roger.f
2016-12-17, 08:02
The taskbar disappears. I reboot and the computer runs reasonably well for 24-48 hours and then the task bar disappear again. Task performed as requested and log fills follow:
Thank you!!!
==================== Memory info ===========================
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+
Percentage of memory in use: 49%
Total physical RAM: 2814.42 MB
Available physical RAM: 1416.51 MB
Total Virtual: 4700.93 MB
Available Virtual: 3418.59 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:341.8 GB) (Free:316.67 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:390.63 GB) (Free:339.73 GB) NTFS
Drive e: () (Fixed) (Total:199.08 GB) (Free:100.85 GB) NTFS
Drive g: (System) (Fixed) (Total:121.85 GB) (Free:51.59 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive h: (Data) (Fixed) (Total:148.6 GB) (Free:73.19 GB) NTFS
Drive i: (Backup) (Fixed) (Total:100 GB) (Free:99.92 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CE18CE18)
Partition 1: (Active) - (Size=341.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=589.7 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.6 GB) (Disk ID: 41F041EF)
Partition 1: (Active) - (Size=121.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=11.7 GB) - (Type=DE)
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2016
Ran by Administrator (administrator) on ROGER-DESKTOP (16-12-2016 21:33:08)
Running from E:\Documents and Settings\Roger\Desktop
Loaded Profiles: Roger & Administrator (Available Profiles: Roger & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) E:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) E:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) E:\WINDOWS\system32\scardsvr.exe
(Realtek Semiconductor Corp.) E:\WINDOWS\RTHDCPL.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\AvastUI.exe
(SUPERAntiSpyware.com) E:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Brother Industries, Ltd.) E:\Program Files\Brother\ControlCenter2\brctrcen.exe
(Apple Computer, Inc.) E:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) E:\Program Files\Dropbox\Client\Dropbox.exe
(Macrovision) E:\WINDOWS\system32\drivers\CDAC11BA.EXE
(Skype Technologies S.A.) E:\Program Files\Skype\Phone\Skype.exe
(CrypKey (Canada) Ltd.) E:\WINDOWS\system32\Crypserv.exe
() E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Seagate) E:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
(Dropbox, Inc.) E:\Program Files\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) E:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) E:\WINDOWS\system32\wuauclt.exe
(Google Inc.) E:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Mozilla Corporation) E:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => E:\WINDOWS\RTHDCPL.EXE [16862720 2008-05-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe_ID0EYTHM] => E:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => E:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => E:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-10-07] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => E:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [SetDefPrt] => E:\Program Files\Brother\Brmfl04g\BrStDvPt.exe [49152 2004-11-11] (Brother Industories, Ltd.)
HKLM\...\Run: [ControlCenter2.0] => E:\Program Files\Brother\ControlCenter2\brctrcen.exe [864256 2005-01-07] (Brother Industries, Ltd.)
HKLM\...\Run: [Dropbox] => E:\Program Files\Dropbox\Client\Dropbox.exe [25838592 2016-11-28] (Dropbox, Inc.)
Winlogon\Notify\AtiExtEvent: E:\WINDOWS\system32\Ati2evxx.dll [2008-03-18] (ATI Technologies Inc.)
HKU\S-1-5-21-1644491937-813497703-682003330-1003\...\Run: [Skype] => E:\Program Files\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-1644491937-813497703-682003330-1003\...\MountPoints2: {a37c370f-f4fd-11e4-a8bb-02785b918a01} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1644491937-813497703-682003330-1003\...\MountPoints2: {d2da4ecb-3807-11e4-a8a5-001fd08f1f5b} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1644491937-813497703-682003330-1003\...\MountPoints2: {d2da4ecc-3807-11e4-a8a5-001fd08f1f5b} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1644491937-813497703-682003330-500\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C2].txt
HKU\S-1-5-21-1644491937-813497703-682003330-500\...\MountPoints2: F - F:\setup.exe
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Program Files\AVAST Software\Avast\ashShell.dll [2016-10-07] (AVAST Software)
GroupPolicy: Restriction ? <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 04 E:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.29.1
Tcpip\..\Interfaces\{EB49A6B1-8C1D-498D-AF66-5EFD93B18641}: [DhcpNameServer] 192.168.29.1
Internet Explorer:
==================
HKU\S-1-5-21-1644491937-813497703-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: [S-1-5-21-1644491937-813497703-682003330-500] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-1644491937-813497703-682003330-1003 -> DefaultScope {73CBDD4E-F0B0-4E8E-BD6A-389EB855600A} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1644491937-813497703-682003330-1003 -> {73CBDD4E-F0B0-4E8E-BD6A-389EB855600A} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> E:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Program Files\Java\jre1.8.0_71\bin\ssv.dll [2016-01-29] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-07] (AVAST Software)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2011-08-30] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-29] (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2011-08-30] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1644491937-813497703-682003330-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2011-08-30] (Adobe Systems Incorporated)
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1357964692663
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1357975986390
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} hxxp://las.mlxchange.com/5.6.09.29841/Control/IRCSharc.cab
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-26] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - E:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-07]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - E:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - E:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-07]
FF Plugin: @adobe.com/FlashPlayer -> E:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-06-15] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @java.com/DTPlugin,version=11.71.2 -> E:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.71.2 -> E:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> E:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> E:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-03-19] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> E:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> E:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1644491937-813497703-682003330-1003: @citrixonline.com/appdetectorplugin -> E:\Documents and Settings\Roger\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-06-05] (Citrix Online)
FF Plugin HKU\S-1-5-21-1644491937-813497703-682003330-1003: magellangps.com/mgnContentManager -> E:\Documents and Settings\Roger\Application Data\MiTAC Digital Corporation\mgnContentManager\npmgnContentManager.dll [2016-01-20] (MiTAC Digital Corp.)
FF Plugin ProgramFiles/Appdata: E:\Program Files\mozilla firefox\browser\plugins\ieatgpc.dll [2013-11-08] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: E:\Program Files\mozilla firefox\browser\plugins\npatgpc.dll [2013-11-08] (Cisco WebEx LLC)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: E:\Documents and Settings\Administrator.ROGER-DESKTOP\Local Settings\Application Data\Google\Chrome\User Data\Default [2015-09-30]
CHR Extension: (Docs) - E:\Documents and Settings\Administrator.ROGER-DESKTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-25]
CHR Extension: (Google Drive) - E:\Documents and Settings\Administrator.ROGER-DESKTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-25]
CHR Extension: (YouTube) - E:\Documents and Settings\Administrator.ROGER-DESKTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - E:\Documents and Settings\Administrator.ROGER-DESKTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-25]
CHR Extension: (Gmail) - E:\Documents and Settings\Administrator.ROGER-DESKTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-25]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; E:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-13] (SUPERAntiSpyware.com)
R2 6to4; E:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S3 ACDaemon; E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe Version Cue CS3; E:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
R2 avast! Antivirus; E:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-07] (AVAST Software)
S3 BlackBerry Device Manager; E:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
R2 Bonjour Service; E:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 C-DillaCdaC11BA; E:\WINDOWS\system32\drivers\CDAC11BA.EXE [52736 2016-09-10] (Macrovision) [File not signed]
R2 Crypkey License; E:\WINDOWS\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) [File not signed]
S2 dbupdate; E:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
S3 dbupdatem; E:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
S2 DbxSvc; E:\WINDOWS\system32\DbxSvc.exe [35440 2016-11-28] (Dropbox, Inc.) [File not signed]
S3 FLEXnet Licensing Service; E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-01-15] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 PassThru Service; E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 SgtSch2Svc; E:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [845808 2011-06-30] (Seagate)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AmdK8; E:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
S3 aswHwid; E:\WINDOWS\system32\drivers\aswHwid.sys [34008 2016-10-07] (AVAST Software)
R1 aswKbd; E:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-10-07] (AVAST Software)
R2 aswMonFlt; E:\WINDOWS\system32\drivers\aswMonFlt.sys [92256 2016-10-07] (AVAST Software)
R1 AswRdr; E:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-10-07] (AVAST Software)
R0 aswRvrt; E:\WINDOWS\system32\Drivers\aswRvrt.sys [60424 2016-10-07] (AVAST Software)
R1 aswSnx; E:\WINDOWS\system32\drivers\aswSnx.sys [735488 2016-10-07] (AVAST Software)
R1 aswSP; E:\WINDOWS\system32\drivers\aswSP.sys [433768 2016-10-07] (AVAST Software)
R3 aswStmXP; E:\WINDOWS\system32\drivers\aswStmXP.sys [184592 2016-10-07] (AVAST Software)
S3 aswTdi; E:\WINDOWS\system32\drivers\aswTdi.sys [66688 2016-10-07] (AVAST Software)
R0 aswVmm; E:\WINDOWS\system32\Drivers\aswVmm.sys [224616 2016-10-07] (AVAST Software)
R3 BrScnUsb; E:\WINDOWS\System32\Drivers\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
R2 CdaC15BA; E:\WINDOWS\system32\drivers\CdaC15BA.SYS [11376 2016-09-10] () [File not signed]
S3 gdrv; E:\WINDOWS\gdrv.sys [17488 2013-01-12] (Windows (R) 2000 DDK provider)
R1 NetworkX; E:\WINDOWS\system32\ckldrv.sys [19584 2008-03-17] () [File not signed]
S3 RimUsb; E:\WINDOWS\System32\Drivers\RimUsb.sys [68608 2014-05-06] (BlackBerry Limited)
S3 rimvndis; E:\WINDOWS\System32\Drivers\rimvndis.sys [12288 2015-03-19] (BlackBerry Limited) [File not signed]
R3 RTHDMIAzAudService; E:\WINDOWS\System32\drivers\RtHDMI.sys [3688960 2008-04-29] (Realtek Semiconductor Corp.)
R1 SASDIFSV; E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SCR3XX2K; E:\WINDOWS\System32\DRIVERS\SCR3XX2K.sys [62976 2013-05-30] (Identive)
R1 Tcpip6; E:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
R0 vididr; E:\WINDOWS\System32\DRIVERS\vididr.sys [125472 2013-01-14] (Acronis)
R0 vidsflt53; E:\WINDOWS\System32\DRIVERS\vsflt53.sys [83392 2013-01-14] (Acronis)
U2 CertPropSvc; no ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-16 20:20 - 2016-12-16 20:25 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d2581cdc81e5fe.job
2016-12-15 21:35 - 2016-05-24 10:43 - 00022694 _____ E:\Documents and Settings\Roger\Desktop\error_log
2016-12-15 21:34 - 2016-12-15 22:33 - 00000841 _____ E:\Documents and Settings\Roger\Desktop\send-contacts.php
2016-12-15 21:32 - 2016-05-24 10:43 - 00019815 _____ E:\Documents and Settings\Roger\Desktop\contact.html
2016-12-12 21:33 - 2016-12-16 21:29 - 00000000 ____D E:\Documents and Settings\Roger\Application Data\Skype
2016-12-12 21:33 - 2016-12-12 21:33 - 00001878 _____ E:\Documents and Settings\All Users\Desktop\Skype.lnk
2016-12-12 21:33 - 2016-12-12 21:33 - 00000000 ____D E:\Documents and Settings\Roger\Tracing
2016-12-12 21:33 - 2016-12-12 21:33 - 00000000 ____D E:\Documents and Settings\All Users\Start Menu\Programs\Skype
2016-12-12 21:32 - 2016-12-12 21:33 - 00000000 ___RD E:\Program Files\Skype
2016-12-12 21:32 - 2016-12-12 21:33 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\Skype
2016-12-12 21:32 - 2016-12-12 21:32 - 00000000 ____D E:\Program Files\Common Files\Skype
2016-12-12 21:29 - 2016-12-12 21:30 - 43552728 _____ (Skype Technologies S.A.) E:\Documents and Settings\Roger\Desktop\SkypeSetupFullXp.exe
2016-12-09 17:48 - 2016-12-09 17:49 - 00015139 _____ E:\Documents and Settings\Roger\Desktop\fremont 01.jpeg
2016-12-09 02:11 - 2016-12-09 02:11 - 00000750 _____ E:\Documents and Settings\All Users\Start Menu\Programs\Sublime Text 3.lnk
2016-12-09 02:11 - 2016-12-09 02:11 - 00000000 ____D E:\Program Files\Sublime Text 3
2016-12-09 02:11 - 2016-12-09 02:11 - 00000000 ____D E:\Documents and Settings\Roger\Local Settings\Application Data\Sublime Text 3
2016-12-09 02:11 - 2016-12-09 02:11 - 00000000 ____D E:\Documents and Settings\Roger\Application Data\Sublime Text 3
2016-12-01 12:46 - 2016-12-01 12:46 - 00000000 ____D E:\Documents and Settings\All Users\Start Menu\Programs\Dropbox
2016-11-29 11:01 - 2016-12-16 20:16 - 00000892 _____ E:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d24a72eddc4f32.job
2016-11-26 19:49 - 2016-11-27 06:21 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2016-11-26 19:47 - 2016-11-27 06:21 - 00000000 ____D E:\Documents and Settings\Roger\Desktop\mbar
2016-11-20 19:56 - 2016-11-20 21:06 - 00000000 ____D E:\Documents and Settings\Roger\Desktop\Jen Picts
2016-11-17 14:31 - 2016-12-16 09:20 - 00000000 ____D E:\Program Files\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-16 21:33 - 2016-10-14 13:23 - 00019019 _____ E:\Documents and Settings\Roger\Desktop\FRST.txt
2016-12-16 21:33 - 2015-09-25 01:14 - 00000000 ____D E:\Documents and Settings\Administrator.ROGER-DESKTOP\Local Settings\Temp
2016-12-16 21:30 - 2013-01-11 17:53 - 00000000 ____D E:\Documents and Settings\Roger\Local Settings\Temp
2016-12-16 21:29 - 2015-09-25 01:15 - 00000178 ___SH E:\Documents and Settings\Administrator.ROGER-DESKTOP\ntuser.ini
2016-12-16 21:26 - 2016-10-14 13:22 - 00000000 ____D E:\FRST
2016-12-16 21:25 - 2014-06-05 09:55 - 00000514 _____ E:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1644491937-813497703-682003330-1003.job
2016-12-16 21:23 - 2016-10-14 13:20 - 01761792 _____ (Farbar) E:\Documents and Settings\Roger\Desktop\FRST.exe
2016-12-16 21:20 - 2015-09-28 09:37 - 00039771 _____ E:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2016-12-16 20:57 - 2016-02-03 01:58 - 00000830 _____ E:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-16 20:25 - 2016-07-28 12:51 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d1e911ce7c837c.job
2016-12-16 20:16 - 2016-10-07 05:17 - 00000470 _____ E:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1475846231.job
2016-12-16 20:16 - 2016-05-10 12:40 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d1aafc36bf21d2.job
2016-12-16 20:16 - 2016-02-01 11:01 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d15d22e49186ce.job
2016-12-16 20:16 - 2015-12-02 09:40 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d12d288d1bd6ee.job
2016-12-16 20:16 - 2015-09-14 14:43 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0ef3ebabe5dba.job
2016-12-16 20:16 - 2015-08-30 01:05 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0e302f89e769e.job
2016-12-16 20:16 - 2015-07-15 11:40 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0bf361ea2e2f8.job
2016-12-16 20:16 - 2015-05-14 21:01 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d08ecc387f391e.job
2016-12-16 20:16 - 2015-02-05 06:13 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0414df5827840.job
2016-12-16 20:16 - 2014-11-13 03:52 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfff38450a62d6.job
2016-12-16 20:16 - 2014-10-21 09:48 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfed574469b630.job
2016-12-16 20:16 - 2014-08-27 12:06 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfc2327115be7c.job
2016-12-16 20:16 - 2013-01-12 03:48 - 00000316 ____H E:\WINDOWS\Tasks\avast! Emergency Update.job
2016-12-16 20:16 - 2013-01-11 17:51 - 00000006 ____H E:\WINDOWS\Tasks\SA.DAT
2016-12-16 20:16 - 2008-04-14 04:00 - 00013734 _____ E:\WINDOWS\system32\wpa.dbl
2016-12-16 20:15 - 2013-01-15 00:04 - 00000000 ____D E:\Program Files\Mozilla Maintenance Service
2016-12-16 13:57 - 2013-01-11 17:51 - 00032296 _____ E:\WINDOWS\SchedLgU.Txt
2016-12-12 21:33 - 2013-01-11 17:53 - 00000000 ____D E:\Documents and Settings\Roger
2016-12-08 15:00 - 2014-07-28 15:17 - 00000216 _____ E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-12-03 13:08 - 2013-01-15 10:32 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\FLEXnet
2016-12-01 12:47 - 2013-06-15 02:51 - 00000000 ____D E:\Program Files\Dropbox
2016-11-28 10:39 - 2013-01-11 17:53 - 00000000 ___RD E:\Documents and Settings\Roger\My Documents
2016-11-28 09:55 - 2013-01-11 08:50 - 00590908 _____ E:\WINDOWS\system32\PerfStringBackup.INI
2016-11-28 09:49 - 2013-01-11 17:53 - 00000278 ___SH E:\Documents and Settings\Roger\ntuser.ini
2016-11-28 09:48 - 2008-04-14 04:00 - 00000644 _____ E:\WINDOWS\win.ini
2016-11-28 09:48 - 2008-04-14 04:00 - 00000227 _____ E:\WINDOWS\system.ini
2016-11-28 09:37 - 2013-12-26 15:07 - 00000000 ____D E:\WINDOWS\system32\MRT
2016-11-28 09:27 - 2013-01-11 21:10 - 144884648 ____C (Microsoft Corporation) E:\WINDOWS\system32\MRT.exe
2016-11-28 09:25 - 2013-01-11 23:03 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\Microsoft Help
2016-11-28 06:05 - 2016-10-24 05:06 - 00063600 _____ (Dropbox, Inc.) E:\WINDOWS\system32\Drivers\dbx-dev.sys
2016-11-28 06:05 - 2016-09-12 05:11 - 00035440 _____ (Dropbox, Inc.) E:\WINDOWS\system32\DbxSvc.exe
2016-11-28 06:05 - 2016-09-12 05:05 - 00063600 _____ (Dropbox, Inc.) E:\WINDOWS\system32\Drivers\dbx-stable.sys
2016-11-28 06:05 - 2016-09-12 05:05 - 00063600 _____ (Dropbox, Inc.) E:\WINDOWS\system32\Drivers\dbx-canary.sys
2016-11-27 22:19 - 2016-06-04 02:14 - 00000000 ____D E:\Documents and Settings\Roger\Local Settings\Application Data\ESET
2016-11-27 21:05 - 2014-08-27 22:37 - 00170200 _____ (Malwarebytes) E:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-26 19:48 - 2014-08-27 22:35 - 00121560 _____ (Malwarebytes) E:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-11-19 08:43 - 2014-01-04 00:05 - 00000000 ____D E:\Program Files\SUPERAntiSpyware
==================== Files in the root of some directories =======
2013-01-18 09:39 - 2013-01-18 09:39 - 0000268 ___RH () E:\Documents and Settings\All Users\Application Data\Calibrators
2013-01-18 09:39 - 2013-01-18 09:39 - 0000268 ___RH () E:\Documents and Settings\All Users\Application Data\Carbon
2013-01-18 09:39 - 2013-01-18 09:39 - 0000268 ___RH () E:\Documents and Settings\All Users\Application Data\Channel
2013-01-18 09:39 - 2013-01-18 09:39 - 0000020 ____H () E:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
2013-01-18 09:39 - 2016-08-16 16:21 - 0000020 ____H () E:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
2013-01-18 09:39 - 2016-08-16 16:21 - 0000020 ____H () E:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
E:\WINDOWS\explorer.exe => File is digitally signed
E:\WINDOWS\system32\winlogon.exe => File is digitally signed
E:\WINDOWS\system32\svchost.exe => File is digitally signed
E:\WINDOWS\system32\services.exe => File is digitally signed
E:\WINDOWS\system32\User32.dll => File is digitally signed
E:\WINDOWS\system32\userinit.exe => File is digitally signed
E:\WINDOWS\system32\rpcss.dll => File is digitally signed
E:\WINDOWS\system32\dnsapi.dll => File is digitally signed
E:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-12-16 21:41:34
-----------------------------
21:41:34.766 OS Version: Windows 5.1.2600 Service Pack 3
21:41:34.766 Number of processors: 2 586 0x6B02
21:41:34.766 ComputerName: ROGER-DESKTOP UserName: Roger
21:41:36.203 Initialize success
21:41:36.203 VM: initialized successfully
21:41:36.219 VM: Amd CPU virtualization not supported
21:41:44.250 AVAST engine defs: 16121601
21:41:58.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
21:41:58.250 Disk 0 Vendor: TOSHIBA_DT01ACA100 MS2OA750 Size: 953868MB BusType: 3
21:41:58.250 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-17
21:41:58.250 Disk 1 Vendor: ST3500320NS SN06 Size: 476810MB BusType: 3
21:41:58.360 Disk 0 MBR read successfully
21:41:58.360 Disk 0 MBR scan
21:41:58.391 Disk 0 Windows XP default MBR code
21:41:58.391 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 350002 MB offset 63
21:41:58.422 Disk 0 default boot code
21:41:58.422 Disk 0 Partition - 00 0F Extended LBA 603857 MB offset 716804235
21:41:58.532 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 400001 MB offset 716804298
21:41:58.532 Disk 0 Partition - 00 05 Extended 203856 MB offset 1536006780
21:41:58.563 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 203856 MB offset 1536006843
21:41:58.625 Disk 0 scanning sectors +1953504000
21:41:58.750 Disk 0 scanning E:\WINDOWS\system32\drivers
21:42:04.594 Service scanning
21:42:16.735 Modules scanning
21:42:16.735 Disk 0 trace - called modules:
21:42:16.766 ntkrnlpa.exe CLASSPNP.SYS disk.sys vsflt53.sys hal.dll ACPI.sys atapi.sys pciide.sys PCIIDEX.SYS
21:42:16.766 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa5eab8]
21:42:16.766 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> [0x8aa8b9e0]
21:42:16.766 5 vsflt53.sys[b9f60c2b] -> nt!IofCallDriver -> \Device\00000071[0x8aaaaf18]
21:42:16.766 7 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8aa93d98]
21:42:17.126 AVAST engine scan E:\WINDOWS
21:42:21.204 AVAST engine scan E:\WINDOWS\system32
21:44:52.003 AVAST engine scan E:\WINDOWS\system32\drivers
21:45:12.691 AVAST engine scan E:\Documents and Settings\Roger
21:49:31.835 Disk 0 MBR has been saved successfully to "E:\Documents and Settings\Roger\Desktop\MBR.dat"
21:49:31.835 The log file has been saved successfully to "E:\Documents and Settings\Roger\Desktop\aswMBR.txt"
Thank you!!!
==================== Memory info ===========================
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+
Percentage of memory in use: 49%
Total physical RAM: 2814.42 MB
Available physical RAM: 1416.51 MB
Total Virtual: 4700.93 MB
Available Virtual: 3418.59 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:341.8 GB) (Free:316.67 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:390.63 GB) (Free:339.73 GB) NTFS
Drive e: () (Fixed) (Total:199.08 GB) (Free:100.85 GB) NTFS
Drive g: (System) (Fixed) (Total:121.85 GB) (Free:51.59 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive h: (Data) (Fixed) (Total:148.6 GB) (Free:73.19 GB) NTFS
Drive i: (Backup) (Fixed) (Total:100 GB) (Free:99.92 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CE18CE18)
Partition 1: (Active) - (Size=341.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=589.7 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.6 GB) (Disk ID: 41F041EF)
Partition 1: (Active) - (Size=121.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=11.7 GB) - (Type=DE)
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2016
Ran by Administrator (administrator) on ROGER-DESKTOP (16-12-2016 21:33:08)
Running from E:\Documents and Settings\Roger\Desktop
Loaded Profiles: Roger & Administrator (Available Profiles: Roger & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) E:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) E:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) E:\WINDOWS\system32\scardsvr.exe
(Realtek Semiconductor Corp.) E:\WINDOWS\RTHDCPL.exe
(AVAST Software) E:\Program Files\AVAST Software\Avast\AvastUI.exe
(SUPERAntiSpyware.com) E:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Brother Industries, Ltd.) E:\Program Files\Brother\ControlCenter2\brctrcen.exe
(Apple Computer, Inc.) E:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) E:\Program Files\Dropbox\Client\Dropbox.exe
(Macrovision) E:\WINDOWS\system32\drivers\CDAC11BA.EXE
(Skype Technologies S.A.) E:\Program Files\Skype\Phone\Skype.exe
(CrypKey (Canada) Ltd.) E:\WINDOWS\system32\Crypserv.exe
() E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Seagate) E:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
(Dropbox, Inc.) E:\Program Files\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) E:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) E:\WINDOWS\system32\wuauclt.exe
(Google Inc.) E:\Program Files\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Mozilla Corporation) E:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => E:\WINDOWS\RTHDCPL.EXE [16862720 2008-05-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe ARM] => E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe_ID0EYTHM] => E:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => E:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => E:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-10-07] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => E:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [SetDefPrt] => E:\Program Files\Brother\Brmfl04g\BrStDvPt.exe [49152 2004-11-11] (Brother Industories, Ltd.)
HKLM\...\Run: [ControlCenter2.0] => E:\Program Files\Brother\ControlCenter2\brctrcen.exe [864256 2005-01-07] (Brother Industries, Ltd.)
HKLM\...\Run: [Dropbox] => E:\Program Files\Dropbox\Client\Dropbox.exe [25838592 2016-11-28] (Dropbox, Inc.)
Winlogon\Notify\AtiExtEvent: E:\WINDOWS\system32\Ati2evxx.dll [2008-03-18] (ATI Technologies Inc.)
HKU\S-1-5-21-1644491937-813497703-682003330-1003\...\Run: [Skype] => E:\Program Files\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-1644491937-813497703-682003330-1003\...\MountPoints2: {a37c370f-f4fd-11e4-a8bb-02785b918a01} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1644491937-813497703-682003330-1003\...\MountPoints2: {d2da4ecb-3807-11e4-a8a5-001fd08f1f5b} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1644491937-813497703-682003330-1003\...\MountPoints2: {d2da4ecc-3807-11e4-a8a5-001fd08f1f5b} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1644491937-813497703-682003330-500\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C2].txt
HKU\S-1-5-21-1644491937-813497703-682003330-500\...\MountPoints2: F - F:\setup.exe
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => E:\Program Files\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => E:\Program Files\AVAST Software\Avast\ashShell.dll [2016-10-07] (AVAST Software)
GroupPolicy: Restriction ? <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 04 E:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.29.1
Tcpip\..\Interfaces\{EB49A6B1-8C1D-498D-AF66-5EFD93B18641}: [DhcpNameServer] 192.168.29.1
Internet Explorer:
==================
HKU\S-1-5-21-1644491937-813497703-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: [S-1-5-21-1644491937-813497703-682003330-500] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-1644491937-813497703-682003330-1003 -> DefaultScope {73CBDD4E-F0B0-4E8E-BD6A-389EB855600A} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1644491937-813497703-682003330-1003 -> {73CBDD4E-F0B0-4E8E-BD6A-389EB855600A} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> E:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Program Files\Java\jre1.8.0_71\bin\ssv.dll [2016-01-29] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> E:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-07] (AVAST Software)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2011-08-30] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-29] (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2011-08-30] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1644491937-813497703-682003330-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2011-08-30] (Adobe Systems Incorporated)
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1357964692663
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1357975986390
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} hxxp://las.mlxchange.com/5.6.09.29841/Control/IRCSharc.cab
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-26] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - E:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - E:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-07]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - E:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - E:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-07]
FF Plugin: @adobe.com/FlashPlayer -> E:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-06-15] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> E:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin: @java.com/DTPlugin,version=11.71.2 -> E:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.71.2 -> E:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> E:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> E:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-03-19] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> E:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> E:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> E:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1644491937-813497703-682003330-1003: @citrixonline.com/appdetectorplugin -> E:\Documents and Settings\Roger\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-06-05] (Citrix Online)
FF Plugin HKU\S-1-5-21-1644491937-813497703-682003330-1003: magellangps.com/mgnContentManager -> E:\Documents and Settings\Roger\Application Data\MiTAC Digital Corporation\mgnContentManager\npmgnContentManager.dll [2016-01-20] (MiTAC Digital Corp.)
FF Plugin ProgramFiles/Appdata: E:\Program Files\mozilla firefox\browser\plugins\ieatgpc.dll [2013-11-08] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: E:\Program Files\mozilla firefox\browser\plugins\npatgpc.dll [2013-11-08] (Cisco WebEx LLC)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: E:\Documents and Settings\Administrator.ROGER-DESKTOP\Local Settings\Application Data\Google\Chrome\User Data\Default [2015-09-30]
CHR Extension: (Docs) - E:\Documents and Settings\Administrator.ROGER-DESKTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-25]
CHR Extension: (Google Drive) - E:\Documents and Settings\Administrator.ROGER-DESKTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-25]
CHR Extension: (YouTube) - E:\Documents and Settings\Administrator.ROGER-DESKTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - E:\Documents and Settings\Administrator.ROGER-DESKTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-25]
CHR Extension: (Gmail) - E:\Documents and Settings\Administrator.ROGER-DESKTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-25]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - E:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; E:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-13] (SUPERAntiSpyware.com)
R2 6to4; E:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S3 ACDaemon; E:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe Version Cue CS3; E:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
R2 avast! Antivirus; E:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-07] (AVAST Software)
S3 BlackBerry Device Manager; E:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
R2 Bonjour Service; E:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 C-DillaCdaC11BA; E:\WINDOWS\system32\drivers\CDAC11BA.EXE [52736 2016-09-10] (Macrovision) [File not signed]
R2 Crypkey License; E:\WINDOWS\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) [File not signed]
S2 dbupdate; E:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
S3 dbupdatem; E:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
S2 DbxSvc; E:\WINDOWS\system32\DbxSvc.exe [35440 2016-11-28] (Dropbox, Inc.) [File not signed]
S3 FLEXnet Licensing Service; E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-01-15] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 PassThru Service; E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 SgtSch2Svc; E:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [845808 2011-06-30] (Seagate)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AmdK8; E:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
S3 aswHwid; E:\WINDOWS\system32\drivers\aswHwid.sys [34008 2016-10-07] (AVAST Software)
R1 aswKbd; E:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-10-07] (AVAST Software)
R2 aswMonFlt; E:\WINDOWS\system32\drivers\aswMonFlt.sys [92256 2016-10-07] (AVAST Software)
R1 AswRdr; E:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-10-07] (AVAST Software)
R0 aswRvrt; E:\WINDOWS\system32\Drivers\aswRvrt.sys [60424 2016-10-07] (AVAST Software)
R1 aswSnx; E:\WINDOWS\system32\drivers\aswSnx.sys [735488 2016-10-07] (AVAST Software)
R1 aswSP; E:\WINDOWS\system32\drivers\aswSP.sys [433768 2016-10-07] (AVAST Software)
R3 aswStmXP; E:\WINDOWS\system32\drivers\aswStmXP.sys [184592 2016-10-07] (AVAST Software)
S3 aswTdi; E:\WINDOWS\system32\drivers\aswTdi.sys [66688 2016-10-07] (AVAST Software)
R0 aswVmm; E:\WINDOWS\system32\Drivers\aswVmm.sys [224616 2016-10-07] (AVAST Software)
R3 BrScnUsb; E:\WINDOWS\System32\Drivers\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
R2 CdaC15BA; E:\WINDOWS\system32\drivers\CdaC15BA.SYS [11376 2016-09-10] () [File not signed]
S3 gdrv; E:\WINDOWS\gdrv.sys [17488 2013-01-12] (Windows (R) 2000 DDK provider)
R1 NetworkX; E:\WINDOWS\system32\ckldrv.sys [19584 2008-03-17] () [File not signed]
S3 RimUsb; E:\WINDOWS\System32\Drivers\RimUsb.sys [68608 2014-05-06] (BlackBerry Limited)
S3 rimvndis; E:\WINDOWS\System32\Drivers\rimvndis.sys [12288 2015-03-19] (BlackBerry Limited) [File not signed]
R3 RTHDMIAzAudService; E:\WINDOWS\System32\drivers\RtHDMI.sys [3688960 2008-04-29] (Realtek Semiconductor Corp.)
R1 SASDIFSV; E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; E:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SCR3XX2K; E:\WINDOWS\System32\DRIVERS\SCR3XX2K.sys [62976 2013-05-30] (Identive)
R1 Tcpip6; E:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
R0 vididr; E:\WINDOWS\System32\DRIVERS\vididr.sys [125472 2013-01-14] (Acronis)
R0 vidsflt53; E:\WINDOWS\System32\DRIVERS\vsflt53.sys [83392 2013-01-14] (Acronis)
U2 CertPropSvc; no ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-16 20:20 - 2016-12-16 20:25 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d2581cdc81e5fe.job
2016-12-15 21:35 - 2016-05-24 10:43 - 00022694 _____ E:\Documents and Settings\Roger\Desktop\error_log
2016-12-15 21:34 - 2016-12-15 22:33 - 00000841 _____ E:\Documents and Settings\Roger\Desktop\send-contacts.php
2016-12-15 21:32 - 2016-05-24 10:43 - 00019815 _____ E:\Documents and Settings\Roger\Desktop\contact.html
2016-12-12 21:33 - 2016-12-16 21:29 - 00000000 ____D E:\Documents and Settings\Roger\Application Data\Skype
2016-12-12 21:33 - 2016-12-12 21:33 - 00001878 _____ E:\Documents and Settings\All Users\Desktop\Skype.lnk
2016-12-12 21:33 - 2016-12-12 21:33 - 00000000 ____D E:\Documents and Settings\Roger\Tracing
2016-12-12 21:33 - 2016-12-12 21:33 - 00000000 ____D E:\Documents and Settings\All Users\Start Menu\Programs\Skype
2016-12-12 21:32 - 2016-12-12 21:33 - 00000000 ___RD E:\Program Files\Skype
2016-12-12 21:32 - 2016-12-12 21:33 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\Skype
2016-12-12 21:32 - 2016-12-12 21:32 - 00000000 ____D E:\Program Files\Common Files\Skype
2016-12-12 21:29 - 2016-12-12 21:30 - 43552728 _____ (Skype Technologies S.A.) E:\Documents and Settings\Roger\Desktop\SkypeSetupFullXp.exe
2016-12-09 17:48 - 2016-12-09 17:49 - 00015139 _____ E:\Documents and Settings\Roger\Desktop\fremont 01.jpeg
2016-12-09 02:11 - 2016-12-09 02:11 - 00000750 _____ E:\Documents and Settings\All Users\Start Menu\Programs\Sublime Text 3.lnk
2016-12-09 02:11 - 2016-12-09 02:11 - 00000000 ____D E:\Program Files\Sublime Text 3
2016-12-09 02:11 - 2016-12-09 02:11 - 00000000 ____D E:\Documents and Settings\Roger\Local Settings\Application Data\Sublime Text 3
2016-12-09 02:11 - 2016-12-09 02:11 - 00000000 ____D E:\Documents and Settings\Roger\Application Data\Sublime Text 3
2016-12-01 12:46 - 2016-12-01 12:46 - 00000000 ____D E:\Documents and Settings\All Users\Start Menu\Programs\Dropbox
2016-11-29 11:01 - 2016-12-16 20:16 - 00000892 _____ E:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore1d24a72eddc4f32.job
2016-11-26 19:49 - 2016-11-27 06:21 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2016-11-26 19:47 - 2016-11-27 06:21 - 00000000 ____D E:\Documents and Settings\Roger\Desktop\mbar
2016-11-20 19:56 - 2016-11-20 21:06 - 00000000 ____D E:\Documents and Settings\Roger\Desktop\Jen Picts
2016-11-17 14:31 - 2016-12-16 09:20 - 00000000 ____D E:\Program Files\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-16 21:33 - 2016-10-14 13:23 - 00019019 _____ E:\Documents and Settings\Roger\Desktop\FRST.txt
2016-12-16 21:33 - 2015-09-25 01:14 - 00000000 ____D E:\Documents and Settings\Administrator.ROGER-DESKTOP\Local Settings\Temp
2016-12-16 21:30 - 2013-01-11 17:53 - 00000000 ____D E:\Documents and Settings\Roger\Local Settings\Temp
2016-12-16 21:29 - 2015-09-25 01:15 - 00000178 ___SH E:\Documents and Settings\Administrator.ROGER-DESKTOP\ntuser.ini
2016-12-16 21:26 - 2016-10-14 13:22 - 00000000 ____D E:\FRST
2016-12-16 21:25 - 2014-06-05 09:55 - 00000514 _____ E:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1644491937-813497703-682003330-1003.job
2016-12-16 21:23 - 2016-10-14 13:20 - 01761792 _____ (Farbar) E:\Documents and Settings\Roger\Desktop\FRST.exe
2016-12-16 21:20 - 2015-09-28 09:37 - 00039771 _____ E:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2016-12-16 20:57 - 2016-02-03 01:58 - 00000830 _____ E:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-16 20:25 - 2016-07-28 12:51 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d1e911ce7c837c.job
2016-12-16 20:16 - 2016-10-07 05:17 - 00000470 _____ E:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1475846231.job
2016-12-16 20:16 - 2016-05-10 12:40 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d1aafc36bf21d2.job
2016-12-16 20:16 - 2016-02-01 11:01 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d15d22e49186ce.job
2016-12-16 20:16 - 2015-12-02 09:40 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d12d288d1bd6ee.job
2016-12-16 20:16 - 2015-09-14 14:43 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0ef3ebabe5dba.job
2016-12-16 20:16 - 2015-08-30 01:05 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0e302f89e769e.job
2016-12-16 20:16 - 2015-07-15 11:40 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0bf361ea2e2f8.job
2016-12-16 20:16 - 2015-05-14 21:01 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d08ecc387f391e.job
2016-12-16 20:16 - 2015-02-05 06:13 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0414df5827840.job
2016-12-16 20:16 - 2014-11-13 03:52 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfff38450a62d6.job
2016-12-16 20:16 - 2014-10-21 09:48 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfed574469b630.job
2016-12-16 20:16 - 2014-08-27 12:06 - 00000882 _____ E:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cfc2327115be7c.job
2016-12-16 20:16 - 2013-01-12 03:48 - 00000316 ____H E:\WINDOWS\Tasks\avast! Emergency Update.job
2016-12-16 20:16 - 2013-01-11 17:51 - 00000006 ____H E:\WINDOWS\Tasks\SA.DAT
2016-12-16 20:16 - 2008-04-14 04:00 - 00013734 _____ E:\WINDOWS\system32\wpa.dbl
2016-12-16 20:15 - 2013-01-15 00:04 - 00000000 ____D E:\Program Files\Mozilla Maintenance Service
2016-12-16 13:57 - 2013-01-11 17:51 - 00032296 _____ E:\WINDOWS\SchedLgU.Txt
2016-12-12 21:33 - 2013-01-11 17:53 - 00000000 ____D E:\Documents and Settings\Roger
2016-12-08 15:00 - 2014-07-28 15:17 - 00000216 _____ E:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-12-03 13:08 - 2013-01-15 10:32 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\FLEXnet
2016-12-01 12:47 - 2013-06-15 02:51 - 00000000 ____D E:\Program Files\Dropbox
2016-11-28 10:39 - 2013-01-11 17:53 - 00000000 ___RD E:\Documents and Settings\Roger\My Documents
2016-11-28 09:55 - 2013-01-11 08:50 - 00590908 _____ E:\WINDOWS\system32\PerfStringBackup.INI
2016-11-28 09:49 - 2013-01-11 17:53 - 00000278 ___SH E:\Documents and Settings\Roger\ntuser.ini
2016-11-28 09:48 - 2008-04-14 04:00 - 00000644 _____ E:\WINDOWS\win.ini
2016-11-28 09:48 - 2008-04-14 04:00 - 00000227 _____ E:\WINDOWS\system.ini
2016-11-28 09:37 - 2013-12-26 15:07 - 00000000 ____D E:\WINDOWS\system32\MRT
2016-11-28 09:27 - 2013-01-11 21:10 - 144884648 ____C (Microsoft Corporation) E:\WINDOWS\system32\MRT.exe
2016-11-28 09:25 - 2013-01-11 23:03 - 00000000 ____D E:\Documents and Settings\All Users\Application Data\Microsoft Help
2016-11-28 06:05 - 2016-10-24 05:06 - 00063600 _____ (Dropbox, Inc.) E:\WINDOWS\system32\Drivers\dbx-dev.sys
2016-11-28 06:05 - 2016-09-12 05:11 - 00035440 _____ (Dropbox, Inc.) E:\WINDOWS\system32\DbxSvc.exe
2016-11-28 06:05 - 2016-09-12 05:05 - 00063600 _____ (Dropbox, Inc.) E:\WINDOWS\system32\Drivers\dbx-stable.sys
2016-11-28 06:05 - 2016-09-12 05:05 - 00063600 _____ (Dropbox, Inc.) E:\WINDOWS\system32\Drivers\dbx-canary.sys
2016-11-27 22:19 - 2016-06-04 02:14 - 00000000 ____D E:\Documents and Settings\Roger\Local Settings\Application Data\ESET
2016-11-27 21:05 - 2014-08-27 22:37 - 00170200 _____ (Malwarebytes) E:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-26 19:48 - 2014-08-27 22:35 - 00121560 _____ (Malwarebytes) E:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-11-19 08:43 - 2014-01-04 00:05 - 00000000 ____D E:\Program Files\SUPERAntiSpyware
==================== Files in the root of some directories =======
2013-01-18 09:39 - 2013-01-18 09:39 - 0000268 ___RH () E:\Documents and Settings\All Users\Application Data\Calibrators
2013-01-18 09:39 - 2013-01-18 09:39 - 0000268 ___RH () E:\Documents and Settings\All Users\Application Data\Carbon
2013-01-18 09:39 - 2013-01-18 09:39 - 0000268 ___RH () E:\Documents and Settings\All Users\Application Data\Channel
2013-01-18 09:39 - 2013-01-18 09:39 - 0000020 ____H () E:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
2013-01-18 09:39 - 2016-08-16 16:21 - 0000020 ____H () E:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
2013-01-18 09:39 - 2016-08-16 16:21 - 0000020 ____H () E:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
E:\WINDOWS\explorer.exe => File is digitally signed
E:\WINDOWS\system32\winlogon.exe => File is digitally signed
E:\WINDOWS\system32\svchost.exe => File is digitally signed
E:\WINDOWS\system32\services.exe => File is digitally signed
E:\WINDOWS\system32\User32.dll => File is digitally signed
E:\WINDOWS\system32\userinit.exe => File is digitally signed
E:\WINDOWS\system32\rpcss.dll => File is digitally signed
E:\WINDOWS\system32\dnsapi.dll => File is digitally signed
E:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-12-16 21:41:34
-----------------------------
21:41:34.766 OS Version: Windows 5.1.2600 Service Pack 3
21:41:34.766 Number of processors: 2 586 0x6B02
21:41:34.766 ComputerName: ROGER-DESKTOP UserName: Roger
21:41:36.203 Initialize success
21:41:36.203 VM: initialized successfully
21:41:36.219 VM: Amd CPU virtualization not supported
21:41:44.250 AVAST engine defs: 16121601
21:41:58.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
21:41:58.250 Disk 0 Vendor: TOSHIBA_DT01ACA100 MS2OA750 Size: 953868MB BusType: 3
21:41:58.250 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-17
21:41:58.250 Disk 1 Vendor: ST3500320NS SN06 Size: 476810MB BusType: 3
21:41:58.360 Disk 0 MBR read successfully
21:41:58.360 Disk 0 MBR scan
21:41:58.391 Disk 0 Windows XP default MBR code
21:41:58.391 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 350002 MB offset 63
21:41:58.422 Disk 0 default boot code
21:41:58.422 Disk 0 Partition - 00 0F Extended LBA 603857 MB offset 716804235
21:41:58.532 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 400001 MB offset 716804298
21:41:58.532 Disk 0 Partition - 00 05 Extended 203856 MB offset 1536006780
21:41:58.563 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 203856 MB offset 1536006843
21:41:58.625 Disk 0 scanning sectors +1953504000
21:41:58.750 Disk 0 scanning E:\WINDOWS\system32\drivers
21:42:04.594 Service scanning
21:42:16.735 Modules scanning
21:42:16.735 Disk 0 trace - called modules:
21:42:16.766 ntkrnlpa.exe CLASSPNP.SYS disk.sys vsflt53.sys hal.dll ACPI.sys atapi.sys pciide.sys PCIIDEX.SYS
21:42:16.766 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa5eab8]
21:42:16.766 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> [0x8aa8b9e0]
21:42:16.766 5 vsflt53.sys[b9f60c2b] -> nt!IofCallDriver -> \Device\00000071[0x8aaaaf18]
21:42:16.766 7 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8aa93d98]
21:42:17.126 AVAST engine scan E:\WINDOWS
21:42:21.204 AVAST engine scan E:\WINDOWS\system32
21:44:52.003 AVAST engine scan E:\WINDOWS\system32\drivers
21:45:12.691 AVAST engine scan E:\Documents and Settings\Roger
21:49:31.835 Disk 0 MBR has been saved successfully to "E:\Documents and Settings\Roger\Desktop\MBR.dat"
21:49:31.835 The log file has been saved successfully to "E:\Documents and Settings\Roger\Desktop\aswMBR.txt"