107EC4899}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{DE471660-5535-47A8-949A-9DA95A72951F}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Utilities\IWMaterials.ocx (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{E169D2B5-9411-47B9-A473-345A3FB57090}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{F4A2332C-B453-4424-A142-AB9C51BAE2AF}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{F8ACB9F2-2A7D-4261-AA37-A39448C23CAE}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\dsoframer.ocx (AT&T Inc.)
==================== Restore Points =========================
06-08-2015 21:33:44 System Checkpoint
06-08-2015 22:31:01 Software Distribution Service 3.0
07-08-2015 22:48:46 System Checkpoint
07-08-2015 23:35:54 Software Distribution Service 3.0
08-08-2015 22:14:06 Software Distribution Service 3.0
09-08-2015 22:37:28 Software Distribution Service 3.0
10-08-2015 06:48:03 Printer Driver PDF995 Printer Driver Installed
10-08-2015 22:19:20 Software Distribution Service 3.0
11-08-2015 21:04:01 avast! antivirus system restore point
11-08-2015 21:05:39 Installed Windows XP Wdf01009.
11-08-2015 22:03:06 Software Distribution Service 3.0
12-08-2015 21:55:05 Software Distribution Service 3.0
12-08-2015 23:14:20 Software Distribution Service 3.0
13-08-2015 21:48:31 Software Distribution Service 3.0
14-08-2015 05:24:09 Software Distribution Service 3.0
14-08-2015 22:43:58 Software Distribution Service 3.0
15-08-2015 23:08:27 System Checkpoint
16-08-2015 02:00:17 Software Distribution Service 3.0
16-08-2015 21:10:45 Software Distribution Service 3.0
17-08-2015 21:19:39 System Checkpoint
17-08-2015 21:37:32 Software Distribution Service 3.0
17-08-2015 22:00:48 Software Distribution Service 3.0
17-08-2015 22:32:23 Software Distribution Service 3.0
18-08-2015 21:47:58 Software Distribution Service 3.0
18-08-2015 21:55:59 Software Distribution Service 3.0
18-08-2015 22:16:55 Software Distribution Service 3.0
19-08-2015 05:48:08 Software Distribution Service 3.0
19-08-2015 06:18:04 Software Distribution Service 3.0
19-08-2015 06:25:38 Software Distribution Service 3.0
19-08-2015 19:24:33 Software Distribution Service 3.0
19-08-2015 19:55:52 Software Distribution Service 3.0
19-08-2015 21:43:31 Software Distribution Service 3.0
20-08-2015 21:29:27 Software Distribution Service 3.0
21-08-2015 22:15:46 Software Distribution Service 3.0
21-08-2015 22:18:40 Software Distribution Service 3.0
22-08-2015 22:45:35 System Checkpoint
23-08-2015 02:00:16 Software Distribution Service 3.0
23-08-2015 21:06:47 Software Distribution Service 3.0
24-08-2015 21:43:56 Software Distribution Service 3.0
24-08-2015 22:19:04 Software Distribution Service 3.0
25-08-2015 10:17:39 Software Distribution Service 3.0
25-08-2015 22:19:44 Software Distribution Service 3.0
26-08-2015 19:39:01 Software Distribution Service 3.0
26-08-2015 21:23:34 Software Distribution Service 3.0
27-08-2015 21:51:18 Software Distribution Service 3.0
28-08-2015 19:32:16 Software Distribution Service 3.0
28-08-2015 22:49:37 Software Distribution Service 3.0
29-08-2015 15:06:00 Software Distribution Service 3.0
30-08-2015 02:00:16 Software Distribution Service 3.0
30-08-2015 22:06:42 Software Distribution Service 3.0
31-08-2015 21:26:35 Software Distribution Service 3.0
01-09-2015 21:49:26 System Checkpoint
01-09-2015 22:00:56 Software Distribution Service 3.0
02-09-2015 21:35:59 Software Distribution Service 3.0
02-09-2015 21:42:06 Software Distribution Service 3.0
03-09-2015 07:35:43 Software Distribution Service 3.0
03-09-2015 07:42:52 Software Distribution Service 3.0
03-09-2015 22:02:08 Software Distribution Service 3.0
04-09-2015 22:01:23 Software Distribution Service 3.0
05-09-2015 22:06:04 Software Distribution Service 3.0
05-09-2015 22:11:03 Software Distribution Service 3.0
05-09-2015 22:16:39 Software Distribution Service 3.0
05-09-2015 22:18:13 Software Distribution Service 3.0
06-09-2015 11:27:13 Software Distribution Service 3.0
06-09-2015 22:03:20 Software Distribution Service 3.0
07-09-2015 22:08:30 Software Distribution Service 3.0
08-09-2015 21:53:50 Software Distribution Service 3.0
09-09-2015 21:20:20 Software Distribution Service 3.0
09-09-2015 21:22:30 Software Distribution Service 3.0
10-09-2015 05:02:39 Software Distribution Service 3.0
10-09-2015 22:18:21 Software Distribution Service 3.0
11-09-2015 22:21:48 Software Distribution Service 3.0
12-09-2015 22:49:51 Software Distribution Service 3.0
13-09-2015 22:17:29 Software Distribution Service 3.0
14-09-2015 08:01:30 Software Distribution Service 3.0
14-09-2015 08:18:31 Software Distribution Service 3.0
14-09-2015 09:27:38 Software Distribution Service 3.0
14-09-2015 09:46:20 Software Distribution Service 3.0
14-09-2015 10:00:52 Software Distribution Service 3.0
14-09-2015 20:01:00 Software Distribution Service 3.0
15-09-2015 20:11:08 System Checkpoint
15-09-2015 21:46:14 Software Distribution Service 3.0
16-09-2015 08:23:25 Software Distribution Service 3.0
16-09-2015 21:38:56 Software Distribution Service 3.0
17-09-2015 21:36:51 Software Distribution Service 3.0
18-09-2015 22:11:16 System Checkpoint
18-09-2015 22:13:45 Software Distribution Service 3.0
19-09-2015 21:03:09 Software Distribution Service 3.0
20-09-2015 06:04:34 Software Distribution Service 3.0
20-09-2015 22:36:11 Software Distribution Service 3.0
21-09-2015 09:21:00 Software Distribution Service 3.0
21-09-2015 09:28:43 Software Distribution Service 3.0
21-09-2015 09:29:24 Software Distribution Service 3.0
21-09-2015 10:42:42 Software Distribution Service 3.0
21-09-2015 21:05:13 Software Distribution Service 3.0
22-09-2015 21:48:01 Software Distribution Service 3.0
23-09-2015 07:40:23 Software Distribution Service 3.0
23-09-2015 21:48:45 Software Distribution Service 3.0
24-09-2015 05:01:25 Software Distribution Service 3.0
24-09-2015 22:16:34 Software Distribution Service 3.0
25-09-2015 21:00:01 Software Distribution Service 3.0
25-09-2015 21:02:39 Software Distribution Service 3.0
26-09-2015 05:09:09 Software Distribution Service 3.0
26-09-2015 21:49:19 Software Distribution Service 3.0
27-09-2015 22:46:30 Software Distribution Service 3.0
28-09-2015 21:37:54 Software Distribution Service 3.0
29-09-2015 20:38:46 Software Distribution Service 3.0
29-09-2015 21:44:19 Software Distribution Service 3.0
30-09-2015 20:07:52 Software Distribution Service 3.0
01-10-2015 20:12:48 System Checkpoint
01-10-2015 21:47:44 Software Distribution Service 3.0
02-10-2015 22:08:36 Software Distribution Service 3.0
03-10-2015 23:02:14 Software Distribution Service 3.0
04-10-2015 21:47:21 Software Distribution Service 3.0
06-10-2015 06:00:12 System Checkpoint
07-10-2015 06:37:02 System Checkpoint
08-10-2015 10:01:48 System Checkpoint
09-10-2015 10:37:38 System Checkpoint
10-10-2015 10:56:48 System Checkpoint
11-10-2015 11:07:52 System Checkpoint
12-10-2015 12:01:50 System Checkpoint
13-10-2015 13:00:19 System Checkpoint
14-10-2015 15:08:02 System Checkpoint
15-10-2015 15:09:19 System Checkpoint
17-10-2015 07:10:13 System Checkpoint
18-10-2015 07:58:04 System Checkpoint
19-10-2015 08:53:12 System Checkpoint
20-10-2015 09:00:04 System Checkpoint
21-10-2015 09:32:27 System Checkpoint
22-10-2015 19:48:01 System Checkpoint
24-10-2015 08:14:38 System Checkpoint
24-10-2015 13:56:12 Software Distribution Service 3.0
25-10-2015 07:23:03 Software Distribution Service 3.0
25-10-2015 07:25:08 Software Distribution Service 3.0
25-10-2015 07:35:03 Software Distribution Service 3.0
25-10-2015 07:53:53 Software Distribution Service 3.0
25-10-2015 08:26:12 Software Distribution Service 3.0
25-10-2015 08:39:05 Software Distribution Service 3.0
25-10-2015 21:47:11 Software Distribution Service 3.0
26-10-2015 05:25:03 Software Distribution Service 3.0
26-10-2015 17:13:54 Software Distribution Service 3.0
27-10-2015 17:23:22 System Checkpoint
28-10-2015 17:50:16 System Checkpoint
29-10-2015 18:35:42 System Checkpoint
31-10-2015 11:55:54 System Checkpoint
01-11-2015 14:10:18 System Checkpoint
02-11-2015 16:12:44 System Checkpoint
03-11-2015 18:02:17 System Checkpoint
04-11-2015 13:37:42 Restore Operation
04-11-2015 13:41:47 avast! antivirus system restore point
04-11-2015 13:50:21 Installed Windows XP Wdf01009.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2001-08-23 06:00 - 2015-08-04 05:58 - 00000859 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
144.160.5.48 missl9.vpn.att.com
144.160.7.171 usmiclient.vpn.att.com
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1390067357-926492609-839522115-1003.job => C:\Program Files\Citrix\GoToMeeting\3770\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1390067357-926492609-839522115-1003.job => C:\Program Files\Citrix\GoToMeeting\3770\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
==================== Loaded Modules (Whitelisted) ==============
2014-03-12 14:53 - 2014-03-12 14:53 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2015-05-28 20:06 - 2015-08-11 21:04 - 00102864 _____ () C:\Program Files\Alwil Software\Avast5\log.dll
2015-05-28 20:06 - 2015-08-11 21:04 - 00123976 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll
2015-11-03 06:01 - 2015-11-03 06:01 - 03014608 _____ () C:\Program Files\Alwil Software\Avast5\defs\15110300\algo.dll
2015-11-04 13:51 - 2015-11-04 13:51 - 02989568 _____ () C:\Program Files\Alwil Software\Avast5\defs\15110400\algo.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-05-23 16:05 - 2009-08-16 16:06 - 00141312 _____ () C:\Program Files\WinRAR\rarext.dll
2015-08-10 06:47 - 2015-08-10 06:47 - 00036864 _____ () C:\WINDOWS\system32\pdf995mon.dll
2013-02-17 21:21 - 2012-11-28 11:50 - 00018856 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
2015-03-13 16:23 - 2015-05-28 20:07 - 40540672 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2014-03-07 20:11 - 2007-10-23 16:24 - 01304576 _____ () C:\Program Files\AT&T tReader\treader.exe
2014-03-07 20:11 - 2007-10-23 16:24 - 00434688 _____ () C:\Program Files\AT&T tReader\theme.dll
2015-10-17 07:55 - 2015-10-17 07:55 - 17599688 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\att.com -> hxxps://*.vpn.att.com
IE trusted site: HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\fixme.it -> hxxps://fixme.it
IE trusted site: HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\fujitsu.com -> hxxps://sslvpn2.fai.fujitsu.com
IE trusted site: HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\measureup.com -> measureup.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1390067357-926492609-839522115-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.88.1
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
StandardProfile\AuthorizedApplications: [C:\Program Files\mIRC\mirc.exe] => Enabled:mIRC
StandardProfile\AuthorizedApplications: [C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe] => Enabled:SmartFTP Client 2.0
StandardProfile\AuthorizedApplications: [C:\Hy-Sport\SwMM2\SwimMM2.exe] => Enabled:Swim Meet Manager
StandardProfile\AuthorizedApplications: [D:\C_2010_09_04\Program Files\mIRC\mirc.exe] => Enabled:mIRC
StandardProfile\AuthorizedApplications: [C:\Program Files\NetAcquire\NetAcquire.exe] => Enabled:Play the Acquire board game on the Internet.
StandardProfile\AuthorizedApplications: [C:\Program Files\AT&T Global Network Client\SwiApiMux.exe] => Enabled:SwiApiMux
StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe] => Enabled:KTF MUSIC AoD Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe] => Enabled:KTF MUSIC VoD Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [D:\Program Files\Savings Bond Wizard\SBWizard.exe] => Enabled:Savings Bond Wizard
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\Version8\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\GROOVE.EXE] => Enabled:Microsoft SharePoint Workspace
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE] => Enabled:Microsoft OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft Lync Attendee\AttendeeCommunicator.exe] => Enabled:Lync Attendee
StandardProfile\AuthorizedApplications: [C:\Program Files\Arduino\java\bin\javaw.exe] => Enabled:Java(TM) Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:'Firefox' (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/04/2015 01:40:51 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
Context: Windows Application
Details:
The content index cannot be read. (0xc0041800)
Error: (11/04/2015 01:40:51 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index cannot be read. (0xc0041800)
Error: (11/04/2015 01:40:51 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index cannot be read. (0xc0041800)
Error: (11/04/2015 01:40:51 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.
Context: Windows Application, SystemIndex Catalog
Details:
0xc0041801 (0xc0041801)
Error: (10/30/2015 05:13:59 AM) (Source: Microsoft Office 14) (EventID: 1000) (User: )
Description: Faulting application outlook.exe, version 14.0.7160.5000, stamp 55fb0b2c, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x178bcc58.
Error: (10/28/2015 06:00:46 AM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.
Context: Application, SystemIndex Catalog
Error: (10/26/2015 10:28:52 AM) (Source: Office12ProofingTools) (EventID: 5000) (User: )
Description: office12proofingtoolswinword.exe14.0.7155.5001mssp7en.dll14.0.7107.50001033ignoreonceNILNILNILNIL
Error: (10/26/2015 10:28:51 AM) (Source: Office12ProofingTools) (EventID: 5000) (User: )
Description: office12proofingtoolswinword.exe14.0.7155.5001msgr3en.dll3.1.0.175191033ignoreonceNILNILNILNIL
Error: (10/26/2015 10:28:51 AM) (Source: Office12ProofingTools) (EventID: 5000) (User: )
Description: office12proofingtoolswinword.exe14.0.7149.5000msgr3en.dll3.1.0.175191033acceptsuggestionNILNILNILNIL
Error: (10/26/2015 10:28:51 AM) (Source: Office12ProofingTools) (EventID: 5000) (User: )
Description: office12proofingtoolswinword.exe14.0.7149.5000mssp7en.dll14.0.7107.50001033acceptcsssuggestionNILNILNILNIL
System errors:
=============
Error: (11/04/2015 01:41:12 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
Error: (11/04/2015 01:40:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RadPciNT service failed to start due to the following error:
%%55
Error: (11/04/2015 01:40:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Java Quick Starter service failed to start due to the following error:
%%2
Error: (11/04/2015 01:40:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GemTek USB FM Radio 21 driver service failed to start due to the following error:
%%1058
Error: (11/04/2015 01:40:47 PM) (Source: 0) (EventID: 2) (User: )
Description:
Error: (11/04/2015 01:26:01 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Service Mgr SearchMoreKnow service hung on starting.
Error: (11/04/2015 01:24:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RadPciNT service failed to start due to the following error:
%%55
Error: (11/04/2015 01:24:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Java Quick Starter service failed to start due to the following error:
%%2
Error: (11/04/2015 01:24:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GemTek USB FM Radio 21 driver service failed to start due to the following error:
%%1058
Error: (11/04/2015 01:24:26 PM) (Source: 0) (EventID: 2) (User: )
Description:
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz
Percentage of memory in use: 83%
Total physical RAM: 2009.74 MB
Available physical RAM: 337.37 MB
Total Virtual: 3902.79 MB
Available Virtual: 2250.35 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:298.09 GB) (Free:231.83 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:298.09 GB) (Free:118.69 GB) NTFS ==>[drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: C5ABC5AB)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 3F0C8D80)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-11-04 14:43:13
-----------------------------
14:43:13.515 OS Version: Windows 5.1.2600 Service Pack 3
14:43:13.515 Number of processors: 2 586 0x170A
14:43:13.515 ComputerName: JOE UserName: Dad
14:43:17.812 Initialize success
14:43:17.843 VM: initialized successfully
14:43:17.843 VM: Intel CPU virtualization not supported
14:43:30.000 AVAST engine defs: 15110400
14:43:38.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
14:43:38.968 Disk 0 Vendor: WDC_WD3200AAJB-00WGA0 00.02C01 Size: 305245MB BusType: 3
14:43:38.984 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
14:43:38.984 Disk 1 Vendor: WDC_WD3200AAJB-00WGA0 00.02C01 Size: 305245MB BusType: 3
14:43:39.171 Disk 0 MBR read successfully
14:43:39.171 Disk 0 MBR scan
14:43:39.296 Disk 0 Windows XP default MBR code
14:43:39.296 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305242 MB offset 63
14:43:39.312 Disk 0 default boot code
14:43:39.312 Disk 0 scanning sectors +625137345
14:43:39.390 Disk 0 scanning C:\WINDOWS\system32\drivers
14:44:05.843 Service scanning
14:44:42.203 Modules scanning
14:44:42.218 Disk 0 trace - called modules:
14:44:42.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:44:42.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5dbab8]
14:44:42.234 3 CLASSPNP.SYS[b98e8fd7] -> nt!IofCallDriver -> \Device\00000071[0x8a60ef18]
14:44:42.234 5 ACPI.sys[b977f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a5f6d98]
14:44:45.578 AVAST engine scan C:\WINDOWS
14:45:40.781 AVAST engine scan C:\WINDOWS\system32
14:52:30.937 AVAST engine scan C:\WINDOWS\system32\drivers
14:53:08.515 AVAST engine scan C:\Documents and Settings\Dad
15:40:56.968 AVAST engine scan C:\Documents and Settings\All Users
15:45:07.546 Disk 0 statistics 2879708/0/0 @ 0.47 MB/s
15:45:07.562 Scan finished successfully
15:46:20.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dad\My Documents\Downloads\MBR.dat"
15:46:20.578 The log file has been saved successfully to "C:\Documents and Settings\Dad\My Documents\Downloads\aswMBR.txt"
(END LOGS)
On a Windows XP machine. Problems are an internet browser home page hi-jack, which also opens multiple sub-pages as soon as you go to any web site. Problems started when downloaded and ran the following software:
KeyFinderInstaller.exe (provides keys for installed software)
-and-
WiFiPasswordRevealerInstaller.exe (provides wifipasswords)
both this morning (11-4-2015).
both downloaded from www. magicaljellybean. com (NOT RECOMMENDED!)
One thing I wasn't sure of is whether to post the logs inline in this message or attach. The instructions mention both. I decided to do both. Below (and attached) are the three requested logs, in order:
FRST.txt
Addition.txt
aswMBR.txt
Any questions or actions to take, please let me know. Thank you,
Joe
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:04-11-2015
Ran by Dad (administrator) on JOE (04-11-2015 14:39:15)
Running from C:\Documents and Settings\Dad\My Documents\Downloads
Loaded Profiles: Dad (Available Profiles: Dad & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\AT&T tReader\treader.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19523616 2010-05-07] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [6111824 2015-08-25] (AVAST Software)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\RunOnce: [20150107] => C:\Program Files\Alwil Software\Avast5\setup\emupdate\7dd83ed3-c31e-4525-8913-8cfc68352e80.exe [183232 2015-11-04] (AVAST Software)
HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\Run: [treader.exe] => C:\Program Files\AT&T tReader\treader.exe [1304576 2007-10-23] ()
HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-1390067357-926492609-839522115-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2008-04-13] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2015-08-11] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{2C5F3C20-16B4-4DFC-A15E-75825F4A8998}: [DhcpNameServer] 192.168.88.1
Internet Explorer:
==================
HKU\S-1-5-21-1390067357-926492609-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1390067357-926492609-839522115-1003 -> Default = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.google.com" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1390067357-926492609-839522115-1003 -> DefaultScope {40C1DB81-4E42-4296-B026-A44077934BA1} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADRA_en
SearchScopes: HKU\S-1-5-21-1390067357-926492609-839522115-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1390067357-926492609-839522115-1003 -> {40C1DB81-4E42-4296-B026-A44077934BA1} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADRA_en
SearchScopes: HKU\S-1-5-21-1390067357-926492609-839522115-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll => No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-16] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-08-11] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-16] (Oracle Corporation)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll => No File
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll No File
Toolbar: HKLM - No Name - {00011268-E188-40DF-A514-835FCD78B1BF} - No File
Toolbar: HKU\S-1-5-21-1390067357-926492609-839522115-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} hxxps://gassl10.vpn.att.com/+CSCOL+/relayp.cab
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://missl10.vpn.att.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} hxxps://usmiclient.vpn.att.com/CACHE/stc/3/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {A5A5E1FF-FFEF-3FEF-B592-C6D194F4383F} hxxps://gassl10.vpn.att.com/CACHE/sdesktop/install/binaries/instweb.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} hxxps://gassl10.vpn.att.com/CACHE/sdesktop/install/binaries/instweb.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll [2011-08-10] (Belarc, Inc.)
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\itss.dll [2005-05-26] (Microsoft Corporation)
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\itss.dll [2005-05-26] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\81ilz7pn.default-1443317241296
FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFEScQ4IA11EDAVAJl8VVV1HGBgaeAxaTFpDRAUSd1oNUwgXFhNBNARaB0tXUUEeGGlxR1dMclBCMlpQLFYDRH5NL04=
FF DefaultSearchEngine: Default
FF DefaultSearchEngine.US: Default
FF SelectedSearchEngine: Default
FF Homepage: www.google.com (http://www.google.com)
FF Keyword.URL: hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV0JUA5BQ1EWbQlbB19cFVEVeRQBWQwTDFYRJQkJVlpEEwRFdx9aFQQTR0cFME0FB18EURNNfWpdAEsSSXhMMlxzD1YG&q={searchTerms}
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1390067357-926492609-839522115-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Dad\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-08-27] (Citrix Online)
FF Plugin HKU\S-1-5-21-1390067357-926492609-839522115-1003: @tnt2npapi.com/Plugin -> C:\Documents and Settings\Dad\Local Settings\Application Data\TNT2\2.0.0.1995\npTNT2.dll [No File]
FF user.js: detected! => C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\81ilz7pn.default-1443317241296\user.js [2015-11-04]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npatgpc.dll [2015-02-04] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Dad\Application Data\mozilla\plugins\npatgpc.dll [2015-02-04] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Dad\Application Data\mozilla\plugins\npMeetingJoinPluginAOCUser.dll [2014-05-01] ()
FF SearchPlugin: C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\81ilz7pn.default-1443317241296\searchplugins\default.xml [2015-11-04]
FF SearchPlugin: C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\81ilz7pn.default-1443317241296\searchplugins\search-simple.xml [2015-11-04]
FF Extension: SearchMoreKnow - C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\81ilz7pn.default-1443317241296\Extensions\{44c81f55-fe84-4145-8f1c-0da2c7ea8500}.xpi [2015-11-03] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-11-06] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2015-11-04] [not signed]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff => not found
Chrome:
=======
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHcQgPUVsVFBgTI19eTA0VFwwOeQENAxQSE1ATcQ5bVAtARwIFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE8TkdGC1dXFg=="
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV0JUA5BQ1EWbQlbB19cFVEVeRQBWQwTDFYRJQkJVlpEEwRFdx9aFQQTQkcFME0FBloEURNNfWpdAEsSSXhMMlxzD1YG&q={searchTerms}
CHR DefaultSearchKeyword: Default -> searchinterneat-a.akamaihd.net
CHR DefaultNewTabURL: Default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFEScQ4IA11EDAVAJl8VVV1HGBgaeAxaTFpDRAUSd1oNUwgXFhNBNARaAktXUUEeJ1pNER8fHGZGIUtbCXQeU1BoLlZP
CHR Profile: C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-21]
CHR Extension: (YouTube) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04]
CHR Extension: (Google Search) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-18]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-25]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Gmail) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-18]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-05-28]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [146600 2015-08-11] (AVAST Software)
S3 r_server; C:\WINDOWS\system32\r_server.exe [724992 2004-08-06] () [File not signed]
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [560528 2014-03-12] (Cisco Systems, Inc.)
S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 acsint; C:\WINDOWS\System32\DRIVERS\acsint.sys [40304 2014-03-12] (Cisco Systems, Inc.)
S3 acsmux; C:\WINDOWS\System32\DRIVERS\acsmux.sys [58736 2014-03-12] (Cisco Systems, Inc.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-08-11] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-08-11] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-08-11] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-08-11] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788784 2015-08-11] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433264 2015-08-11] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [161472 2015-08-11] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-08-11] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-08-11] (AVAST Software)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2011-08-09] () [File not signed]
S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5315 2005-05-17] (Cisco Systems, Inc.)
S4 DLPortIO; C:\WINDOWS\System32\DRIVERS\DLPortIO.sys [3584 1999-01-10] () [File not signed]
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
R2 giveio; C:\WINDOWS\system32\drivers\giveio.sys [5248 1996-05-13] () [File not signed]
S3 HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [907456 2001-08-17] (Conexant)
S3 mcdbus; C:\WINDOWS\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
S3 mirrorv3; C:\WINDOWS\System32\DRIVERS\rminiv3.sys [3328 2010-04-21] (Famatech International Corp.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R1 oxmf; C:\WINDOWS\System32\DRIVERS\oxmf.sys [15779 2003-06-26] (Lite-On Technology Corporation.)
S3 Oxmfuf; C:\WINDOWS\System32\DRIVERS\oxmfuf.sys [5111 2003-06-26] (Lite-On Technology Corporation.)
R1 oxpar; C:\WINDOWS\System32\DRIVERS\oxpar.sys [76800 2003-12-25] (Lite-On Technology Corporation.)
S1 oxser; C:\WINDOWS\System32\DRIVERS\oxser.sys [51269 2003-06-26] (Lite-On Technology Corporation.)
S2 RadPciNT; C:\WINDOWS\system32\Drivers\RadPciNT.sys [9417 2000-04-24] (MediaForte Products Pte. Ltd.) [File not signed]
R2 ScFBPNT; C:\WINDOWS\system32\drivers\ScFBPNT.SYS [16288 2000-02-08] () [File not signed]
R3 teamviewervpn; C:\WINDOWS\System32\DRIVERS\teamviewervpn.sys [25088 2012-11-28] (TeamViewer GmbH)
S2 USBRADIO; C:\WINDOWS\System32\Drivers\USBRADIO.sys [49444 2000-03-31] (GemTek Technology Co. LTD.) [File not signed]
R3 WmBEnum; C:\WINDOWS\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\WINDOWS\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
S3 WmVirHid; C:\WINDOWS\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\WINDOWS\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
S3 avpnnic; system32\DRIVERS\avpnnic.sys [X]
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S3 vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys [X]
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Three Months Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-04 14:36 - 2015-11-04 14:39 - 00000000 ____D C:\FRST
2015-11-04 14:03 - 2015-11-04 14:03 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-11-04 13:50 - 2015-11-04 13:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-11-04 13:48 - 2015-11-04 13:48 - 00000000 ____D C:\WINDOWS\LastGood
2015-11-04 13:46 - 2015-08-11 21:04 - 00788784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw256.tmp
2015-11-04 13:46 - 2015-08-11 21:04 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw25D.tmp
2015-11-04 13:46 - 2015-08-11 21:04 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw25F.tmp
2015-11-04 13:46 - 2015-08-11 21:04 - 00161472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw260.tmp
2015-11-04 13:46 - 2015-08-11 21:04 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw25B.tmp
2015-11-04 13:46 - 2015-08-11 21:04 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw261.tmp
2015-11-04 13:46 - 2015-08-11 21:04 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw258.tmp
2015-11-04 13:46 - 2015-08-11 21:04 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw25C.tmp
2015-11-04 13:46 - 2015-08-11 21:04 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw259.tmp
2015-11-04 13:44 - 2015-08-11 21:04 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-11-04 13:38 - 2015-11-04 14:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-11-04 07:49 - 2015-11-04 13:40 - 00000000 ____D C:\Program Files\Common Files\3a08aecf-996c-434c-872d-c3768a6d9134
2015-11-04 07:49 - 2015-11-04 13:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\3a08aecf-996c-434c-872d-c3768a6d9134
2015-11-04 07:49 - 2015-11-04 13:38 - 00000000 ____D C:\Program Files\SearchMoreKnow
2015-11-04 07:49 - 2015-11-04 13:38 - 00000000 ____D C:\Program Files\Magical Jelly Bean
2015-11-04 07:49 - 2015-11-04 13:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\KeyFinder
2015-11-04 07:49 - 2015-11-04 07:49 - 00001222 _____ C:\search-simple.xml
2015-10-12 17:25 - 2015-10-12 17:26 - 00000149 _____ C:\Documents and Settings\Dad\Desktop\TV repair.url
2015-10-09 05:59 - 2015-10-09 05:58 - 00069908 ____H C:\WINDOWS\Minidump\Mini100915-01.dmp
2015-10-08 06:19 - 2015-10-08 06:18 - 00069908 ____H C:\WINDOWS\Minidump\Mini100815-01.dmp
2015-10-07 05:55 - 2015-10-07 05:51 - 00069908 ____H C:\WINDOWS\Minidump\Mini100715-01.dmp
2015-09-26 19:27 - 2015-09-26 19:27 - 00000000 ____D C:\Documents and Settings\Dad\Desktop\Old Firefox Data
2015-09-25 20:57 - 2015-09-25 20:57 - 00000118 _____ C:\Documents and Settings\Dad\Desktop\card odds.url
2015-09-24 09:14 - 2015-09-24 09:14 - 00000282 _____ C:\Documents and Settings\Dad\Desktop\cherry master.url
2015-09-22 08:03 - 2015-09-22 08:03 - 00000126 _____ C:\Documents and Settings\Dad\Desktop\A&A John Lewis.url
2015-09-19 11:07 - 2015-09-19 11:12 - 00000000 ____D C:\Documents and Settings\Dad\Application Data\dvdcss
2015-09-18 12:39 - 2015-09-18 12:39 - 00000135 _____ C:\Documents and Settings\Dad\Desktop\website forums3.url
2015-09-18 12:38 - 2015-09-18 12:38 - 00000164 _____ C:\Documents and Settings\Dad\Desktop\website forums.url
2015-09-18 12:38 - 2015-09-18 12:38 - 00000115 _____ C:\Documents and Settings\Dad\Desktop\website forums2.url
2015-09-17 14:20 - 2015-09-17 14:20 - 00000347 _____ C:\Documents and Settings\Dad\My Documents\.htaccess
2015-09-16 05:04 - 2015-09-16 05:04 - 00000000 ____D C:\Program Files\Common Files\Java
2015-09-16 05:03 - 2015-09-16 05:03 - 00000000 ____D C:\Documents and Settings\Dad\.oracle_jre_usage
2015-09-14 18:23 - 2015-09-18 08:39 - 00001692 _____ C:\Documents and Settings\All Users\Start Menu\Full Flush Poker 8.2.lnk
2015-09-14 18:23 - 2015-09-14 18:24 - 00000000 ____D C:\Program Files\Full Flush Poker 8.2
2015-09-14 18:23 - 2015-09-14 18:23 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Full Flush Poker 8.2
2015-08-29 11:03 - 2015-08-29 11:03 - 00000114 _____ C:\Documents and Settings\Dad\Desktop\D&D Surplus.url
2015-08-24 05:53 - 2015-08-24 05:53 - 00000126 _____ C:\Documents and Settings\Dad\Desktop\Quantum front glass.url
2015-08-23 12:19 - 2015-08-23 12:19 - 00000731 _____ C:\Documents and Settings\Dad\Desktop\VLC media player.lnk
2015-08-18 20:35 - 2015-08-18 20:35 - 00000130 _____ C:\Documents and Settings\Dad\Desktop\Windows.url
2015-08-12 17:07 - 2015-08-12 17:08 - 00000246 _____ C:\Documents and Settings\Dad\Desktop\recycle.url
2015-08-11 21:05 - 2015-08-11 21:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$
2015-08-11 21:05 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2015-08-11 21:04 - 2015-11-04 13:50 - 00130612 _____ C:\WINDOWS\Wdf01009Inst.log
2015-08-11 21:04 - 2015-08-11 21:04 - 00161472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-08-11 21:04 - 2015-08-11 21:04 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-08-10 07:31 - 2015-08-10 07:32 - 00000000 ____D C:\Documents and Settings\Dad\Application Data\pdf995
2015-08-10 07:31 - 2015-08-10 07:31 - 00000028 _____ C:\WINDOWS\pdf995.ini
2015-08-10 07:31 - 2015-08-10 07:31 - 00000000 ____D C:\Documents and Settings\Dad\Local Settings\Application Data\pdf995
2015-08-10 06:48 - 2007-08-24 10:13 - 00000142 _____ C:\WINDOWS\wpd99.drv
2015-08-10 06:47 - 2015-11-04 13:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\pdf995
2015-08-10 06:47 - 2015-08-10 06:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Software995
2015-08-10 06:47 - 2015-08-10 06:47 - 01667072 _____ (TODO: <Company name>) C:\WINDOWS\system32\pdfmona.dll
2015-08-10 06:47 - 2015-08-10 06:47 - 00036864 _____ C:\WINDOWS\system32\pdf995mon.dll
==================== Three Months Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-04 14:40 - 2010-09-05 12:30 - 00000000 ____D C:\Documents and Settings\Dad\Local Settings\Temp
2015-11-04 14:15 - 2010-09-05 12:15 - 01737484 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-04 14:14 - 2014-08-27 15:56 - 00000510 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1390067357-926492609-839522115-1003.job
2015-11-04 14:03 - 2014-06-03 20:55 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-04 14:03 - 2014-06-03 20:55 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-11-04 13:56 - 2014-06-04 19:57 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-04 13:55 - 2013-10-30 15:41 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-04 13:50 - 2014-11-18 09:10 - 00001700 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2015-11-04 13:50 - 2010-12-31 10:00 - 00819640 _____ C:\WINDOWS\setupapi.log
2015-11-04 13:47 - 2012-07-11 15:38 - 00000318 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-11-04 13:42 - 2015-05-30 10:25 - 00000606 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1390067357-926492609-839522115-1003.job
2015-11-04 13:41 - 2001-08-23 06:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-11-04 13:40 - 2014-06-04 19:57 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-04 13:40 - 2014-03-06 22:25 - 00000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-11-04 13:40 - 2010-09-05 12:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-04 13:40 - 2010-09-05 03:58 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-11-04 13:40 - 2010-09-05 03:58 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-11-04 13:39 - 2013-01-15 20:27 - 00000000 ____D C:\Documents and Settings\Administrator
2015-11-04 13:39 - 2010-09-05 12:30 - 00000000 ____D C:\Documents and Settings\Dad
2015-11-04 13:39 - 2010-09-05 12:28 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-11-04 13:39 - 2010-09-05 12:18 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-11-04 13:39 - 2010-09-05 12:13 - 00000000 ____D C:\WINDOWS\Registration
2015-11-04 13:38 - 2014-02-05 06:16 - 00000000 ____D C:\sys7y6
2015-11-04 13:37 - 2013-06-30 21:56 - 03997696 _____ C:\WINDOWS\system32\config\ACVPN.evt
2015-11-04 13:37 - 2010-09-05 12:28 - 00032640 _____ C:\WINDOWS\SchedLgU.Txt
2015-11-04 09:06 - 2014-10-02 17:46 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2015-11-02 21:47 - 2010-09-05 12:30 - 00000178 ___SH C:\Documents and Settings\Dad\ntuser.ini
2015-11-02 14:40 - 2015-02-17 22:36 - 00000000 ____D C:\Program Files\PokerStars
2015-11-01 06:53 - 2010-09-05 03:56 - 01407864 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-29 06:05 - 2010-09-05 03:55 - 00176737 _____ C:\WINDOWS\setupact.log
2015-10-26 17:14 - 2010-09-11 09:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-10-26 06:19 - 2012-11-15 17:22 - 00000000 ____D C:\Program Files\Savings Bond Wizard
2015-10-25 07:41 - 2013-08-12 18:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-25 07:35 - 2010-09-10 15:47 - 141105520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-24 13:59 - 2001-08-23 06:00 - 00000618 _____ C:\WINDOWS\win.ini
2015-10-24 13:57 - 2010-09-05 12:13 - 00000063 _____ C:\WINDOWS\vbaddin.ini
2015-10-17 07:55 - 2013-10-30 15:41 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-10-17 07:55 - 2013-10-30 15:41 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-10-17 07:28 - 2014-03-07 20:11 - 00000000 ____D C:\Program Files\AT&T tReader
2015-10-14 11:33 - 2015-01-07 12:19 - 00003209 _____ C:\Documents and Settings\Dad\Desktop\myAT&T.lnk
2015-10-14 11:33 - 2015-01-07 12:19 - 00000000 ____D C:\Documents and Settings\Dad\Start Menu\Programs\AT&T Connect
2015-10-11 19:45 - 2011-05-03 16:54 - 00000000 ____D C:\Program Files\mIRC
2015-10-09 05:59 - 2011-09-12 16:05 - 00000000 ____D C:\WINDOWS\Minidump
2015-10-08 14:00 - 2014-03-06 22:25 - 00000212 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
==================== Files in the root of some directories =======
2011-12-28 11:20 - 2011-12-28 11:20 - 0002528 _____ () C:\Documents and Settings\Dad\Application Data\$_hpcst$.hpc
2011-12-14 17:16 - 2014-11-15 15:53 - 0003584 _____ () C:\Documents and Settings\Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
C:\Documents and Settings\Dad\Local Settings\Temp\20130714052212265jniverify.dll
C:\Documents and Settings\Dad\Local Settings\Temp\20130714054412734jniverify.dll
C:\Documents and Settings\Dad\Local Settings\Temp\AMPing.exe
C:\Documents and Settings\Dad\Local Settings\Temp\BetOnline Updater.exe
C:\Documents and Settings\Dad\Local Settings\Temp\CitrixOnlineLauncher.exe
C:\Documents and Settings\Dad\Local Settings\Temp\CSDJavaInstaller.dll
C:\Documents and Settings\Dad\Local Settings\Temp\CSDWebLaunch.exe
C:\Documents and Settings\Dad\Local Settings\Temp\cstub.exe
C:\Documents and Settings\Dad\Local Settings\Temp\dsHostCheckerSetup.exe
C:\Documents and Settings\Dad\Local Settings\Temp\fp_pl_pfs_installer.exe
C:\Documents and Settings\Dad\Local Settings\Temp\Full Flush Poker Updater.exe
C:\Documents and Settings\Dad\Local Settings\Temp\GdiPlus.dll
C:\Documents and Settings\Dad\Local Settings\Temp\GLF8.tmp.tbElf_.dll
C:\Documents and Settings\Dad\Local Settings\Temp\InstallerMessageBox.exe
C:\Documents and Settings\Dad\Local Settings\Temp\InstallManager_BAB_BAB.exe
C:\Documents and Settings\Dad\Local Settings\Temp\install_flashplayer14x32au_mssa_aaa_aih.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-6u32-windows-i586-iftw.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-6u33-windows-i586-iftw.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-7u11-windows-i586-iftw.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-7u13-windows-i586-iftw.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Dad\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
C:\Documents and Settings\Dad\Local Settings\Temp\mirc71.exe
C:\Documents and Settings\Dad\Local Settings\Temp\miunst_.exe
C:\Documents and Settings\Dad\Local Settings\Temp\NPSInstallerProxy.exe
C:\Documents and Settings\Dad\Local Settings\Temp\NPSInstallerProxyMessageBoxHookDll.dll
C:\Documents and Settings\Dad\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\Dad\Local Settings\Temp\ose00001.exe
C:\Documents and Settings\Dad\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Dad\Local Settings\Temp\Relay.dll
C:\Documents and Settings\Dad\Local Settings\Temp\sbwcrv.exe
C:\Documents and Settings\Dad\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Dad\Local Settings\Temp\tbWhit.dll
C:\Documents and Settings\Dad\Local Settings\Temp\vlc-2.1.5-win32.exe
C:\Documents and Settings\Dad\Local Settings\Temp\vlc-2.2.1-win32.exe
C:\Documents and Settings\Dad\Local Settings\Temp\wget.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:04-11-2015
Ran by Dad (2015-11-04 14:41:11)
Running from C:\Documents and Settings\Dad\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2010-09-05 18:17:31)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1390067357-926492609-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1390067357-926492609-839522115-1006 - Limited - Enabled)
Dad (S-1-5-21-1390067357-926492609-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Dad
Guest (S-1-5-21-1390067357-926492609-839522115-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1390067357-926492609-839522115-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1390067357-926492609-839522115-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Arcade Tournament Manager (HKLM\...\{E27E085D-DAEE-41D1-B047-42DC8A01F545}) (Version: 1.7.4.0 - Danesi Designs)
ArcSoft Camera Suite (HKLM\...\{4677AAF8-8D7A-4EE2-BCE4-0068BB052353}) (Version: - )
Arduino (HKLM\...\Arduino) (Version: 1.6.3 - Arduino LLC)
AT&T Connect Participant Application v9.5.51 (HKLM\...\{E42E8753-9A8E-48E9-9829-B3571D91A945}) (Version: 9.5.51 - AT&T Inc.)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.3.2225 - AVAST Software)
Belarc Advisor 8.2 (HKLM\...\Belarc Advisor) (Version: 8.2.6.0 - Belarc Inc.)
Camera Window (Version: 4.0 - Canon) Hidden
Canon Camera WIA Driver (Version: 5.0.0 - Canon) Hidden
Canon Camera Window for ZoomBrowser EX (HKLM\...\InstallShield_{2D6BDF3A-6BDB-4169-909F-E882F23AB795}) (Version: 4.0 - Canon)
Canon PhotoRecord (HKLM\...\PhotoRecord) (Version: - )
Canon PowerShot S45 WIA Driver (HKLM\...\InstallShield_{25E671BE-87A0-40F1-ABE5-BCBC6E65B0F5}) (Version: 5.0.0 - Canon)
Canon Utilities FileViewerUtility 1.0 (HKLM\...\InstallShield_{0627E8E9-6822-4A5E-9225-286741CDC3E4}) (Version: 1.0 - Canon)
Canon Utilities PhotoStitch 3.1 (HKLM\...\InstallShield_{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}) (Version: 3.1.8 - Canon)
Canon Utilities RemoteCapture 2.6 (HKLM\...\InstallShield_{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}) (Version: 2.6.0 - Your Company Name)
Canon Utilities ZoomBrowser EX (HKLM\...\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}) (Version: 04.00.00024 - CISRA)
Catan Online World (HKLM\...\Catan Online Welt) (Version: 3.728 - Catan GmbH)
Cisco AnyConnect Secure Mobility Client (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05160 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.05160 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{3D5F07C3-1B93-47F8-9F8A-DE8E47BF1669}) (Version: 1.0.209 - Citrix)
Data Fax SoftModem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: - )
eShield Browser Security (HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\{5FD52900-79EB-488E-910D-DDFEB09AC8A6}) (Version: - eShield) <==== ATTENTION
FileViewerUtility 1.0 (Version: 1.0 - Canon) Hidden
Full Flush Poker 8.2 (HKLM\...\Full Flush Poker 8.2) (Version: 8.2.12.201509140800 - Full Flush Poker)
Google Chrome (HKLM\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
GoToMeeting 7.4.1.3770 (HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\GoToMeeting) (Version: 7.4.1.3770 - CitrixOnline)
H&R Block Deluxe + Efile + State 2014 (HKLM\...\{BDA77C08-60A6-4AAB-B5A9-849ECF399A49}) (Version: 14.05.7401 - HRB Technology, LLC.)
H&R Block Illinois 2014 (HKLM\...\{1B7D02B3-464B-4870-83AF-9FC76A8C8554}) (Version: 1.14.3401 - HRB Technology, LLC.)
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
Image Resizer Powertoy for Windows XP (HKLM\...\{1CB92574-96F2-467B-B793-5CEB35C40C29}) (Version: 1.00.0001 - Microsoft Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5273 - Intel Corporation)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Juniper Networks Host Checker (HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\Neoteris_Host_Checker) (Version: 7.1.0.18193 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\Juniper_Setup_Client) (Version: 7.1.2.10059 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
LivePix 1.1 SE (HKLM\...\LivePix) (Version: - )
Logitech Gaming Software 5.10 (HKLM\...\{60D32CDC-E3BE-4578-BA10-29322307CDDC}) (Version: 5.10.127 - Logitech)
MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version: - )
Max Loader 4.6r (HKLM\...\Max Loader_is1) (Version: - EETools, Inc.)
MeasureUp Certification Preparation (HKLM\...\InstallShield_{B9DF865A-C1BD-4DFD-9FF5-9CA5C6E23415}) (Version: 10.03 - MeasureUp Inc.)
MeasureUp Practice Tests (HKLM\...\InstallShield_{1B53F089-10BA-4538-B977-8CF8A5343E04}) (Version: 10.03 - MeasureUp Inc.)
MeasureUp Practice Tests (Version: 10.03 - MeasureUp Inc.) Hidden
MEET MANAGER 2.0 for Swimming (HKLM\...\{7CE480FF-5B49-490E-BC18-1C663ECC0B61}) (Version: 1.00.0001 - Sports-Tek Software)
MEET MANAGER 3.0 for Swimming (HKLM\...\{ED1D569E-3DA4-4D59-A1C2-80DFF72C962F}) (Version: 1.00.0001 - HY-TEK Sports Software)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Lync 2010 Attendee (HKLM\...\{6F72D695-5188-4484-B21E-E16CD89C4008}) (Version: 4.0.7577.4446 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version: - )
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
mIRC (HKLM\...\mIRC) (Version: - )
Mozilla Firefox 42.0 (x86 en-US) (HKLM\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Password Safe 1.7.1 (HKLM\...\{9886C963-FB48-4C58-8E75-64816F220D1D}) (Version: 1.7.1 - SBC)
Pdf995 (installed by H&R Block) (HKLM\...\Pdf995) (Version: - )
PdfEdit995 (installed by H&R Block) (HKLM\...\PdfEdit995) (Version: - )
PhotoStitch (Version: 3.1.8 - Canon) Hidden
PokerStars (HKLM\...\PokerStars) (Version: - PokerStars)
Radiator (remove only) (HKLM\...\Radiator) (Version: - )
Radmin Viewer 3.4 (HKLM\...\{2517B7EA-6C03-4D86-A1B1-F3FE1C3BC03B}) (Version: 3.41.0000 - Famatech)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.30.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6106 - Realtek Semiconductor Corp.)
Remote Administrator v2.2 (HKLM\...\Remote Administrator v2.2) (Version: - )
RemoteCapture 2.6 (Version: 2.6.0 - Your Company Name) Hidden
Revo Uninstaller Pro 2.5.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.9 - VS Revo Group, Ltd.)
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Savings Bond Wizard (HKLM\...\Savings Bond Wizard) (Version: - )
ScanCraft CS-P (HKLM\...\ScanCraft CS-P) (Version: - )
SecureAuthOTP (HKLM\...\{21CBD08B-1E83-4D4B-B1FE-BB5424245BB5}) (Version: 1.11.0000 - SecureAuth)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SketchUp 2013 (HKLM\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
SketchUp 2014 (HKLM\...\{A608A8D3-E77C-4BEE-8F2A-F8124F5F0FE2}) (Version: 14.0.4900 - Trimble Navigation Limited)
SmartFTP Client 2.0 (HKLM\...\{C169D3BB-9A27-43F5-9979-09A0D65FE95C}) (Version: 2.0.1000 - SmartFTP)
SmartFTP Client 2.0 Setup Files (remove only) (HKLM\...\SmartFTP Client 2.0 Setup Files) (Version: "2.0" - "SmartFTP")
Snagit 10 (HKLM\...\{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}) (Version: 10.0.0 - TechSmith Corporation)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
StudioLine Photo (HKLM\...\StudioLine Photo) (Version: - )
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{01E0A80A-97FD-4FC2-B75D-C754396CD255}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}\InprocServer32 -> C:\Program Files\TNT2\TNT2UserPS.dll => No File
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{156B30E4-2D3D-4257-A340-9BDD2E972E2E}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\Video2ActiveXWnd.ocx ()
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{2115F58A-CE09-47CC-A0B1-A8A2EC0C5423}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{638B203F-8FB6-49ec-A139-AB8C530F0CAB}\MSPowerPoint.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{48A60FE8-C446-4371-95EB-258B14DCC5AC}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{18AA4E21-D540-4a3a-9F9F-E6DE33D6F253}\MSExcel.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88}\localserver32 -> "C:\Documents and Settings\Dad\Local Settings\Application Data\TNT2\2.0.0.1995\TNT2User.exe" => No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{5A31DC2C-BC50-4F71-93B8-2EC648404AF3}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\Video2ActiveXWnd.ocx ()
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{7949C823-54C6-40F0-8D85-2348247E6820}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Utilities\IWMaterials.ocx (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{795B06EA-58E8-482C-AF11-A7E4E34DA16F}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{7A162288-DE78-473C-A6BA-23FF17F768E9}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1440\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{88BE9158-3A40-4907-B2F0-7E72496A9596}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{8A3C5585-D1ED-4EC0-B3C4-94998094E5BB}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{8CC82228-2200-4D22-9859-B762582F6D31}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{CC9F903E-1C4B-4596-B410-982107EC4899}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{DE471660-5535-47A8-949A-9DA95A72951F}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Utilities\IWMaterials.ocx (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{E169D2B5-9411-47B9-A473-345A3FB57090}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{F4A2332C-B453-4424-A142-AB9C51BAE2AF}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{F8ACB9F2-2A7D-4261-AA37-A39448C23CAE}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\dsoframer.ocx (AT&T Inc.)
==================== Restore Points =========================
06-08-2015 21:33:44 System Checkpoint
06-08-2015 22:31:01 Software Distribution Service 3.0
07-08-2015 22:48:46 System Checkpoint
07-08-2015 23:35:54 Software Distribution Service 3.0
08-08-2015 22:14:06 Software Distribution Service 3.0
09-08-2015 22:37:28 Software Distribution Service 3.0
10-08-2015 06:48:03 Printer Driver PDF995 Printer Driver Installed
10-08-2015 22:19:20 Software Distribution Service 3.0
11-08-2015 21:04:01 avast! antivirus system restore point
11-08-2015 21:05:39 Installed Windows XP Wdf01009.
11-08-2015 22:03:06 Software Distribution Service 3.0
12-08-2015 21:55:05 Software Distribution Service 3.0
12-08-2015 23:14:20 Software Distribution Service 3.0
13-08-2015 21:48:31 Software Distribution Service 3.0
14-08-2015 05:24:09 Software Distribution Service 3.0
14-08-2015 22:43:58 Software Distribution Service 3.0
15-08-2015 23:08:27 System Checkpoint
16-08-2015 02:00:17 Software Distribution Service 3.0
16-08-2015 21:10:45 Software Distribution Service 3.0
17-08-2015 21:19:39 System Checkpoint
17-08-2015 21:37:32 Software Distribution Service 3.0
17-08-2015 22:00:48 Software Distribution Service 3.0
17-08-2015 22:32:23 Software Distribution Service 3.0
18-08-2015 21:47:58 Software Distribution Service 3.0
18-08-2015 21:55:59 Software Distribution Service 3.0
18-08-2015 22:16:55 Software Distribution Service 3.0
19-08-2015 05:48:08 Software Distribution Service 3.0
19-08-2015 06:18:04 Software Distribution Service 3.0
19-08-2015 06:25:38 Software Distribution Service 3.0
19-08-2015 19:24:33 Software Distribution Service 3.0
19-08-2015 19:55:52 Software Distribution Service 3.0
19-08-2015 21:43:31 Software Distribution Service 3.0
20-08-2015 21:29:27 Software Distribution Service 3.0
21-08-2015 22:15:46 Software Distribution Service 3.0
21-08-2015 22:18:40 Software Distribution Service 3.0
22-08-2015 22:45:35 System Checkpoint
23-08-2015 02:00:16 Software Distribution Service 3.0
23-08-2015 21:06:47 Software Distribution Service 3.0
24-08-2015 21:43:56 Software Distribution Service 3.0
24-08-2015 22:19:04 Software Distribution Service 3.0
25-08-2015 10:17:39 Software Distribution Service 3.0
25-08-2015 22:19:44 Software Distribution Service 3.0
26-08-2015 19:39:01 Software Distribution Service 3.0
26-08-2015 21:23:34 Software Distribution Service 3.0
27-08-2015 21:51:18 Software Distribution Service 3.0
28-08-2015 19:32:16 Software Distribution Service 3.0
28-08-2015 22:49:37 Software Distribution Service 3.0
29-08-2015 15:06:00 Software Distribution Service 3.0
30-08-2015 02:00:16 Software Distribution Service 3.0
30-08-2015 22:06:42 Software Distribution Service 3.0
31-08-2015 21:26:35 Software Distribution Service 3.0
01-09-2015 21:49:26 System Checkpoint
01-09-2015 22:00:56 Software Distribution Service 3.0
02-09-2015 21:35:59 Software Distribution Service 3.0
02-09-2015 21:42:06 Software Distribution Service 3.0
03-09-2015 07:35:43 Software Distribution Service 3.0
03-09-2015 07:42:52 Software Distribution Service 3.0
03-09-2015 22:02:08 Software Distribution Service 3.0
04-09-2015 22:01:23 Software Distribution Service 3.0
05-09-2015 22:06:04 Software Distribution Service 3.0
05-09-2015 22:11:03 Software Distribution Service 3.0
05-09-2015 22:16:39 Software Distribution Service 3.0
05-09-2015 22:18:13 Software Distribution Service 3.0
06-09-2015 11:27:13 Software Distribution Service 3.0
06-09-2015 22:03:20 Software Distribution Service 3.0
07-09-2015 22:08:30 Software Distribution Service 3.0
08-09-2015 21:53:50 Software Distribution Service 3.0
09-09-2015 21:20:20 Software Distribution Service 3.0
09-09-2015 21:22:30 Software Distribution Service 3.0
10-09-2015 05:02:39 Software Distribution Service 3.0
10-09-2015 22:18:21 Software Distribution Service 3.0
11-09-2015 22:21:48 Software Distribution Service 3.0
12-09-2015 22:49:51 Software Distribution Service 3.0
13-09-2015 22:17:29 Software Distribution Service 3.0
14-09-2015 08:01:30 Software Distribution Service 3.0
14-09-2015 08:18:31 Software Distribution Service 3.0
14-09-2015 09:27:38 Software Distribution Service 3.0
14-09-2015 09:46:20 Software Distribution Service 3.0
14-09-2015 10:00:52 Software Distribution Service 3.0
14-09-2015 20:01:00 Software Distribution Service 3.0
15-09-2015 20:11:08 System Checkpoint
15-09-2015 21:46:14 Software Distribution Service 3.0
16-09-2015 08:23:25 Software Distribution Service 3.0
16-09-2015 21:38:56 Software Distribution Service 3.0
17-09-2015 21:36:51 Software Distribution Service 3.0
18-09-2015 22:11:16 System Checkpoint
18-09-2015 22:13:45 Software Distribution Service 3.0
19-09-2015 21:03:09 Software Distribution Service 3.0
20-09-2015 06:04:34 Software Distribution Service 3.0
20-09-2015 22:36:11 Software Distribution Service 3.0
21-09-2015 09:21:00 Software Distribution Service 3.0
21-09-2015 09:28:43 Software Distribution Service 3.0
21-09-2015 09:29:24 Software Distribution Service 3.0
21-09-2015 10:42:42 Software Distribution Service 3.0
21-09-2015 21:05:13 Software Distribution Service 3.0
22-09-2015 21:48:01 Software Distribution Service 3.0
23-09-2015 07:40:23 Software Distribution Service 3.0
23-09-2015 21:48:45 Software Distribution Service 3.0
24-09-2015 05:01:25 Software Distribution Service 3.0
24-09-2015 22:16:34 Software Distribution Service 3.0
25-09-2015 21:00:01 Software Distribution Service 3.0
25-09-2015 21:02:39 Software Distribution Service 3.0
26-09-2015 05:09:09 Software Distribution Service 3.0
26-09-2015 21:49:19 Software Distribution Service 3.0
27-09-2015 22:46:30 Software Distribution Service 3.0
28-09-2015 21:37:54 Software Distribution Service 3.0
29-09-2015 20:38:46 Software Distribution Service 3.0
29-09-2015 21:44:19 Software Distribution Service 3.0
30-09-2015 20:07:52 Software Distribution Service 3.0
01-10-2015 20:12:48 System Checkpoint
01-10-2015 21:47:44 Software Distribution Service 3.0
02-10-2015 22:08:36 Software Distribution Service 3.0
03-10-2015 23:02:14 Software Distribution Service 3.0
04-10-2015 21:47:21 Software Distribution Service 3.0
06-10-2015 06:00:12 System Checkpoint
07-10-2015 06:37:02 System Checkpoint
08-10-2015 10:01:48 System Checkpoint
09-10-2015 10:37:38 System Checkpoint
10-10-2015 10:56:48 System Checkpoint
11-10-2015 11:07:52 System Checkpoint
12-10-2015 12:01:50 System Checkpoint
13-10-2015 13:00:19 System Checkpoint
14-10-2015 15:08:02 System Checkpoint
15-10-2015 15:09:19 System Checkpoint
17-10-2015 07:10:13 System Checkpoint
18-10-2015 07:58:04 System Checkpoint
19-10-2015 08:53:12 System Checkpoint
20-10-2015 09:00:04 System Checkpoint
21-10-2015 09:32:27 System Checkpoint
22-10-2015 19:48:01 System Checkpoint
24-10-2015 08:14:38 System Checkpoint
24-10-2015 13:56:12 Software Distribution Service 3.0
25-10-2015 07:23:03 Software Distribution Service 3.0
25-10-2015 07:25:08 Software Distribution Service 3.0
25-10-2015 07:35:03 Software Distribution Service 3.0
25-10-2015 07:53:53 Software Distribution Service 3.0
25-10-2015 08:26:12 Software Distribution Service 3.0
25-10-2015 08:39:05 Software Distribution Service 3.0
25-10-2015 21:47:11 Software Distribution Service 3.0
26-10-2015 05:25:03 Software Distribution Service 3.0
26-10-2015 17:13:54 Software Distribution Service 3.0
27-10-2015 17:23:22 System Checkpoint
28-10-2015 17:50:16 System Checkpoint
29-10-2015 18:35:42 System Checkpoint
31-10-2015 11:55:54 System Checkpoint
01-11-2015 14:10:18 System Checkpoint
02-11-2015 16:12:44 System Checkpoint
03-11-2015 18:02:17 System Checkpoint
04-11-2015 13:37:42 Restore Operation
04-11-2015 13:41:47 avast! antivirus system restore point
04-11-2015 13:50:21 Installed Windows XP Wdf01009.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2001-08-23 06:00 - 2015-08-04 05:58 - 00000859 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
144.160.5.48 missl9.vpn.att.com
144.160.7.171 usmiclient.vpn.att.com
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1390067357-926492609-839522115-1003.job => C:\Program Files\Citrix\GoToMeeting\3770\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1390067357-926492609-839522115-1003.job => C:\Program Files\Citrix\GoToMeeting\3770\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
==================== Loaded Modules (Whitelisted) ==============
2014-03-12 14:53 - 2014-03-12 14:53 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2015-05-28 20:06 - 2015-08-11 21:04 - 00102864 _____ () C:\Program Files\Alwil Software\Avast5\log.dll
2015-05-28 20:06 - 2015-08-11 21:04 - 00123976 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll
2015-11-03 06:01 - 2015-11-03 06:01 - 03014608 _____ () C:\Program Files\Alwil Software\Avast5\defs\15110300\algo.dll
2015-11-04 13:51 - 2015-11-04 13:51 - 02989568 _____ () C:\Program Files\Alwil Software\Avast5\defs\15110400\algo.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-05-23 16:05 - 2009-08-16 16:06 - 00141312 _____ () C:\Program Files\WinRAR\rarext.dll
2015-08-10 06:47 - 2015-08-10 06:47 - 00036864 _____ () C:\WINDOWS\system32\pdf995mon.dll
2013-02-17 21:21 - 2012-11-28 11:50 - 00018856 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
2015-03-13 16:23 - 2015-05-28 20:07 - 40540672 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2014-03-07 20:11 - 2007-10-23 16:24 - 01304576 _____ () C:\Program Files\AT&T tReader\treader.exe
2014-03-07 20:11 - 2007-10-23 16:24 - 00434688 _____ () C:\Program Files\AT&T tReader\theme.dll
2015-10-17 07:55 - 2015-10-17 07:55 - 17599688 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\att.com -> hxxps://*.vpn.att.com
IE trusted site: HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\fixme.it -> hxxps://fixme.it
IE trusted site: HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\fujitsu.com -> hxxps://sslvpn2.fai.fujitsu.com
IE trusted site: HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\measureup.com -> measureup.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1390067357-926492609-839522115-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.88.1
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
StandardProfile\AuthorizedApplications: [C:\Program Files\mIRC\mirc.exe] => Enabled:mIRC
StandardProfile\AuthorizedApplications: [C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe] => Enabled:SmartFTP Client 2.0
StandardProfile\AuthorizedApplications: [C:\Hy-Sport\SwMM2\SwimMM2.exe] => Enabled:Swim Meet Manager
StandardProfile\AuthorizedApplications: [D:\C_2010_09_04\Program Files\mIRC\mirc.exe] => Enabled:mIRC
StandardProfile\AuthorizedApplications: [C:\Program Files\NetAcquire\NetAcquire.exe] => Enabled:Play the Acquire board game on the Internet.
StandardProfile\AuthorizedApplications: [C:\Program Files\AT&T Global Network Client\SwiApiMux.exe] => Enabled:SwiApiMux
StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe] => Enabled:KTF MUSIC AoD Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe] => Enabled:KTF MUSIC VoD Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [D:\Program Files\Savings Bond Wizard\SBWizard.exe] => Enabled:Savings Bond Wizard
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\Version8\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\GROOVE.EXE] => Enabled:Microsoft SharePoint Workspace
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE] => Enabled:Microsoft OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft Lync Attendee\AttendeeCommunicator.exe] => Enabled:Lync Attendee
StandardProfile\AuthorizedApplications: [C:\Program Files\Arduino\java\bin\javaw.exe] => Enabled:Java(TM) Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:'Firefox' (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/04/2015 01:40:51 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
Context: Windows Application
Details:
The content index cannot be read. (0xc0041800)
Error: (11/04/2015 01:40:51 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index cannot be read. (0xc0041800)
Error: (11/04/2015 01:40:51 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index cannot be read. (0xc0041800)
Error: (11/04/2015 01:40:51 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.
Context: Windows Application, SystemIndex Catalog
Details:
0xc0041801 (0xc0041801)
Error: (10/30/2015 05:13:59 AM) (Source: Microsoft Office 14) (EventID: 1000) (User: )
Description: Faulting application outlook.exe, version 14.0.7160.5000, stamp 55fb0b2c, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x178bcc58.
Error: (10/28/2015 06:00:46 AM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.
Context: Application, SystemIndex Catalog
Error: (10/26/2015 10:28:52 AM) (Source: Office12ProofingTools) (EventID: 5000) (User: )
Description: office12proofingtoolswinword.exe14.0.7155.5001mssp7en.dll14.0.7107.50001033ignoreonceNILNILNILNIL
Error: (10/26/2015 10:28:51 AM) (Source: Office12ProofingTools) (EventID: 5000) (User: )
Description: office12proofingtoolswinword.exe14.0.7155.5001msgr3en.dll3.1.0.175191033ignoreonceNILNILNILNIL
Error: (10/26/2015 10:28:51 AM) (Source: Office12ProofingTools) (EventID: 5000) (User: )
Description: office12proofingtoolswinword.exe14.0.7149.5000msgr3en.dll3.1.0.175191033acceptsuggestionNILNILNILNIL
Error: (10/26/2015 10:28:51 AM) (Source: Office12ProofingTools) (EventID: 5000) (User: )
Description: office12proofingtoolswinword.exe14.0.7149.5000mssp7en.dll14.0.7107.50001033acceptcsssuggestionNILNILNILNIL
System errors:
=============
Error: (11/04/2015 01:41:12 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
Error: (11/04/2015 01:40:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RadPciNT service failed to start due to the following error:
%%55
Error: (11/04/2015 01:40:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Java Quick Starter service failed to start due to the following error:
%%2
Error: (11/04/2015 01:40:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GemTek USB FM Radio 21 driver service failed to start due to the following error:
%%1058
Error: (11/04/2015 01:40:47 PM) (Source: 0) (EventID: 2) (User: )
Description:
Error: (11/04/2015 01:26:01 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Service Mgr SearchMoreKnow service hung on starting.
Error: (11/04/2015 01:24:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RadPciNT service failed to start due to the following error:
%%55
Error: (11/04/2015 01:24:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Java Quick Starter service failed to start due to the following error:
%%2
Error: (11/04/2015 01:24:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GemTek USB FM Radio 21 driver service failed to start due to the following error:
%%1058
Error: (11/04/2015 01:24:26 PM) (Source: 0) (EventID: 2) (User: )
Description:
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz
Percentage of memory in use: 83%
Total physical RAM: 2009.74 MB
Available physical RAM: 337.37 MB
Total Virtual: 3902.79 MB
Available Virtual: 2250.35 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:298.09 GB) (Free:231.83 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:298.09 GB) (Free:118.69 GB) NTFS ==>[drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: C5ABC5AB)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 3F0C8D80)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-11-04 14:43:13
-----------------------------
14:43:13.515 OS Version: Windows 5.1.2600 Service Pack 3
14:43:13.515 Number of processors: 2 586 0x170A
14:43:13.515 ComputerName: JOE UserName: Dad
14:43:17.812 Initialize success
14:43:17.843 VM: initialized successfully
14:43:17.843 VM: Intel CPU virtualization not supported
14:43:30.000 AVAST engine defs: 15110400
14:43:38.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
14:43:38.968 Disk 0 Vendor: WDC_WD3200AAJB-00WGA0 00.02C01 Size: 305245MB BusType: 3
14:43:38.984 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
14:43:38.984 Disk 1 Vendor: WDC_WD3200AAJB-00WGA0 00.02C01 Size: 305245MB BusType: 3
14:43:39.171 Disk 0 MBR read successfully
14:43:39.171 Disk 0 MBR scan
14:43:39.296 Disk 0 Windows XP default MBR code
14:43:39.296 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305242 MB offset 63
14:43:39.312 Disk 0 default boot code
14:43:39.312 Disk 0 scanning sectors +625137345
14:43:39.390 Disk 0 scanning C:\WINDOWS\system32\drivers
14:44:05.843 Service scanning
14:44:42.203 Modules scanning
14:44:42.218 Disk 0 trace - called modules:
14:44:42.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:44:42.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5dbab8]
14:44:42.234 3 CLASSPNP.SYS[b98e8fd7] -> nt!IofCallDriver -> \Device\00000071[0x8a60ef18]
14:44:42.234 5 ACPI.sys[b977f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a5f6d98]
14:44:45.578 AVAST engine scan C:\WINDOWS
14:45:40.781 AVAST engine scan C:\WINDOWS\system32
14:52:30.937 AVAST engine scan C:\WINDOWS\system32\drivers
14:53:08.515 AVAST engine scan C:\Documents and Settings\Dad
15:40:56.968 AVAST engine scan C:\Documents and Settings\All Users
15:45:07.546 Disk 0 statistics 2879708/0/0 @ 0.47 MB/s
15:45:07.562 Scan finished successfully
15:46:20.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dad\My Documents\Downloads\MBR.dat"
15:46:20.578 The log file has been saved successfully to "C:\Documents and Settings\Dad\My Documents\Downloads\aswMBR.txt"
(END LOGS)