joemagiera
2016-01-13, 02:34
On a Windows XP machine. Problem is an internet browser home page hi-jack. Problems started when downloaded what I thought was a safe MS Excel template, about 4PM (central), 1-12-2016.
Below are the three requested logs, in order:
FRST.txt
Addition.txt
aswMBR.txt
Any questions or actions to take, please let me know. Please help. Thank you,
Joe
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-01-2015 01
Ran by Dad (administrator) on JOE (12-01-2016 17:20:35)
Running from C:\Documents and Settings\Dad\Desktop\virus-fix
Loaded Profiles: Dad (Available Profiles: Dad & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19523616 2010-05-07] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [7021880 2015-12-16] (AVAST Software)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\Run: [treader.exe] => C:\Program Files\AT&T tReader\treader.exe [1304576 2007-10-23] ()
HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-1390067357-926492609-839522115-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2008-04-13] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Documents and Settings\All Users\Application Data\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Documents and Settings\All Users\Application Data\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Documents and Settings\All Users\Application Data\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2015-12-16] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{2C5F3C20-16B4-4DFC-A15E-75825F4A8998}: [DhcpNameServer] 192.168.88.1
Internet Explorer:
==================
HKU\S-1-5-21-1390067357-926492609-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-968125b7&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1390067357-926492609-839522115-1003 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-968125b7&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1390067357-926492609-839522115-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1390067357-926492609-839522115-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-968125b7&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1390067357-926492609-839522115-1003 -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-16] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-12-16] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-16] (Oracle Corporation)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll => No File
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} hxxps://gassl10.vpn.att.com/+CSCOL+/relayp.cab
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://missl10.vpn.att.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} hxxps://usmiclient.vpn.att.com/CACHE/stc/3/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {A5A5E1FF-FFEF-3FEF-B592-C6D194F4383F} hxxps://gassl10.vpn.att.com/CACHE/sdesktop/install/binaries/instweb.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} hxxps://gassl10.vpn.att.com/CACHE/sdesktop/install/binaries/instweb.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll [2011-08-10] (Belarc, Inc.)
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\itss.dll [2005-05-26] (Microsoft Corporation)
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\itss.dll [2005-05-26] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\81ilz7pn.default-1443317241296
FF DefaultSearchEngine: Default
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Default
FF Homepage: hxxp://www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-968125b7
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1390067357-926492609-839522115-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Dad\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-08-27] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npatgpc.dll [2015-02-04] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Dad\Application Data\mozilla\plugins\npatgpc.dll [2015-02-04] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Dad\Application Data\mozilla\plugins\npMeetingJoinPluginAOCUser.dll [2014-05-01] ()
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-11-06] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2015-12-16]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\Alwil Software\Avast5\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\Alwil Software\Avast5\SafePrice\FF [2015-12-16]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-968125b7
CHR StartupUrls: Default -> "hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-968125b7"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=INCOH2&PC=IC03&PTAG=ICO-968125b7&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Search Provided by Bing.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-05]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-09]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-12-16]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [226440 2015-12-16] (AVAST Software)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [560528 2014-03-12] (Cisco Systems, Inc.)
S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 acsint; C:\WINDOWS\System32\DRIVERS\acsint.sys [40304 2014-03-12] (Cisco Systems, Inc.)
S3 acsmux; C:\WINDOWS\System32\DRIVERS\acsmux.sys [58736 2014-03-12] (Cisco Systems, Inc.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-12-16] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [81168 2015-12-18] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-12-16] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-12-16] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [794952 2015-12-16] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [436360 2015-12-18] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [165104 2015-12-16] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [58016 2015-12-16] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209432 2015-12-16] (AVAST Software)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2011-08-09] () [File not signed]
S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5315 2005-05-17] (Cisco Systems, Inc.)
S4 DLPortIO; C:\WINDOWS\System32\DRIVERS\DLPortIO.sys [3584 1999-01-10] () [File not signed]
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
R2 giveio; C:\WINDOWS\system32\drivers\giveio.sys [5248 1996-05-13] () [File not signed]
S3 HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [907456 2001-08-17] (Conexant)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2015-11-05] (Malwarebytes)
S3 mcdbus; C:\WINDOWS\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
S3 mirrorv3; C:\WINDOWS\System32\DRIVERS\rminiv3.sys [3328 2010-04-21] (Famatech International Corp.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R1 oxmf; C:\WINDOWS\System32\DRIVERS\oxmf.sys [15779 2003-06-26] (Lite-On Technology Corporation.)
S3 Oxmfuf; C:\WINDOWS\System32\DRIVERS\oxmfuf.sys [5111 2003-06-26] (Lite-On Technology Corporation.)
R1 oxpar; C:\WINDOWS\System32\DRIVERS\oxpar.sys [76800 2003-12-25] (Lite-On Technology Corporation.)
S1 oxser; C:\WINDOWS\System32\DRIVERS\oxser.sys [51269 2003-06-26] (Lite-On Technology Corporation.)
S2 RadPciNT; C:\WINDOWS\system32\Drivers\RadPciNT.sys [9417 2000-04-24] (MediaForte Products Pte. Ltd.) [File not signed]
R2 ScFBPNT; C:\WINDOWS\system32\drivers\ScFBPNT.SYS [16288 2000-02-08] () [File not signed]
R3 teamviewervpn; C:\WINDOWS\System32\DRIVERS\teamviewervpn.sys [25088 2012-11-28] (TeamViewer GmbH)
S2 USBRADIO; C:\WINDOWS\System32\Drivers\USBRADIO.sys [49444 2000-03-31] (GemTek Technology Co. LTD.) [File not signed]
R3 WmBEnum; C:\WINDOWS\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\WINDOWS\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
S3 WmVirHid; C:\WINDOWS\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\WINDOWS\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
S3 avpnnic; system32\DRIVERS\avpnnic.sys [X]
S3 eapihdrv; \??\C:\DOCUME~1\Dad\LOCALS~1\Temp\ehdrv.sys [X]
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S3 vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys [X]
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-12 17:20 - 2016-01-12 17:20 - 00000000 ____D C:\FRST
2016-01-12 17:10 - 2016-01-12 17:09 - 00069908 ____H C:\WINDOWS\Minidump\Mini011216-01.dmp
2016-01-12 17:08 - 2016-01-12 17:08 - 00000000 ____D C:\RegBackup
2016-01-12 17:07 - 2016-01-12 17:07 - 00015884 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2016-01-12 17:07 - 2016-01-12 17:07 - 00001876 _____ C:\Documents and Settings\All Users\Desktop\Tweaking.com - Registry Backup.lnk
2016-01-12 17:07 - 2016-01-12 17:07 - 00000000 ____D C:\Program Files\Tweaking.com
2016-01-12 17:07 - 2016-01-12 17:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2016-01-12 16:55 - 2016-01-12 17:20 - 00000000 ____D C:\Documents and Settings\Dad\Desktop\virus-fix
2016-01-12 16:28 - 2016-01-12 16:28 - 00000000 ____D C:\Documents and Settings\Dad\Local Settings\Application Data\IsolatedStorage
2016-01-12 16:27 - 2016-01-12 16:31 - 00000000 ____D C:\Program Files\Common Files\COMODO
2016-01-12 16:26 - 2016-01-12 16:29 - 00000000 __HDC C:\Documents and Settings\All Users\Application Data\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2016-01-12 16:26 - 2016-01-12 16:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\COMODO
2016-01-12 16:26 - 2016-01-12 16:26 - 00000000 ____D C:\Program Files\COMODO
2016-01-11 20:24 - 2016-01-11 20:24 - 00000808 _____ C:\Documents and Settings\All Users\Desktop\Full Flush Poker 8.2.lnk
2016-01-11 11:18 - 2016-01-11 11:18 - 00000124 _____ C:\Documents and Settings\Dad\Desktop\Postage.url
2016-01-06 20:51 - 2016-01-07 06:50 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-12-21 21:14 - 2015-12-21 21:14 - 00000000 ____D C:\Documents and Settings\Dad\Local Settings\Application Data\Mega Limited
2015-12-16 06:00 - 2015-12-16 06:00 - 00322760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-12-16 06:00 - 2015-12-16 06:00 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-12 17:21 - 2010-09-05 12:30 - 00000000 ____D C:\Documents and Settings\Dad\Local Settings\Temp
2016-01-12 17:20 - 2010-09-05 03:50 - 00000000 ____D C:\WINDOWS
2016-01-12 17:13 - 2014-08-27 15:56 - 00000510 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1390067357-926492609-839522115-1003.job
2016-01-12 17:12 - 2012-07-11 15:38 - 00000366 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2016-01-12 17:11 - 2014-06-04 19:57 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-12 17:11 - 2014-03-06 22:25 - 00000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-01-12 17:11 - 2001-08-23 06:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-01-12 17:10 - 2011-09-12 16:05 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-12 17:10 - 2010-09-05 12:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-12 17:01 - 2014-06-04 19:57 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-12 16:55 - 2013-10-30 15:41 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-12 16:39 - 2015-05-30 10:25 - 00000606 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1390067357-926492609-839522115-1003.job
2016-01-11 23:20 - 2014-10-02 17:46 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2016-01-11 23:20 - 2013-06-30 21:56 - 03997696 _____ C:\WINDOWS\system32\config\ACVPN.evt
2016-01-11 23:20 - 2010-09-05 12:30 - 00000178 ___SH C:\Documents and Settings\Dad\ntuser.ini
2016-01-11 23:20 - 2010-09-05 12:28 - 00032632 _____ C:\WINDOWS\SchedLgU.Txt
2016-01-11 15:39 - 2015-02-17 22:36 - 00000000 ____D C:\Program Files\PokerStars
2016-01-08 15:00 - 2014-03-06 22:25 - 00000212 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-01-08 05:57 - 2014-06-03 20:55 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-01-02 22:55 - 2013-10-30 15:41 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-01-02 22:55 - 2013-10-30 15:41 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-12-25 23:32 - 2010-09-05 12:30 - 00000000 ____D C:\Documents and Settings\Dad
2015-12-18 13:53 - 2013-03-19 15:16 - 00081168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-12-18 13:53 - 2010-09-11 08:31 - 00436360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-12-16 13:40 - 2010-12-25 19:01 - 00000000 ____D C:\Documents and Settings\Dad\Local Settings\Application Data\WinZip
2015-12-16 13:38 - 2014-04-02 18:48 - 00001688 _____ C:\Documents and Settings\All Users\Start Menu\BetOnline Poker 8.2.lnk
2015-12-16 13:38 - 2014-04-02 18:32 - 00000000 ____D C:\Program Files\BetOnline Poker 8.2
2015-12-16 06:39 - 2010-09-05 03:50 - 00000000 ___HD C:\WINDOWS\inf
2015-12-16 06:00 - 2015-08-11 21:04 - 00165104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-12-16 06:00 - 2014-05-28 16:16 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-12-16 06:00 - 2013-03-19 15:16 - 00209432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-12-16 06:00 - 2013-03-19 15:16 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-12-16 06:00 - 2010-09-11 08:31 - 00058016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-12-16 06:00 - 2010-09-11 08:31 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-12-16 05:59 - 2011-11-30 16:40 - 00794952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
==================== Files in the root of some directories =======
2011-12-28 11:20 - 2011-12-28 11:20 - 0002528 _____ () C:\Documents and Settings\Dad\Application Data\$_hpcst$.hpc
2011-12-14 17:16 - 2014-11-15 15:53 - 0003584 _____ () C:\Documents and Settings\Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
C:\Documents and Settings\Dad\Local Settings\Temp\Full Flush Poker Updater.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-01-2015 01
Ran by Dad (2016-01-12 17:22:15)
Running from C:\Documents and Settings\Dad\Desktop\virus-fix
Microsoft Windows XP Professional Service Pack 3 (X86) (2010-09-05 18:17:31)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1390067357-926492609-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1390067357-926492609-839522115-1006 - Limited - Enabled)
Dad (S-1-5-21-1390067357-926492609-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Dad
Guest (S-1-5-21-1390067357-926492609-839522115-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1390067357-926492609-839522115-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1390067357-926492609-839522115-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Arcade Tournament Manager (HKLM\...\{E27E085D-DAEE-41D1-B047-42DC8A01F545}) (Version: 1.7.4.0 - Danesi Designs)
ArcSoft Camera Suite (HKLM\...\{4677AAF8-8D7A-4EE2-BCE4-0068BB052353}) (Version: - )
Arduino (HKLM\...\Arduino) (Version: 1.6.3 - Arduino LLC)
AT&T Connect Participant Application v9.5.51 (HKLM\...\{E42E8753-9A8E-48E9-9829-B3571D91A945}) (Version: 9.5.51 - AT&T Inc.)
Avast Free Antivirus (HKLM\...\avast) (Version: 11.1.2245 - AVAST Software)
Belarc Advisor 8.2 (HKLM\...\Belarc Advisor) (Version: 8.2.6.0 - Belarc Inc.)
BetOnline Poker 8.2 (HKLM\...\BetOnline Poker 8.2) (Version: 8.2.12.201511170400 - Hero Poker Network)
Camera Window (Version: 4.0 - Canon) Hidden
Canon Camera WIA Driver (Version: 5.0.0 - Canon) Hidden
Canon Camera Window for ZoomBrowser EX (HKLM\...\InstallShield_{2D6BDF3A-6BDB-4169-909F-E882F23AB795}) (Version: 4.0 - Canon)
Canon PhotoRecord (HKLM\...\PhotoRecord) (Version: - )
Canon PowerShot S45 WIA Driver (HKLM\...\InstallShield_{25E671BE-87A0-40F1-ABE5-BCBC6E65B0F5}) (Version: 5.0.0 - Canon)
Canon Utilities FileViewerUtility 1.0 (HKLM\...\InstallShield_{0627E8E9-6822-4A5E-9225-286741CDC3E4}) (Version: 1.0 - Canon)
Canon Utilities PhotoStitch 3.1 (HKLM\...\InstallShield_{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}) (Version: 3.1.8 - Canon)
Canon Utilities RemoteCapture 2.6 (HKLM\...\InstallShield_{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}) (Version: 2.6.0 - Your Company Name)
Canon Utilities ZoomBrowser EX (HKLM\...\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}) (Version: 04.00.00024 - CISRA)
Catan Online World (HKLM\...\Catan Online Welt) (Version: 3.728 - Catan GmbH)
Cisco AnyConnect Secure Mobility Client (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05160 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.05160 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{3D5F07C3-1B93-47F8-9F8A-DE8E47BF1669}) (Version: 1.0.209 - Citrix)
Data Fax SoftModem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: - )
FileViewerUtility 1.0 (Version: 1.0 - Canon) Hidden
Full Flush Poker 8.2 (HKLM\...\Full Flush Poker 8.2) (Version: 8.2.12.201509140800 - Full Flush Poker)
Google Chrome (HKLM\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
GoToMeeting 7.8.1.4190 (HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\GoToMeeting) (Version: 7.8.1.4190 - CitrixOnline)
H&R Block Deluxe + Efile + State 2014 (HKLM\...\{BDA77C08-60A6-4AAB-B5A9-849ECF399A49}) (Version: 14.05.7401 - HRB Technology, LLC.)
H&R Block Illinois 2014 (HKLM\...\{1B7D02B3-464B-4870-83AF-9FC76A8C8554}) (Version: 1.14.3401 - HRB Technology, LLC.)
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
Image Resizer Powertoy for Windows XP (HKLM\...\{1CB92574-96F2-467B-B793-5CEB35C40C29}) (Version: 1.00.0001 - Microsoft Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5273 - Intel Corporation)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Juniper Networks Host Checker (HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\Neoteris_Host_Checker) (Version: 7.1.0.18193 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\Juniper_Setup_Client) (Version: 7.1.2.10059 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
LivePix 1.1 SE (HKLM\...\LivePix) (Version: - )
Logitech Gaming Software 5.10 (HKLM\...\{60D32CDC-E3BE-4578-BA10-29322307CDDC}) (Version: 5.10.127 - Logitech)
MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Max Loader 4.6r (HKLM\...\Max Loader_is1) (Version: - EETools, Inc.)
MeasureUp Certification Preparation (HKLM\...\InstallShield_{B9DF865A-C1BD-4DFD-9FF5-9CA5C6E23415}) (Version: 10.03 - MeasureUp Inc.)
MeasureUp Practice Tests (HKLM\...\InstallShield_{1B53F089-10BA-4538-B977-8CF8A5343E04}) (Version: 10.03 - MeasureUp Inc.)
MeasureUp Practice Tests (Version: 10.03 - MeasureUp Inc.) Hidden
MEET MANAGER 2.0 for Swimming (HKLM\...\{7CE480FF-5B49-490E-BC18-1C663ECC0B61}) (Version: 1.00.0001 - Sports-Tek Software)
MEET MANAGER 3.0 for Swimming (HKLM\...\{ED1D569E-3DA4-4D59-A1C2-80DFF72C962F}) (Version: 1.00.0001 - HY-TEK Sports Software)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Lync 2010 Attendee (HKLM\...\{6F72D695-5188-4484-B21E-E16CD89C4008}) (Version: 4.0.7577.4446 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version: - )
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
mIRC (HKLM\...\mIRC) (Version: - )
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Password Safe 1.7.1 (HKLM\...\{9886C963-FB48-4C58-8E75-64816F220D1D}) (Version: 1.7.1 - SBC)
Pdf995 (installed by H&R Block) (HKLM\...\Pdf995) (Version: - )
PdfEdit995 (installed by H&R Block) (HKLM\...\PdfEdit995) (Version: - )
PhotoStitch (Version: 3.1.8 - Canon) Hidden
PokerStars (HKLM\...\PokerStars) (Version: - PokerStars)
Radiator (remove only) (HKLM\...\Radiator) (Version: - )
Radmin Viewer 3.4 (HKLM\...\{2517B7EA-6C03-4D86-A1B1-F3FE1C3BC03B}) (Version: 3.41.0000 - Famatech)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.30.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6106 - Realtek Semiconductor Corp.)
Remote Administrator v2.2 (HKLM\...\Remote Administrator v2.2) (Version: - )
RemoteCapture 2.6 (Version: 2.6.0 - Your Company Name) Hidden
Revo Uninstaller Pro 2.5.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.9 - VS Revo Group, Ltd.)
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Savings Bond Wizard (HKLM\...\Savings Bond Wizard) (Version: - )
ScanCraft CS-P (HKLM\...\ScanCraft CS-P) (Version: - )
SecureAuthOTP (HKLM\...\{21CBD08B-1E83-4D4B-B1FE-BB5424245BB5}) (Version: 1.11.0000 - SecureAuth)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SketchUp 2013 (HKLM\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
SketchUp 2014 (HKLM\...\{A608A8D3-E77C-4BEE-8F2A-F8124F5F0FE2}) (Version: 14.0.4900 - Trimble Navigation Limited)
SmartFTP Client 2.0 (HKLM\...\{C169D3BB-9A27-43F5-9979-09A0D65FE95C}) (Version: 2.0.1000 - SmartFTP)
SmartFTP Client 2.0 Setup Files (remove only) (HKLM\...\SmartFTP Client 2.0 Setup Files) (Version: "2.0" - "SmartFTP")
Snagit 10 (HKLM\...\{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}) (Version: 10.0.0 - TechSmith Corporation)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
StudioLine Photo (HKLM\...\StudioLine Photo) (Version: - )
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{01E0A80A-97FD-4FC2-B75D-C754396CD255}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{156B30E4-2D3D-4257-A340-9BDD2E972E2E}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\Video2ActiveXWnd.ocx ()
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{2115F58A-CE09-47CC-A0B1-A8A2EC0C5423}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{638B203F-8FB6-49ec-A139-AB8C530F0CAB}\MSPowerPoint.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{48A60FE8-C446-4371-95EB-258B14DCC5AC}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{18AA4E21-D540-4a3a-9F9F-E6DE33D6F253}\MSExcel.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{5A31DC2C-BC50-4F71-93B8-2EC648404AF3}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\Video2ActiveXWnd.ocx ()
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{7949C823-54C6-40F0-8D85-2348247E6820}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Utilities\IWMaterials.ocx (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{795B06EA-58E8-482C-AF11-A7E4E34DA16F}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{7A162288-DE78-473C-A6BA-23FF17F768E9}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1440\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{88BE9158-3A40-4907-B2F0-7E72496A9596}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{8A3C5585-D1ED-4EC0-B3C4-94998094E5BB}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{8CC82228-2200-4D22-9859-B762582F6D31}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{CC9F903E-1C4B-4596-B410-982107EC4899}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{DE471660-5535-47A8-949A-9DA95A72951F}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Utilities\IWMaterials.ocx (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{E169D2B5-9411-47B9-A473-345A3FB57090}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{F4A2332C-B453-4424-A142-AB9C51BAE2AF}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{F8ACB9F2-2A7D-4261-AA37-A39448C23CAE}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\dsoframer.ocx (AT&T Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1390067357-926492609-839522115-1003.job => C:\Program Files\Citrix\GoToMeeting\4190\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1390067357-926492609-839522115-1003.job => C:\Program Files\Citrix\GoToMeeting\4190\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-03-12 14:53 - 2014-03-12 14:53 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2015-05-28 20:06 - 2015-12-16 06:00 - 00103888 _____ () C:\Program Files\Alwil Software\Avast5\log.dll
2015-05-28 20:06 - 2015-12-16 06:00 - 00125512 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll
2016-01-12 13:57 - 2016-01-12 13:57 - 02822144 _____ () C:\Program Files\Alwil Software\Avast5\defs\16011200\algo.dll
2015-12-16 06:00 - 2015-12-16 06:00 - 00469008 _____ () C:\Program Files\Alwil Software\Avast5\ffl2.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-05-23 16:05 - 2009-08-16 16:06 - 00141312 _____ () C:\Program Files\WinRAR\rarext.dll
2015-08-10 06:47 - 2015-08-10 06:47 - 00036864 _____ () C:\WINDOWS\system32\pdf995mon.dll
2013-02-17 21:21 - 2012-11-28 11:50 - 00018856 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
2015-03-13 16:23 - 2015-12-16 06:00 - 40539648 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\att.com -> hxxps://*.vpn.att.com
IE trusted site: HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\fixme.it -> hxxps://fixme.it
IE trusted site: HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\fujitsu.com -> hxxps://sslvpn2.fai.fujitsu.com
IE trusted site: HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\measureup.com -> measureup.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2001-08-23 06:00 - 2015-11-04 20:10 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1390067357-926492609-839522115-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.88.1
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
StandardProfile\AuthorizedApplications: [C:\Program Files\mIRC\mirc.exe] => Enabled:mIRC
StandardProfile\AuthorizedApplications: [C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe] => Enabled:SmartFTP Client 2.0
StandardProfile\AuthorizedApplications: [C:\Hy-Sport\SwMM2\SwimMM2.exe] => Enabled:Swim Meet Manager
StandardProfile\AuthorizedApplications: [D:\C_2010_09_04\Program Files\mIRC\mirc.exe] => Enabled:mIRC
StandardProfile\AuthorizedApplications: [C:\Program Files\NetAcquire\NetAcquire.exe] => Enabled:Play the Acquire board game on the Internet.
StandardProfile\AuthorizedApplications: [C:\Program Files\AT&T Global Network Client\SwiApiMux.exe] => Enabled:SwiApiMux
StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe] => Enabled:KTF MUSIC AoD Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe] => Enabled:KTF MUSIC VoD Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [D:\Program Files\Savings Bond Wizard\SBWizard.exe] => Enabled:Savings Bond Wizard
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\Version8\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\GROOVE.EXE] => Enabled:Microsoft SharePoint Workspace
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE] => Enabled:Microsoft OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft Lync Attendee\AttendeeCommunicator.exe] => Enabled:Lync Attendee
StandardProfile\AuthorizedApplications: [C:\Program Files\Arduino\java\bin\javaw.exe] => Enabled:Java(TM) Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
==================== Restore Points =========================
14-10-2015 15:08:02 System Checkpoint
15-10-2015 15:09:19 System Checkpoint
17-10-2015 07:10:13 System Checkpoint
18-10-2015 07:58:04 System Checkpoint
19-10-2015 08:53:12 System Checkpoint
20-10-2015 09:00:04 System Checkpoint
21-10-2015 09:32:27 System Checkpoint
22-10-2015 19:48:01 System Checkpoint
24-10-2015 08:14:38 System Checkpoint
24-10-2015 13:56:12 Software Distribution Service 3.0
25-10-2015 07:23:03 Software Distribution Service 3.0
25-10-2015 07:25:08 Software Distribution Service 3.0
25-10-2015 07:35:03 Software Distribution Service 3.0
25-10-2015 07:53:53 Software Distribution Service 3.0
25-10-2015 08:26:12 Software Distribution Service 3.0
25-10-2015 08:39:05 Software Distribution Service 3.0
25-10-2015 21:47:11 Software Distribution Service 3.0
26-10-2015 05:25:03 Software Distribution Service 3.0
26-10-2015 17:13:54 Software Distribution Service 3.0
27-10-2015 17:23:22 System Checkpoint
28-10-2015 17:50:16 System Checkpoint
29-10-2015 18:35:42 System Checkpoint
31-10-2015 11:55:54 System Checkpoint
01-11-2015 14:10:18 System Checkpoint
02-11-2015 16:12:44 System Checkpoint
03-11-2015 18:02:17 System Checkpoint
04-11-2015 13:37:42 Restore Operation
04-11-2015 13:41:47 avast! antivirus system restore point
04-11-2015 13:50:21 Installed Windows XP Wdf01009.
04-11-2015 20:03:13 Restore Point Created by FRST
04-11-2015 20:10:50 Restore Point Created by FRST
04-11-2015 21:41:25 JRT Pre-Junkware Removal
05-11-2015 21:47:42 System Checkpoint
06-11-2015 17:21:01 Restore Point Created by FRST
07-11-2015 17:56:01 System Checkpoint
08-11-2015 18:28:51 System Checkpoint
09-11-2015 19:21:03 System Checkpoint
10-11-2015 19:30:58 System Checkpoint
11-11-2015 21:17:22 System Checkpoint
12-11-2015 16:20:20 Software Distribution Service 3.0
12-11-2015 23:11:52 Software Distribution Service 3.0
13-11-2015 05:50:59 Software Distribution Service 3.0
13-11-2015 06:29:39 Software Distribution Service 3.0
13-11-2015 06:47:56 Software Distribution Service 3.0
13-11-2015 06:55:46 Software Distribution Service 3.0
13-11-2015 07:20:58 Software Distribution Service 3.0
14-11-2015 11:28:32 System Checkpoint
15-11-2015 12:16:12 System Checkpoint
16-11-2015 12:34:32 System Checkpoint
17-11-2015 13:03:46 System Checkpoint
18-11-2015 14:55:28 System Checkpoint
19-11-2015 16:39:00 System Checkpoint
22-11-2015 18:57:54 System Checkpoint
23-11-2015 19:29:53 System Checkpoint
24-11-2015 20:17:53 System Checkpoint
25-11-2015 20:42:58 System Checkpoint
27-11-2015 09:26:53 System Checkpoint
28-11-2015 09:31:11 System Checkpoint
29-11-2015 10:05:51 System Checkpoint
30-11-2015 11:36:05 System Checkpoint
01-12-2015 12:16:46 System Checkpoint
02-12-2015 12:17:03 System Checkpoint
03-12-2015 13:00:24 System Checkpoint
04-12-2015 13:38:51 System Checkpoint
05-12-2015 17:44:45 System Checkpoint
06-12-2015 19:28:14 System Checkpoint
07-12-2015 20:07:15 System Checkpoint
08-12-2015 21:15:00 System Checkpoint
09-12-2015 21:18:23 System Checkpoint
10-12-2015 11:39:17 Software Distribution Service 3.0
10-12-2015 16:17:15 Software Distribution Service 3.0
10-12-2015 17:17:50 Software Distribution Service 3.0
10-12-2015 17:29:41 Software Distribution Service 3.0
11-12-2015 17:42:33 System Checkpoint
12-12-2015 18:40:31 System Checkpoint
13-12-2015 18:50:00 System Checkpoint
14-12-2015 19:32:24 System Checkpoint
15-12-2015 20:09:52 System Checkpoint
16-12-2015 06:07:20 Installed Windows XP Wdf01009.
17-12-2015 06:58:18 System Checkpoint
18-12-2015 07:28:14 System Checkpoint
19-12-2015 08:59:54 System Checkpoint
20-12-2015 09:20:57 System Checkpoint
21-12-2015 10:54:25 System Checkpoint
22-12-2015 11:20:11 System Checkpoint
23-12-2015 20:03:23 System Checkpoint
24-12-2015 20:39:21 System Checkpoint
25-12-2015 21:35:47 System Checkpoint
26-12-2015 22:55:15 System Checkpoint
28-12-2015 10:07:28 System Checkpoint
29-12-2015 12:15:36 System Checkpoint
30-12-2015 12:17:55 System Checkpoint
31-12-2015 13:43:45 System Checkpoint
01-01-2016 15:17:53 System Checkpoint
02-01-2016 15:42:24 System Checkpoint
03-01-2016 17:55:47 System Checkpoint
04-01-2016 18:32:55 System Checkpoint
05-01-2016 19:24:45 System Checkpoint
06-01-2016 19:56:54 System Checkpoint
07-01-2016 20:03:11 System Checkpoint
09-01-2016 07:46:30 System Checkpoint
10-01-2016 10:29:06 System Checkpoint
11-01-2016 10:37:51 System Checkpoint
12-01-2016 11:41:48 System Checkpoint
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/07/2016 06:58:14 AM) (Source: Microsoft Office 14) (EventID: 1000) (User: )
Description: Faulting application outlook.exe, version 14.0.7162.5003, stamp 56344207, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0xffff0000.
Error: (01/02/2016 10:41:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application jucheck.exe, version 2.8.60.27, faulting module jucheck.exe, version 2.8.60.27, fault address 0x00052d24.
Processing media-specific event for [jucheck.exe!ws!]
Error: (12/30/2015 08:29:26 AM) (Source: Microsoft Office 14) (EventID: 1000) (User: )
Description: Faulting application outlook.exe, version 14.0.7162.5003, stamp 56344207, faulting module urlmon.dll, version 8.0.6001.23580, stamp 5318b77b, debug? 0, fault address 0x000059b4.
Error: (12/13/2015 11:47:29 AM) (Source: Microsoft Office 14) (EventID: 1000) (User: )
Description: Faulting application outlook.exe, version 14.0.7162.5003, stamp 56344207, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x6e757220.
Error: (12/10/2015 11:42:46 AM) (Source: MsiInstaller) (EventID: 1024) (User: JOE)
Description: Product: Microsoft Office Professional Plus 2010 - Update 'Security Update for Microsoft Office 2010 (KB3085612) 32-Bit Edition' could not be installed. Error code 1624. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (12/10/2015 11:42:38 AM) (Source: MsiInstaller) (EventID: 1024) (User: JOE)
Description: Product: Microsoft Office Professional Plus 2010 - Update 'Security Update for Microsoft Office 2010 (KB3085528) 32-Bit Edition' could not be installed. Error code 1624. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (12/10/2015 11:41:04 AM) (Source: MsiInstaller) (EventID: 1024) (User: JOE)
Description: Product: Microsoft Office Professional Plus 2010 - Update 'Update for Microsoft Office 2010 (KB3114404) 32-Bit Edition' could not be installed. Error code 1624. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (12/04/2015 07:33:27 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 200400471.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.
Error: (12/04/2015 07:33:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application betonline poker.exe, version 0.0.0.0, faulting module betonline poker.exe, version 0.0.0.0, fault address 0x00393a67.
Processing media-specific event for [betonline poker.exe!ws!]
Error: (12/04/2015 07:32:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application betonline poker.exe, version 0.0.0.0, faulting module betonline poker.exe, version 0.0.0.0, fault address 0x00393a67.
Processing media-specific event for [betonline poker.exe!ws!]
System errors:
=============
Error: (01/12/2016 05:14:15 PM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 000000ea, parameter1 897e1da0, parameter2 8a312e20, parameter3 8a510638, parameter4 00000001.
Error: (01/12/2016 05:11:14 PM) (Source: 0) (EventID: 2) (User: )
Description:
Error: (01/12/2016 05:11:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RadPciNT service failed to start due to the following error:
%%55
Error: (01/12/2016 05:11:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Java Quick Starter service failed to start due to the following error:
%%2
Error: (01/12/2016 05:11:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GemTek USB FM Radio 21 driver service failed to start due to the following error:
%%1058
Error: (01/12/2016 05:09:37 PM) (Source: 0) (EventID: 108) (User: )
Description: \Device\Video0displayigxprd32
Error: (01/12/2016 04:59:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RadPciNT service failed to start due to the following error:
%%55
Error: (01/12/2016 04:59:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Java Quick Starter service failed to start due to the following error:
%%2
Error: (01/12/2016 04:59:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GemTek USB FM Radio 21 driver service failed to start due to the following error:
%%1058
Error: (01/12/2016 04:59:36 PM) (Source: 0) (EventID: 2) (User: )
Description:
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz
Percentage of memory in use: 39%
Total physical RAM: 2009.74 MB
Available physical RAM: 1223.73 MB
Total Virtual: 3902.79 MB
Available Virtual: 3233.93 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:298.09 GB) (Free:236.17 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:298.09 GB) (Free:115.95 GB) NTFS ==>[drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: C5ABC5AB)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 3F0C8D80)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-01-12 17:23:04
-----------------------------
17:23:04.015 OS Version: Windows 5.1.2600 Service Pack 3
17:23:04.015 Number of processors: 2 586 0x170A
17:23:04.015 ComputerName: JOE UserName: Dad
17:23:04.718 Initialize success
17:23:04.718 VM: initialized successfully
17:23:04.718 VM: Intel CPU virtualization not supported
17:23:06.484 AVAST engine defs: 16011200
17:23:27.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
17:23:27.625 Disk 0 Vendor: WDC_WD3200AAJB-00WGA0 00.02C01 Size: 305245MB BusType: 3
17:23:27.625 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
17:23:27.625 Disk 1 Vendor: WDC_WD3200AAJB-00WGA0 00.02C01 Size: 305245MB BusType: 3
17:23:27.828 Disk 0 MBR read successfully
17:23:27.828 Disk 0 MBR scan
17:23:27.828 Disk 0 Windows XP default MBR code
17:23:27.828 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305242 MB offset 63
17:23:27.843 Disk 0 default boot code
17:23:27.843 Disk 0 scanning sectors +625137345
17:23:27.921 Disk 0 scanning C:\WINDOWS\system32\drivers
17:23:39.218 Service scanning
17:23:56.125 Modules scanning
17:23:56.125 Disk 0 trace - called modules:
17:23:56.140 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:23:56.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a602ab8]
17:23:56.140 3 CLASSPNP.SYS[b98e8fd7] -> nt!IofCallDriver -> \Device\00000071[0x8a6053b8]
17:23:56.140 5 ACPI.sys[b977f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a5f5d98]
17:23:56.718 AVAST engine scan C:\WINDOWS
17:24:28.968 AVAST engine scan C:\WINDOWS\system32
17:28:47.375 AVAST engine scan C:\WINDOWS\system32\drivers
17:29:18.140 AVAST engine scan C:\Documents and Settings\Dad
17:59:25.953 AVAST engine scan C:\Documents and Settings\All Users
18:02:22.546 Disk 0 statistics 2447246/0/0 @ 0.62 MB/s
18:02:22.562 Scan finished successfully
18:22:49.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dad\Desktop\virus-fix\MBR.dat"
18:22:49.109 The log file has been saved successfully to "C:\Documents and Settings\Dad\Desktop\virus-fix\aswMBR.txt"
(END LOGS)
Below are the three requested logs, in order:
FRST.txt
Addition.txt
aswMBR.txt
Any questions or actions to take, please let me know. Please help. Thank you,
Joe
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-01-2015 01
Ran by Dad (administrator) on JOE (12-01-2016 17:20:35)
Running from C:\Documents and Settings\Dad\Desktop\virus-fix
Loaded Profiles: Dad (Available Profiles: Dad & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19523616 2010-05-07] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [7021880 2015-12-16] (AVAST Software)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\Run: [treader.exe] => C:\Program Files\AT&T tReader\treader.exe [1304576 2007-10-23] ()
HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-1390067357-926492609-839522115-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2008-04-13] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Documents and Settings\All Users\Application Data\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Documents and Settings\All Users\Application Data\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Documents and Settings\All Users\Application Data\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2015-12-16] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.88.1
Tcpip\..\Interfaces\{2C5F3C20-16B4-4DFC-A15E-75825F4A8998}: [DhcpNameServer] 192.168.88.1
Internet Explorer:
==================
HKU\S-1-5-21-1390067357-926492609-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-968125b7&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1390067357-926492609-839522115-1003 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-968125b7&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1390067357-926492609-839522115-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1390067357-926492609-839522115-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-968125b7&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1390067357-926492609-839522115-1003 -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-16] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2015-12-16] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-16] (Oracle Corporation)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll => No File
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} hxxps://gassl10.vpn.att.com/+CSCOL+/relayp.cab
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://missl10.vpn.att.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} hxxps://usmiclient.vpn.att.com/CACHE/stc/3/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {A5A5E1FF-FFEF-3FEF-B592-C6D194F4383F} hxxps://gassl10.vpn.att.com/CACHE/sdesktop/install/binaries/instweb.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} hxxps://gassl10.vpn.att.com/CACHE/sdesktop/install/binaries/instweb.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll [2011-08-10] (Belarc, Inc.)
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\itss.dll [2005-05-26] (Microsoft Corporation)
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\itss.dll [2005-05-26] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\81ilz7pn.default-1443317241296
FF DefaultSearchEngine: Default
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Default
FF Homepage: hxxp://www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-968125b7
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-16] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1390067357-926492609-839522115-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Dad\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-08-27] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npatgpc.dll [2015-02-04] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Dad\Application Data\mozilla\plugins\npatgpc.dll [2015-02-04] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Dad\Application Data\mozilla\plugins\npMeetingJoinPluginAOCUser.dll [2014-05-01] ()
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-11-06] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2015-12-16]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\Alwil Software\Avast5\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\Alwil Software\Avast5\SafePrice\FF [2015-12-16]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-968125b7
CHR StartupUrls: Default -> "hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-968125b7"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=INCOH2&PC=IC03&PTAG=ICO-968125b7&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Search Provided by Bing.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-05]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-09]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-12-16]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [226440 2015-12-16] (AVAST Software)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [560528 2014-03-12] (Cisco Systems, Inc.)
S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 acsint; C:\WINDOWS\System32\DRIVERS\acsint.sys [40304 2014-03-12] (Cisco Systems, Inc.)
S3 acsmux; C:\WINDOWS\System32\DRIVERS\acsmux.sys [58736 2014-03-12] (Cisco Systems, Inc.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-12-16] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [81168 2015-12-18] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-12-16] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-12-16] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [794952 2015-12-16] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [436360 2015-12-18] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [165104 2015-12-16] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [58016 2015-12-16] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209432 2015-12-16] (AVAST Software)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2011-08-09] () [File not signed]
S3 CVirtA; C:\WINDOWS\System32\DRIVERS\CVirtA.sys [5315 2005-05-17] (Cisco Systems, Inc.)
S4 DLPortIO; C:\WINDOWS\System32\DRIVERS\DLPortIO.sys [3584 1999-01-10] () [File not signed]
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
R2 giveio; C:\WINDOWS\system32\drivers\giveio.sys [5248 1996-05-13] () [File not signed]
S3 HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [907456 2001-08-17] (Conexant)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2015-11-05] (Malwarebytes)
S3 mcdbus; C:\WINDOWS\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
S3 mirrorv3; C:\WINDOWS\System32\DRIVERS\rminiv3.sys [3328 2010-04-21] (Famatech International Corp.)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R1 oxmf; C:\WINDOWS\System32\DRIVERS\oxmf.sys [15779 2003-06-26] (Lite-On Technology Corporation.)
S3 Oxmfuf; C:\WINDOWS\System32\DRIVERS\oxmfuf.sys [5111 2003-06-26] (Lite-On Technology Corporation.)
R1 oxpar; C:\WINDOWS\System32\DRIVERS\oxpar.sys [76800 2003-12-25] (Lite-On Technology Corporation.)
S1 oxser; C:\WINDOWS\System32\DRIVERS\oxser.sys [51269 2003-06-26] (Lite-On Technology Corporation.)
S2 RadPciNT; C:\WINDOWS\system32\Drivers\RadPciNT.sys [9417 2000-04-24] (MediaForte Products Pte. Ltd.) [File not signed]
R2 ScFBPNT; C:\WINDOWS\system32\drivers\ScFBPNT.SYS [16288 2000-02-08] () [File not signed]
R3 teamviewervpn; C:\WINDOWS\System32\DRIVERS\teamviewervpn.sys [25088 2012-11-28] (TeamViewer GmbH)
S2 USBRADIO; C:\WINDOWS\System32\Drivers\USBRADIO.sys [49444 2000-03-31] (GemTek Technology Co. LTD.) [File not signed]
R3 WmBEnum; C:\WINDOWS\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\WINDOWS\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
S3 WmVirHid; C:\WINDOWS\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\WINDOWS\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
S3 avpnnic; system32\DRIVERS\avpnnic.sys [X]
S3 eapihdrv; \??\C:\DOCUME~1\Dad\LOCALS~1\Temp\ehdrv.sys [X]
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S3 vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys [X]
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-12 17:20 - 2016-01-12 17:20 - 00000000 ____D C:\FRST
2016-01-12 17:10 - 2016-01-12 17:09 - 00069908 ____H C:\WINDOWS\Minidump\Mini011216-01.dmp
2016-01-12 17:08 - 2016-01-12 17:08 - 00000000 ____D C:\RegBackup
2016-01-12 17:07 - 2016-01-12 17:07 - 00015884 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2016-01-12 17:07 - 2016-01-12 17:07 - 00001876 _____ C:\Documents and Settings\All Users\Desktop\Tweaking.com - Registry Backup.lnk
2016-01-12 17:07 - 2016-01-12 17:07 - 00000000 ____D C:\Program Files\Tweaking.com
2016-01-12 17:07 - 2016-01-12 17:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2016-01-12 16:55 - 2016-01-12 17:20 - 00000000 ____D C:\Documents and Settings\Dad\Desktop\virus-fix
2016-01-12 16:28 - 2016-01-12 16:28 - 00000000 ____D C:\Documents and Settings\Dad\Local Settings\Application Data\IsolatedStorage
2016-01-12 16:27 - 2016-01-12 16:31 - 00000000 ____D C:\Program Files\Common Files\COMODO
2016-01-12 16:26 - 2016-01-12 16:29 - 00000000 __HDC C:\Documents and Settings\All Users\Application Data\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2016-01-12 16:26 - 2016-01-12 16:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\COMODO
2016-01-12 16:26 - 2016-01-12 16:26 - 00000000 ____D C:\Program Files\COMODO
2016-01-11 20:24 - 2016-01-11 20:24 - 00000808 _____ C:\Documents and Settings\All Users\Desktop\Full Flush Poker 8.2.lnk
2016-01-11 11:18 - 2016-01-11 11:18 - 00000124 _____ C:\Documents and Settings\Dad\Desktop\Postage.url
2016-01-06 20:51 - 2016-01-07 06:50 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-12-21 21:14 - 2015-12-21 21:14 - 00000000 ____D C:\Documents and Settings\Dad\Local Settings\Application Data\Mega Limited
2015-12-16 06:00 - 2015-12-16 06:00 - 00322760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-12-16 06:00 - 2015-12-16 06:00 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-12 17:21 - 2010-09-05 12:30 - 00000000 ____D C:\Documents and Settings\Dad\Local Settings\Temp
2016-01-12 17:20 - 2010-09-05 03:50 - 00000000 ____D C:\WINDOWS
2016-01-12 17:13 - 2014-08-27 15:56 - 00000510 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1390067357-926492609-839522115-1003.job
2016-01-12 17:12 - 2012-07-11 15:38 - 00000366 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2016-01-12 17:11 - 2014-06-04 19:57 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-12 17:11 - 2014-03-06 22:25 - 00000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-01-12 17:11 - 2001-08-23 06:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-01-12 17:10 - 2011-09-12 16:05 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-12 17:10 - 2010-09-05 12:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-12 17:01 - 2014-06-04 19:57 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-12 16:55 - 2013-10-30 15:41 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-12 16:39 - 2015-05-30 10:25 - 00000606 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1390067357-926492609-839522115-1003.job
2016-01-11 23:20 - 2014-10-02 17:46 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2016-01-11 23:20 - 2013-06-30 21:56 - 03997696 _____ C:\WINDOWS\system32\config\ACVPN.evt
2016-01-11 23:20 - 2010-09-05 12:30 - 00000178 ___SH C:\Documents and Settings\Dad\ntuser.ini
2016-01-11 23:20 - 2010-09-05 12:28 - 00032632 _____ C:\WINDOWS\SchedLgU.Txt
2016-01-11 15:39 - 2015-02-17 22:36 - 00000000 ____D C:\Program Files\PokerStars
2016-01-08 15:00 - 2014-03-06 22:25 - 00000212 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-01-08 05:57 - 2014-06-03 20:55 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-01-02 22:55 - 2013-10-30 15:41 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-01-02 22:55 - 2013-10-30 15:41 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-12-25 23:32 - 2010-09-05 12:30 - 00000000 ____D C:\Documents and Settings\Dad
2015-12-18 13:53 - 2013-03-19 15:16 - 00081168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-12-18 13:53 - 2010-09-11 08:31 - 00436360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-12-16 13:40 - 2010-12-25 19:01 - 00000000 ____D C:\Documents and Settings\Dad\Local Settings\Application Data\WinZip
2015-12-16 13:38 - 2014-04-02 18:48 - 00001688 _____ C:\Documents and Settings\All Users\Start Menu\BetOnline Poker 8.2.lnk
2015-12-16 13:38 - 2014-04-02 18:32 - 00000000 ____D C:\Program Files\BetOnline Poker 8.2
2015-12-16 06:39 - 2010-09-05 03:50 - 00000000 ___HD C:\WINDOWS\inf
2015-12-16 06:00 - 2015-08-11 21:04 - 00165104 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-12-16 06:00 - 2014-05-28 16:16 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-12-16 06:00 - 2013-03-19 15:16 - 00209432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-12-16 06:00 - 2013-03-19 15:16 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-12-16 06:00 - 2010-09-11 08:31 - 00058016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-12-16 06:00 - 2010-09-11 08:31 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-12-16 05:59 - 2011-11-30 16:40 - 00794952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
==================== Files in the root of some directories =======
2011-12-28 11:20 - 2011-12-28 11:20 - 0002528 _____ () C:\Documents and Settings\Dad\Application Data\$_hpcst$.hpc
2011-12-14 17:16 - 2014-11-15 15:53 - 0003584 _____ () C:\Documents and Settings\Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
C:\Documents and Settings\Dad\Local Settings\Temp\Full Flush Poker Updater.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-01-2015 01
Ran by Dad (2016-01-12 17:22:15)
Running from C:\Documents and Settings\Dad\Desktop\virus-fix
Microsoft Windows XP Professional Service Pack 3 (X86) (2010-09-05 18:17:31)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1390067357-926492609-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1390067357-926492609-839522115-1006 - Limited - Enabled)
Dad (S-1-5-21-1390067357-926492609-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Dad
Guest (S-1-5-21-1390067357-926492609-839522115-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1390067357-926492609-839522115-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1390067357-926492609-839522115-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Arcade Tournament Manager (HKLM\...\{E27E085D-DAEE-41D1-B047-42DC8A01F545}) (Version: 1.7.4.0 - Danesi Designs)
ArcSoft Camera Suite (HKLM\...\{4677AAF8-8D7A-4EE2-BCE4-0068BB052353}) (Version: - )
Arduino (HKLM\...\Arduino) (Version: 1.6.3 - Arduino LLC)
AT&T Connect Participant Application v9.5.51 (HKLM\...\{E42E8753-9A8E-48E9-9829-B3571D91A945}) (Version: 9.5.51 - AT&T Inc.)
Avast Free Antivirus (HKLM\...\avast) (Version: 11.1.2245 - AVAST Software)
Belarc Advisor 8.2 (HKLM\...\Belarc Advisor) (Version: 8.2.6.0 - Belarc Inc.)
BetOnline Poker 8.2 (HKLM\...\BetOnline Poker 8.2) (Version: 8.2.12.201511170400 - Hero Poker Network)
Camera Window (Version: 4.0 - Canon) Hidden
Canon Camera WIA Driver (Version: 5.0.0 - Canon) Hidden
Canon Camera Window for ZoomBrowser EX (HKLM\...\InstallShield_{2D6BDF3A-6BDB-4169-909F-E882F23AB795}) (Version: 4.0 - Canon)
Canon PhotoRecord (HKLM\...\PhotoRecord) (Version: - )
Canon PowerShot S45 WIA Driver (HKLM\...\InstallShield_{25E671BE-87A0-40F1-ABE5-BCBC6E65B0F5}) (Version: 5.0.0 - Canon)
Canon Utilities FileViewerUtility 1.0 (HKLM\...\InstallShield_{0627E8E9-6822-4A5E-9225-286741CDC3E4}) (Version: 1.0 - Canon)
Canon Utilities PhotoStitch 3.1 (HKLM\...\InstallShield_{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}) (Version: 3.1.8 - Canon)
Canon Utilities RemoteCapture 2.6 (HKLM\...\InstallShield_{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}) (Version: 2.6.0 - Your Company Name)
Canon Utilities ZoomBrowser EX (HKLM\...\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}) (Version: 04.00.00024 - CISRA)
Catan Online World (HKLM\...\Catan Online Welt) (Version: 3.728 - Catan GmbH)
Cisco AnyConnect Secure Mobility Client (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05160 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.05160 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{3D5F07C3-1B93-47F8-9F8A-DE8E47BF1669}) (Version: 1.0.209 - Citrix)
Data Fax SoftModem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: - )
FileViewerUtility 1.0 (Version: 1.0 - Canon) Hidden
Full Flush Poker 8.2 (HKLM\...\Full Flush Poker 8.2) (Version: 8.2.12.201509140800 - Full Flush Poker)
Google Chrome (HKLM\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
GoToMeeting 7.8.1.4190 (HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\GoToMeeting) (Version: 7.8.1.4190 - CitrixOnline)
H&R Block Deluxe + Efile + State 2014 (HKLM\...\{BDA77C08-60A6-4AAB-B5A9-849ECF399A49}) (Version: 14.05.7401 - HRB Technology, LLC.)
H&R Block Illinois 2014 (HKLM\...\{1B7D02B3-464B-4870-83AF-9FC76A8C8554}) (Version: 1.14.3401 - HRB Technology, LLC.)
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
Image Resizer Powertoy for Windows XP (HKLM\...\{1CB92574-96F2-467B-B793-5CEB35C40C29}) (Version: 1.00.0001 - Microsoft Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5273 - Intel Corporation)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Juniper Networks Host Checker (HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\Neoteris_Host_Checker) (Version: 7.1.0.18193 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\Juniper_Setup_Client) (Version: 7.1.2.10059 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
LivePix 1.1 SE (HKLM\...\LivePix) (Version: - )
Logitech Gaming Software 5.10 (HKLM\...\{60D32CDC-E3BE-4578-BA10-29322307CDDC}) (Version: 5.10.127 - Logitech)
MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Max Loader 4.6r (HKLM\...\Max Loader_is1) (Version: - EETools, Inc.)
MeasureUp Certification Preparation (HKLM\...\InstallShield_{B9DF865A-C1BD-4DFD-9FF5-9CA5C6E23415}) (Version: 10.03 - MeasureUp Inc.)
MeasureUp Practice Tests (HKLM\...\InstallShield_{1B53F089-10BA-4538-B977-8CF8A5343E04}) (Version: 10.03 - MeasureUp Inc.)
MeasureUp Practice Tests (Version: 10.03 - MeasureUp Inc.) Hidden
MEET MANAGER 2.0 for Swimming (HKLM\...\{7CE480FF-5B49-490E-BC18-1C663ECC0B61}) (Version: 1.00.0001 - Sports-Tek Software)
MEET MANAGER 3.0 for Swimming (HKLM\...\{ED1D569E-3DA4-4D59-A1C2-80DFF72C962F}) (Version: 1.00.0001 - HY-TEK Sports Software)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Lync 2010 Attendee (HKLM\...\{6F72D695-5188-4484-B21E-E16CD89C4008}) (Version: 4.0.7577.4446 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version: - )
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
mIRC (HKLM\...\mIRC) (Version: - )
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Password Safe 1.7.1 (HKLM\...\{9886C963-FB48-4C58-8E75-64816F220D1D}) (Version: 1.7.1 - SBC)
Pdf995 (installed by H&R Block) (HKLM\...\Pdf995) (Version: - )
PdfEdit995 (installed by H&R Block) (HKLM\...\PdfEdit995) (Version: - )
PhotoStitch (Version: 3.1.8 - Canon) Hidden
PokerStars (HKLM\...\PokerStars) (Version: - PokerStars)
Radiator (remove only) (HKLM\...\Radiator) (Version: - )
Radmin Viewer 3.4 (HKLM\...\{2517B7EA-6C03-4D86-A1B1-F3FE1C3BC03B}) (Version: 3.41.0000 - Famatech)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.30.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6106 - Realtek Semiconductor Corp.)
Remote Administrator v2.2 (HKLM\...\Remote Administrator v2.2) (Version: - )
RemoteCapture 2.6 (Version: 2.6.0 - Your Company Name) Hidden
Revo Uninstaller Pro 2.5.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.9 - VS Revo Group, Ltd.)
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Savings Bond Wizard (HKLM\...\Savings Bond Wizard) (Version: - )
ScanCraft CS-P (HKLM\...\ScanCraft CS-P) (Version: - )
SecureAuthOTP (HKLM\...\{21CBD08B-1E83-4D4B-B1FE-BB5424245BB5}) (Version: 1.11.0000 - SecureAuth)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SketchUp 2013 (HKLM\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
SketchUp 2014 (HKLM\...\{A608A8D3-E77C-4BEE-8F2A-F8124F5F0FE2}) (Version: 14.0.4900 - Trimble Navigation Limited)
SmartFTP Client 2.0 (HKLM\...\{C169D3BB-9A27-43F5-9979-09A0D65FE95C}) (Version: 2.0.1000 - SmartFTP)
SmartFTP Client 2.0 Setup Files (remove only) (HKLM\...\SmartFTP Client 2.0 Setup Files) (Version: "2.0" - "SmartFTP")
Snagit 10 (HKLM\...\{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}) (Version: 10.0.0 - TechSmith Corporation)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
StudioLine Photo (HKLM\...\StudioLine Photo) (Version: - )
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{01E0A80A-97FD-4FC2-B75D-C754396CD255}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{0BBFE402-CCA1-4f64-9322-13B66D841049}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{156B30E4-2D3D-4257-A340-9BDD2E972E2E}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\Video2ActiveXWnd.ocx ()
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{2115F58A-CE09-47CC-A0B1-A8A2EC0C5423}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{25D005BF-FE63-4cce-AA25-CE952B1D9381}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{638B203F-8FB6-49ec-A139-AB8C530F0CAB}\MSPowerPoint.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{48A60FE8-C446-4371-95EB-258B14DCC5AC}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{54050FBB-F2AE-404b-8BFD-7EE3EC784A52}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{18AA4E21-D540-4a3a-9F9F-E6DE33D6F253}\MSExcel.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{5A31DC2C-BC50-4F71-93B8-2EC648404AF3}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\Video2ActiveXWnd.ocx ()
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{6B1948B3-9547-42F8-9B37-7AA9768134C4}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{23102CBF-AC8D-4424-9364-A79738894850}\MSWord.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{7949C823-54C6-40F0-8D85-2348247E6820}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Utilities\IWMaterials.ocx (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{795B06EA-58E8-482C-AF11-A7E4E34DA16F}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{7A162288-DE78-473C-A6BA-23FF17F768E9}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1440\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{88BE9158-3A40-4907-B2F0-7E72496A9596}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{8A3C5585-D1ED-4EC0-B3C4-94998094E5BB}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{8CC82228-2200-4D22-9859-B762582F6D31}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{CC9F903E-1C4B-4596-B410-982107EC4899}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{DE471660-5535-47A8-949A-9DA95A72951F}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Utilities\IWMaterials.ocx (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{E169D2B5-9411-47B9-A473-345A3FB57090}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{F4A2332C-B453-4424-A142-AB9C51BAE2AF}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\ScheduleEvent.dll (AT&T Inc.)
CustomCLSID: HKU\S-1-5-21-1390067357-926492609-839522115-1003_Classes\CLSID\{F8ACB9F2-2A7D-4261-AA37-A39448C23CAE}\InprocServer32 -> C:\Documents and Settings\Dad\Local Settings\Application Data\ATT Connect\Participant\dsoframer.ocx (AT&T Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1390067357-926492609-839522115-1003.job => C:\Program Files\Citrix\GoToMeeting\4190\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1390067357-926492609-839522115-1003.job => C:\Program Files\Citrix\GoToMeeting\4190\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-03-12 14:53 - 2014-03-12 14:53 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2015-05-28 20:06 - 2015-12-16 06:00 - 00103888 _____ () C:\Program Files\Alwil Software\Avast5\log.dll
2015-05-28 20:06 - 2015-12-16 06:00 - 00125512 _____ () C:\Program Files\Alwil Software\Avast5\JsonRpcServer.dll
2016-01-12 13:57 - 2016-01-12 13:57 - 02822144 _____ () C:\Program Files\Alwil Software\Avast5\defs\16011200\algo.dll
2015-12-16 06:00 - 2015-12-16 06:00 - 00469008 _____ () C:\Program Files\Alwil Software\Avast5\ffl2.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-05-23 16:05 - 2009-08-16 16:06 - 00141312 _____ () C:\Program Files\WinRAR\rarext.dll
2015-08-10 06:47 - 2015-08-10 06:47 - 00036864 _____ () C:\WINDOWS\system32\pdf995mon.dll
2013-02-17 21:21 - 2012-11-28 11:50 - 00018856 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
2015-03-13 16:23 - 2015-12-16 06:00 - 40539648 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\att.com -> hxxps://*.vpn.att.com
IE trusted site: HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\fixme.it -> hxxps://fixme.it
IE trusted site: HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\fujitsu.com -> hxxps://sslvpn2.fai.fujitsu.com
IE trusted site: HKU\S-1-5-21-1390067357-926492609-839522115-1003\...\measureup.com -> measureup.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2001-08-23 06:00 - 2015-11-04 20:10 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1390067357-926492609-839522115-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.88.1
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
StandardProfile\AuthorizedApplications: [C:\Program Files\mIRC\mirc.exe] => Enabled:mIRC
StandardProfile\AuthorizedApplications: [C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe] => Enabled:SmartFTP Client 2.0
StandardProfile\AuthorizedApplications: [C:\Hy-Sport\SwMM2\SwimMM2.exe] => Enabled:Swim Meet Manager
StandardProfile\AuthorizedApplications: [D:\C_2010_09_04\Program Files\mIRC\mirc.exe] => Enabled:mIRC
StandardProfile\AuthorizedApplications: [C:\Program Files\NetAcquire\NetAcquire.exe] => Enabled:Play the Acquire board game on the Internet.
StandardProfile\AuthorizedApplications: [C:\Program Files\AT&T Global Network Client\SwiApiMux.exe] => Enabled:SwiApiMux
StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe] => Enabled:KTF MUSIC AoD Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe] => Enabled:KTF MUSIC VoD Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [D:\Program Files\Savings Bond Wizard\SBWizard.exe] => Enabled:Savings Bond Wizard
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\Version8\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\GROOVE.EXE] => Enabled:Microsoft SharePoint Workspace
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE] => Enabled:Microsoft OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft Lync Attendee\AttendeeCommunicator.exe] => Enabled:Lync Attendee
StandardProfile\AuthorizedApplications: [C:\Program Files\Arduino\java\bin\javaw.exe] => Enabled:Java(TM) Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
==================== Restore Points =========================
14-10-2015 15:08:02 System Checkpoint
15-10-2015 15:09:19 System Checkpoint
17-10-2015 07:10:13 System Checkpoint
18-10-2015 07:58:04 System Checkpoint
19-10-2015 08:53:12 System Checkpoint
20-10-2015 09:00:04 System Checkpoint
21-10-2015 09:32:27 System Checkpoint
22-10-2015 19:48:01 System Checkpoint
24-10-2015 08:14:38 System Checkpoint
24-10-2015 13:56:12 Software Distribution Service 3.0
25-10-2015 07:23:03 Software Distribution Service 3.0
25-10-2015 07:25:08 Software Distribution Service 3.0
25-10-2015 07:35:03 Software Distribution Service 3.0
25-10-2015 07:53:53 Software Distribution Service 3.0
25-10-2015 08:26:12 Software Distribution Service 3.0
25-10-2015 08:39:05 Software Distribution Service 3.0
25-10-2015 21:47:11 Software Distribution Service 3.0
26-10-2015 05:25:03 Software Distribution Service 3.0
26-10-2015 17:13:54 Software Distribution Service 3.0
27-10-2015 17:23:22 System Checkpoint
28-10-2015 17:50:16 System Checkpoint
29-10-2015 18:35:42 System Checkpoint
31-10-2015 11:55:54 System Checkpoint
01-11-2015 14:10:18 System Checkpoint
02-11-2015 16:12:44 System Checkpoint
03-11-2015 18:02:17 System Checkpoint
04-11-2015 13:37:42 Restore Operation
04-11-2015 13:41:47 avast! antivirus system restore point
04-11-2015 13:50:21 Installed Windows XP Wdf01009.
04-11-2015 20:03:13 Restore Point Created by FRST
04-11-2015 20:10:50 Restore Point Created by FRST
04-11-2015 21:41:25 JRT Pre-Junkware Removal
05-11-2015 21:47:42 System Checkpoint
06-11-2015 17:21:01 Restore Point Created by FRST
07-11-2015 17:56:01 System Checkpoint
08-11-2015 18:28:51 System Checkpoint
09-11-2015 19:21:03 System Checkpoint
10-11-2015 19:30:58 System Checkpoint
11-11-2015 21:17:22 System Checkpoint
12-11-2015 16:20:20 Software Distribution Service 3.0
12-11-2015 23:11:52 Software Distribution Service 3.0
13-11-2015 05:50:59 Software Distribution Service 3.0
13-11-2015 06:29:39 Software Distribution Service 3.0
13-11-2015 06:47:56 Software Distribution Service 3.0
13-11-2015 06:55:46 Software Distribution Service 3.0
13-11-2015 07:20:58 Software Distribution Service 3.0
14-11-2015 11:28:32 System Checkpoint
15-11-2015 12:16:12 System Checkpoint
16-11-2015 12:34:32 System Checkpoint
17-11-2015 13:03:46 System Checkpoint
18-11-2015 14:55:28 System Checkpoint
19-11-2015 16:39:00 System Checkpoint
22-11-2015 18:57:54 System Checkpoint
23-11-2015 19:29:53 System Checkpoint
24-11-2015 20:17:53 System Checkpoint
25-11-2015 20:42:58 System Checkpoint
27-11-2015 09:26:53 System Checkpoint
28-11-2015 09:31:11 System Checkpoint
29-11-2015 10:05:51 System Checkpoint
30-11-2015 11:36:05 System Checkpoint
01-12-2015 12:16:46 System Checkpoint
02-12-2015 12:17:03 System Checkpoint
03-12-2015 13:00:24 System Checkpoint
04-12-2015 13:38:51 System Checkpoint
05-12-2015 17:44:45 System Checkpoint
06-12-2015 19:28:14 System Checkpoint
07-12-2015 20:07:15 System Checkpoint
08-12-2015 21:15:00 System Checkpoint
09-12-2015 21:18:23 System Checkpoint
10-12-2015 11:39:17 Software Distribution Service 3.0
10-12-2015 16:17:15 Software Distribution Service 3.0
10-12-2015 17:17:50 Software Distribution Service 3.0
10-12-2015 17:29:41 Software Distribution Service 3.0
11-12-2015 17:42:33 System Checkpoint
12-12-2015 18:40:31 System Checkpoint
13-12-2015 18:50:00 System Checkpoint
14-12-2015 19:32:24 System Checkpoint
15-12-2015 20:09:52 System Checkpoint
16-12-2015 06:07:20 Installed Windows XP Wdf01009.
17-12-2015 06:58:18 System Checkpoint
18-12-2015 07:28:14 System Checkpoint
19-12-2015 08:59:54 System Checkpoint
20-12-2015 09:20:57 System Checkpoint
21-12-2015 10:54:25 System Checkpoint
22-12-2015 11:20:11 System Checkpoint
23-12-2015 20:03:23 System Checkpoint
24-12-2015 20:39:21 System Checkpoint
25-12-2015 21:35:47 System Checkpoint
26-12-2015 22:55:15 System Checkpoint
28-12-2015 10:07:28 System Checkpoint
29-12-2015 12:15:36 System Checkpoint
30-12-2015 12:17:55 System Checkpoint
31-12-2015 13:43:45 System Checkpoint
01-01-2016 15:17:53 System Checkpoint
02-01-2016 15:42:24 System Checkpoint
03-01-2016 17:55:47 System Checkpoint
04-01-2016 18:32:55 System Checkpoint
05-01-2016 19:24:45 System Checkpoint
06-01-2016 19:56:54 System Checkpoint
07-01-2016 20:03:11 System Checkpoint
09-01-2016 07:46:30 System Checkpoint
10-01-2016 10:29:06 System Checkpoint
11-01-2016 10:37:51 System Checkpoint
12-01-2016 11:41:48 System Checkpoint
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/07/2016 06:58:14 AM) (Source: Microsoft Office 14) (EventID: 1000) (User: )
Description: Faulting application outlook.exe, version 14.0.7162.5003, stamp 56344207, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0xffff0000.
Error: (01/02/2016 10:41:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application jucheck.exe, version 2.8.60.27, faulting module jucheck.exe, version 2.8.60.27, fault address 0x00052d24.
Processing media-specific event for [jucheck.exe!ws!]
Error: (12/30/2015 08:29:26 AM) (Source: Microsoft Office 14) (EventID: 1000) (User: )
Description: Faulting application outlook.exe, version 14.0.7162.5003, stamp 56344207, faulting module urlmon.dll, version 8.0.6001.23580, stamp 5318b77b, debug? 0, fault address 0x000059b4.
Error: (12/13/2015 11:47:29 AM) (Source: Microsoft Office 14) (EventID: 1000) (User: )
Description: Faulting application outlook.exe, version 14.0.7162.5003, stamp 56344207, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x6e757220.
Error: (12/10/2015 11:42:46 AM) (Source: MsiInstaller) (EventID: 1024) (User: JOE)
Description: Product: Microsoft Office Professional Plus 2010 - Update 'Security Update for Microsoft Office 2010 (KB3085612) 32-Bit Edition' could not be installed. Error code 1624. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (12/10/2015 11:42:38 AM) (Source: MsiInstaller) (EventID: 1024) (User: JOE)
Description: Product: Microsoft Office Professional Plus 2010 - Update 'Security Update for Microsoft Office 2010 (KB3085528) 32-Bit Edition' could not be installed. Error code 1624. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (12/10/2015 11:41:04 AM) (Source: MsiInstaller) (EventID: 1024) (User: JOE)
Description: Product: Microsoft Office Professional Plus 2010 - Update 'Update for Microsoft Office 2010 (KB3114404) 32-Bit Edition' could not be installed. Error code 1624. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
Error: (12/04/2015 07:33:27 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 200400471.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.
Error: (12/04/2015 07:33:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application betonline poker.exe, version 0.0.0.0, faulting module betonline poker.exe, version 0.0.0.0, fault address 0x00393a67.
Processing media-specific event for [betonline poker.exe!ws!]
Error: (12/04/2015 07:32:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application betonline poker.exe, version 0.0.0.0, faulting module betonline poker.exe, version 0.0.0.0, fault address 0x00393a67.
Processing media-specific event for [betonline poker.exe!ws!]
System errors:
=============
Error: (01/12/2016 05:14:15 PM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 000000ea, parameter1 897e1da0, parameter2 8a312e20, parameter3 8a510638, parameter4 00000001.
Error: (01/12/2016 05:11:14 PM) (Source: 0) (EventID: 2) (User: )
Description:
Error: (01/12/2016 05:11:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RadPciNT service failed to start due to the following error:
%%55
Error: (01/12/2016 05:11:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Java Quick Starter service failed to start due to the following error:
%%2
Error: (01/12/2016 05:11:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GemTek USB FM Radio 21 driver service failed to start due to the following error:
%%1058
Error: (01/12/2016 05:09:37 PM) (Source: 0) (EventID: 108) (User: )
Description: \Device\Video0displayigxprd32
Error: (01/12/2016 04:59:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RadPciNT service failed to start due to the following error:
%%55
Error: (01/12/2016 04:59:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Java Quick Starter service failed to start due to the following error:
%%2
Error: (01/12/2016 04:59:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GemTek USB FM Radio 21 driver service failed to start due to the following error:
%%1058
Error: (01/12/2016 04:59:36 PM) (Source: 0) (EventID: 2) (User: )
Description:
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz
Percentage of memory in use: 39%
Total physical RAM: 2009.74 MB
Available physical RAM: 1223.73 MB
Total Virtual: 3902.79 MB
Available Virtual: 3233.93 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:298.09 GB) (Free:236.17 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:298.09 GB) (Free:115.95 GB) NTFS ==>[drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: C5ABC5AB)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 3F0C8D80)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-01-12 17:23:04
-----------------------------
17:23:04.015 OS Version: Windows 5.1.2600 Service Pack 3
17:23:04.015 Number of processors: 2 586 0x170A
17:23:04.015 ComputerName: JOE UserName: Dad
17:23:04.718 Initialize success
17:23:04.718 VM: initialized successfully
17:23:04.718 VM: Intel CPU virtualization not supported
17:23:06.484 AVAST engine defs: 16011200
17:23:27.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
17:23:27.625 Disk 0 Vendor: WDC_WD3200AAJB-00WGA0 00.02C01 Size: 305245MB BusType: 3
17:23:27.625 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
17:23:27.625 Disk 1 Vendor: WDC_WD3200AAJB-00WGA0 00.02C01 Size: 305245MB BusType: 3
17:23:27.828 Disk 0 MBR read successfully
17:23:27.828 Disk 0 MBR scan
17:23:27.828 Disk 0 Windows XP default MBR code
17:23:27.828 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305242 MB offset 63
17:23:27.843 Disk 0 default boot code
17:23:27.843 Disk 0 scanning sectors +625137345
17:23:27.921 Disk 0 scanning C:\WINDOWS\system32\drivers
17:23:39.218 Service scanning
17:23:56.125 Modules scanning
17:23:56.125 Disk 0 trace - called modules:
17:23:56.140 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:23:56.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a602ab8]
17:23:56.140 3 CLASSPNP.SYS[b98e8fd7] -> nt!IofCallDriver -> \Device\00000071[0x8a6053b8]
17:23:56.140 5 ACPI.sys[b977f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a5f5d98]
17:23:56.718 AVAST engine scan C:\WINDOWS
17:24:28.968 AVAST engine scan C:\WINDOWS\system32
17:28:47.375 AVAST engine scan C:\WINDOWS\system32\drivers
17:29:18.140 AVAST engine scan C:\Documents and Settings\Dad
17:59:25.953 AVAST engine scan C:\Documents and Settings\All Users
18:02:22.546 Disk 0 statistics 2447246/0/0 @ 0.62 MB/s
18:02:22.562 Scan finished successfully
18:22:49.062 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dad\Desktop\virus-fix\MBR.dat"
18:22:49.109 The log file has been saved successfully to "C:\Documents and Settings\Dad\Desktop\virus-fix\aswMBR.txt"
(END LOGS)