Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads pop-up By I Want This


  • This topic is locked This topic is locked
2 replies to this topic

#1 triedthatdidntwork

triedthatdidntwork

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:34 AM

Posted 23 April 2015 - 06:28 PM

Want to remove these special offers and ads!!!  Have never run spyware removal before!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-04-2015 02
Ran by Buyer (administrator) on DESKTOP on 23-04-2015 18:13:04
Running from C:\Documents and Settings\Buyer\My Documents\Downloads
Loaded Profiles: Buyer & Patty (Available profiles: Buyer & Patty & Pearl & Ruby & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(RealTek Semicoductor Corp.) C:\WINDOWS\ALCWZRD.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
() C:\Program Files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(RealTek Semicoductor Corp.) C:\WINDOWS\ALCWZRD.EXE
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
() C:\Program Files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Documents and Settings\Buyer\Application Data\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [90112 2005-07-25] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2806272 2005-07-25] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-07-25] (Realtek Semiconductor Corp.)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [AP Sharing Switch] => C:\Program Files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe [840704 2008-10-24] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-01-27] (Apple Inc.)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDY5NjkwMzExLVQxMS1LVjMrNy1CQSsxLVhMKzEtRlA5KzYtVEI5KzItRkwrO (the data entry has 69 more characters).
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll [2005-02-17] (Intel Corporation)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-2025429265-1960408961-1801674531-1003\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
HKU\S-1-5-21-2025429265-1960408961-1801674531-1003\...\Run: [FlashGet 3] => "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize
HKU\S-1-5-21-2025429265-1960408961-1801674531-1003\...\MountPoints2: {67a6d510-92a0-11e3-89a4-001320743011} - E:\PhotoViewer.exe
HKU\S-1-5-21-2025429265-1960408961-1801674531-1003\...\MountPoints2: {c7f39f52-0009-11de-9be9-001b2f321b7e} - E:\LaunchU3.exe -a
Lsa: [Notification Packages] scecli C:\WINDOWS\system32\gerogije.dll
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk [2009-06-30]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\Buyer\Start Menu\Programs\Startup\Dropbox.lnk [2012-07-11]
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Buyer\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Buyer\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Buyer\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Buyer\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Buyer\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Buyer\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Buyer\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Buyer\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Buyer\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2025429265-1960408961-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-2025429265-1960408961-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" <======= ATTENTION
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2025429265-1960408961-1801674531-1003 -> {5E49EBFB-04B7-4757-B64D-6EC42DE1792B} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20101147,6900,0,5,0
SearchScopes: HKU\S-1-5-21-2025429265-1960408961-1801674531-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={C4C5F234-E143-4BD8-8F8C-0C1BCAEC5BFB}&mid=3d4e8de5e75349d2dfb02123b1b6d50f-8225fe0aa494eef41233190655a76b1de4beb0d2&lang=en&ds=ts026&pr=&d=2011-12-28 15:27:02&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2025429265-1960408961-1801674531-1003 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://search.avg.com/route/?d=4cb59a58&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
SearchScopes: HKU\S-1-5-21-2025429265-1960408961-1801674531-1005 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll No File
Toolbar: HKU\S-1-5-21-2025429265-1960408961-1801674531-1003 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-2025429265-1960408961-1801674531-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2025429265-1960408961-1801674531-1003 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKU\S-1-5-21-2025429265-1960408961-1801674531-1003 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235197564984
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1235197556343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Buyer\Application Data\Mozilla\Firefox\Profiles\ocwz807j.default
FF DefaultSearchEngine.US: Google
FF Homepage: www.google.com/ig
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2008-02-20] (DivX,Inc.)
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Content Uploader\npUpload.dll [2008-02-20] (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [2008-02-20] (DivX, Inc)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2025429265-1960408961-1801674531-1005: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\DOCUME~1\Patty\APPLIC~1\CATALI~2\NPBCSK~1.DLL No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-01-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-01-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-01-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-01-30] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-01-30] (Apple Inc.)
FF Extension: I Want This - C:\Documents and Settings\Buyer\Application Data\Mozilla\Firefox\Profiles\ocwz807j.default\Extensions\crossriderapp2258@crossrider.com [2015-03-10]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-21]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Buyer\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Buyer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-24]
CHR Extension: (Red Fox Snow Theme) - C:\Documents and Settings\Buyer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgaadipmojdihomphfmjphmelinpdalg [2015-02-28]
CHR Extension: (I Want This) - C:\Documents and Settings\Buyer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk [2013-02-20]
CHR Extension: (AVG Security Toolbar) - C:\Documents and Settings\Buyer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-02-20]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Buyer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-27]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2008-12-01] (Sun Microsystems, Inc.)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [49152 2006-05-18] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2008-01-16] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2008-01-16] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21035 2009-02-21] (Meetinghouse Data Communications) [File not signed]
S3 brfilt; C:\WINDOWS\System32\Drivers\Brfilt.sys [2944 2001-08-17] (Brother Industries Ltd.)
S3 BrUsbScn; C:\WINDOWS\System32\Drivers\BrUsbScn.sys [10368 2001-08-17] (Brother Industries Ltd.)
S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [534312 2009-06-30] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37160 2009-06-30] (Broadcom Corporation.)
R3 btkrnl; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991136 2009-06-30] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [156816 2009-06-30] (Broadcom Corporation.)
S3 btwhid; C:\WINDOWS\System32\DRIVERS\btwhid.sys [56992 2009-06-30] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2009-06-30] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 CEUSBAUD; C:\WINDOWS\System32\Drivers\CEUSBAUD.sys [17920 2007-11-08] (CEntrance, Inc.) [File not signed]
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
S3 mf; C:\WINDOWS\System32\DRIVERS\mf.sys [63744 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 SynasUSB; C:\WINDOWS\System32\drivers\SynasUSB.sys [16896 2006-01-29] (SIA Syncrosoft) [File not signed]
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [232064 2005-05-06] (Marvell)
S3 FXDRV; \??\D:\Fxdrv.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S3 iLokDrvr; system32\DRIVERS\iLokDrvr.sys [X]
S3 RTL8187B; system32\DRIVERS\wg111v3.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys [X]
S0 TFSysMon; system32\drivers\TfSysMon.sys [X]
S3 USBMIDI; System32\Drivers\Mdusb.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-23 18:12 - 2015-04-23 18:13 - 00000000 ____D () C:\FRST
2015-04-23 11:06 - 2015-04-23 11:22 - 00000000 ____D () C:\AdwCleaner
2015-04-23 07:53 - 2015-04-23 07:53 - 00000772 _____ () C:\Documents and Settings\All Users\desktop\DriveImage XML.lnk
2015-04-23 07:53 - 2015-04-23 07:53 - 00000000 ____D () C:\Program Files\Runtime Software
2015-04-18 16:29 - 2015-04-18 16:41 - 00517120 ____H () C:\Documents and Settings\Patty\My Documents\~WRL1409.tmp
2015-04-18 16:29 - 2015-04-18 16:40 - 00517120 ____H () C:\Documents and Settings\Patty\My Documents\~WRL2695.tmp
2015-04-18 16:29 - 2015-04-18 16:39 - 00517120 ____H () C:\Documents and Settings\Patty\My Documents\~WRL3817.tmp
2015-04-18 16:29 - 2015-04-18 16:38 - 00514560 ____H () C:\Documents and Settings\Patty\My Documents\~WRL1957.tmp
2015-04-18 16:29 - 2015-04-18 16:34 - 00513536 ____H () C:\Documents and Settings\Patty\My Documents\~WRL0805.tmp
2015-04-18 16:29 - 2015-04-18 16:33 - 00512000 ____H () C:\Documents and Settings\Patty\My Documents\~WRL1854.tmp
2015-04-18 16:29 - 2015-04-18 16:31 - 00237056 ____H () C:\Documents and Settings\Patty\My Documents\~WRL0922.tmp
2015-04-18 16:29 - 2015-04-18 16:30 - 00237056 ____H () C:\Documents and Settings\Patty\My Documents\~WRL0856.tmp
2015-04-18 16:29 - 2015-04-18 16:29 - 00237568 ____H () C:\Documents and Settings\Patty\My Documents\~WRL3005.tmp
2015-04-18 16:24 - 2015-04-18 16:25 - 00036352 ____H () C:\Documents and Settings\Patty\My Documents\~WRL2813.tmp
2015-04-18 16:24 - 2015-04-18 16:24 - 00037888 ____H () C:\Documents and Settings\Patty\My Documents\~WRL1186.tmp
2015-04-17 09:36 - 2015-04-17 09:36 - 00043520 ____H () C:\Documents and Settings\Patty\My Documents\~WRL3910.tmp
2015-04-17 09:36 - 2015-04-17 09:36 - 00043520 ____H () C:\Documents and Settings\Patty\My Documents\~WRL1781.tmp
2015-04-17 09:00 - 2015-04-17 09:08 - 00637952 ____H () C:\Documents and Settings\Patty\My Documents\~WRL0859.tmp
2015-04-17 09:00 - 2015-04-17 09:06 - 00637440 ____H () C:\Documents and Settings\Patty\My Documents\~WRL1911.tmp
2015-04-17 09:00 - 2015-04-17 09:05 - 00637440 ____H () C:\Documents and Settings\Patty\My Documents\~WRL1606.tmp
2015-04-17 09:00 - 2015-04-17 09:01 - 00428032 ____H () C:\Documents and Settings\Patty\My Documents\~WRL1703.tmp
2015-04-17 09:00 - 2015-04-17 09:00 - 00280576 ____H () C:\Documents and Settings\Patty\My Documents\~WRL2719.tmp
2015-04-15 15:33 - 2015-04-15 15:35 - 00072192 ____H () C:\Documents and Settings\Patty\My Documents\~WRL0107.tmp
2015-04-15 15:33 - 2015-04-15 15:34 - 00072192 ____H () C:\Documents and Settings\Patty\My Documents\~WRL1006.tmp
2015-04-15 15:33 - 2015-04-15 15:33 - 00022016 ____H () C:\Documents and Settings\Patty\My Documents\~WRL0515.tmp
2015-04-15 15:31 - 2015-04-15 15:31 - 00023040 ____H () C:\Documents and Settings\Patty\My Documents\~WRL0682.tmp
2015-04-15 12:42 - 2015-04-15 12:42 - 18178736 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2015-03-27 07:44 - 2015-03-27 07:44 - 00065536 _____ () C:\WINDOWS\Minidump\Mini032715-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-23 18:13 - 2008-12-01 20:24 - 00000000 ____D () C:\Documents and Settings\Buyer\Local Settings\Temp
2015-04-23 17:42 - 2012-04-01 10:58 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-23 17:27 - 2010-10-03 21:32 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-23 12:32 - 2012-07-11 23:24 - 00000000 ___RD () C:\Documents and Settings\Buyer\My Documents\Dropbox
2015-04-23 12:32 - 2012-07-11 23:19 - 00000000 ____D () C:\Documents and Settings\Buyer\Application Data\Dropbox
2015-04-23 12:32 - 2004-08-04 07:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-23 12:31 - 2012-02-16 01:42 - 00000000 ____D () C:\Documents and Settings\Patty\Local Settings\Temp
2015-04-23 11:28 - 2012-02-16 01:42 - 00000000 ____D () C:\Documents and Settings\Patty
2015-04-23 11:27 - 2010-10-03 21:32 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-23 11:26 - 2014-03-12 12:20 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-04-23 11:26 - 2013-06-03 08:24 - 00000350 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-04-23 11:25 - 2008-12-01 20:19 - 01849130 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-23 11:24 - 2008-12-01 20:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-23 11:24 - 2005-04-10 22:54 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-04-23 11:24 - 2005-04-10 22:54 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-04-23 11:23 - 2012-02-16 01:42 - 00000178 ___SH () C:\Documents and Settings\Patty\ntuser.ini
2015-04-23 11:23 - 2008-12-01 20:23 - 00032486 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-23 06:26 - 2014-12-09 17:49 - 00000178 ___SH () C:\Documents and Settings\Pearl\ntuser.ini
2015-04-23 05:04 - 2014-12-09 17:49 - 00000000 ____D () C:\Documents and Settings\Pearl\Local Settings\Temp
2015-04-22 16:37 - 2014-09-20 22:10 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Application Data\Spotify
2015-04-22 16:37 - 2014-09-20 22:10 - 00000000 ____D () C:\Documents and Settings\Guest\Application Data\Spotify
2015-04-21 04:18 - 2013-07-27 11:29 - 00000000 ____D () C:\Documents and Settings\Guest\Local Settings\Temp
2015-04-18 16:50 - 2008-12-01 21:00 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-04-18 16:06 - 2014-12-09 17:55 - 00000178 ___SH () C:\Documents and Settings\Ruby\ntuser.ini
2015-04-18 16:06 - 2014-12-09 17:55 - 00000000 ____D () C:\Documents and Settings\Ruby\Local Settings\Temp
2015-04-16 12:39 - 2013-07-14 13:34 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-16 12:20 - 2009-08-17 21:46 - 125832184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-15 12:42 - 2012-04-01 10:58 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-15 12:42 - 2012-02-15 00:02 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-04-12 11:25 - 2015-02-24 11:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-12 11:25 - 2012-04-27 09:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-12 11:04 - 2008-12-01 20:24 - 00000278 ___SH () C:\Documents and Settings\Buyer\ntuser.ini
2015-04-09 13:21 - 2012-07-11 23:24 - 00001008 _____ () C:\Documents and Settings\Buyer\desktop\Dropbox.lnk
2015-04-09 13:21 - 2012-07-11 23:20 - 00000000 ____D () C:\Documents and Settings\Buyer\Start Menu\Programs\Dropbox
2015-04-03 13:06 - 2005-04-10 22:51 - 00896263 _____ () C:\WINDOWS\setupapi.log
2015-03-27 07:44 - 2009-06-23 12:13 - 00000000 ____D () C:\WINDOWS\Minidump
2015-03-27 07:44 - 2005-04-10 22:44 - 100892672 _____ () C:\WINDOWS\MEMORY.DMP

==================== Files in the root of some directories =======

2013-06-27 15:20 - 2014-06-22 09:05 - 0003728 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2009-04-25 10:23 - 2014-07-13 20:34 - 0072704 _____ () C:\Documents and Settings\Buyer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-03-19 13:30 - 2011-03-19 13:30 - 0004368 _____ () C:\Documents and Settings\Buyer\Local Settings\Application Data\FASTWiz.html
2011-03-19 07:25 - 2011-03-19 13:30 - 0154308 _____ () C:\Documents and Settings\Buyer\Local Settings\Application Data\FASTWiz.log
2011-02-07 11:49 - 2011-02-11 06:34 - 0000000 _____ () C:\Documents and Settings\Buyer\Local Settings\Application Data\prvlcl.dat

Some content of TEMP:
====================
C:\Documents and Settings\Buyer\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpugoifs.dll
C:\Documents and Settings\Patty\Local Settings\Temp\contentDATs.exe
C:\Documents and Settings\Patty\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Patty\Local Settings\Temp\SecurityScan_Release.exe
C:\Documents and Settings\Patty\Local Settings\Temp\setup.exe
C:\Documents and Settings\Patty\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-04-2015 02
Ran by Buyer at 2015-04-23 18:14:20
Running from C:\Documents and Settings\Buyer\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2025429265-1960408961-1801674531-500 - Administrator - Enabled)
ASPNET (S-1-5-21-2025429265-1960408961-1801674531-1006 - Limited - Enabled)
Buyer (S-1-5-21-2025429265-1960408961-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Buyer
Guest (S-1-5-21-2025429265-1960408961-1801674531-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest
HelpAssistant (S-1-5-21-2025429265-1960408961-1801674531-1000 - Limited - Disabled)
Patty (S-1-5-21-2025429265-1960408961-1801674531-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Patty
Pearl (S-1-5-21-2025429265-1960408961-1801674531-1007 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Pearl
Ruby (S-1-5-21-2025429265-1960408961-1801674531-1008 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Ruby
SUPPORT_388945a0 (S-1-5-21-2025429265-1960408961-1801674531-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 2.1.0 - Hewlett-Packard) Hidden
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.5.0.600 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit Integrated Controller (HKLM\...\{7E369B27-13E2-41A5-9879-358EE1C8B5AD}) (Version: 9.02.06 - Broadcom Corporation)
Canon MX300 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel DVD Xpack (HKLM\...\{2460A058-272D-498D-9A5E-E6F7492DAABC}) (Version: 1.0.0.64 - Corel Inc.)
Digital Microscope Suite (HKLM\...\{1CEE7EAB-6821-4D03-9C1E-3AEE90EA13BC}) (Version: 2.00.0000 - EasyOn)
DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.0 - DivX, Inc.)
DivX Content Uploader (HKLM\...\{D050D7362D214723AD585B541FFB6C11}) (Version: 1.2.1 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 6.6.0 - DivX, Inc.)
DivX Player (HKLM\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 6.7.0 - )
DivX Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.0 - DivX,Inc.)
DriveImage XML (Private Edition) (HKLM\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
Dropbox (HKU\S-1-5-21-2025429265-1960408961-1801674531-1003\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
iExplorer 3.2.5.6 (HKLM\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version:  - )
IOGEAR Printer Sharing Switch 1.0.0.1 (HKLM\...\IOGEAR Auto Printer Sharing Switch_is1) (Version:  - IOGEAR, Inc.)
iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)
Java™ 6 Update 11 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.110 - Sun Microsystems, Inc.)
LightScribe  1.4.97.1 (Version: 1.4.97.1 - http://www.lightscribe.com) Hidden
Melodyne 3.2 (Version: 3.2.0200 - Celemony Software GmbH) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Access database engine 2007 (English) (HKLM\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{172423F9-522A-483A-AD65-03600CE4CA4F}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PDF Reader (HKU\S-1-5-21-2025429265-1960408961-1801674531-1005\...\PDF Reader) (Version:  - )
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 1.92 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
SAPI Wrapper (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Shutterfly Express Uploader (HKLM\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
Shutterfly Express Uploader (Version: 1.2.0 - Shutterfly, Inc.) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM\...\{EFE3D683-903C-4B58-AB8F-C68C69F33758}) (Version: 4.5.3.0 - Husdawg, LLC)
TinyMediaConverter 1.0.0.0 (HKLM\...\TinyMediaConverter) (Version: 1.0.0.0 - )
TTS Wrapper (Version: 1.0.0.0 - Microsoft Corporation) Hidden
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{84814E6B-2581-46EC-926A-823BD1C670F6}) (Version: 5.5.0.7400 -  )
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20070813.185237 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Buyer\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1003_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Documents and Settings\Buyer\Local Settings\Application Data\Google\Update\1.3.21.69\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1003_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Documents and Settings\Buyer\Local Settings\Application Data\Google\Update\1.2.183.39\goopdate.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1003_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Documents and Settings\Buyer\Local Settings\Application Data\Google\Update\1.3.21.65\psuser.dll N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Buyer\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Buyer\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Buyer\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Buyer\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Buyer\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Buyer\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Buyer\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Buyer\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Buyer\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Buyer\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1005_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1005_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1005_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1005_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1005_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1005_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1005_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1005_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\Program Files\EasyOn\Digital Microscope Suite\MFC42.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1005_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\Program Files\EasyOn\Digital Microscope Suite\MFC42.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1005_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\Program Files\EasyOn\Digital Microscope Suite\MFC42.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1005_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1005_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1005_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1005_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1005_Classes\CLSID\{AD848A76-F236-5EE2-819B-2BDE7ED40AE7}\InprocServer32 -> C:\Documents and Settings\Patty\Application Data\Catalina – Print Savings\npBcsKtTcHW.dll No File
CustomCLSID: HKU\S-1-5-21-2025429265-1960408961-1801674531-1005_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path

==================== Restore Points  =========================

23-01-2015 18:43:43 System Checkpoint
27-01-2015 11:17:42 System Checkpoint
29-01-2015 11:16:26 System Checkpoint
30-01-2015 14:35:38 System Checkpoint
02-02-2015 20:24:32 System Checkpoint
04-02-2015 11:58:33 System Checkpoint
08-02-2015 10:41:54 System Checkpoint
11-02-2015 10:13:07 Software Distribution Service 3.0
16-02-2015 12:01:41 System Checkpoint
17-02-2015 12:05:47 System Checkpoint
20-02-2015 09:31:46 System Checkpoint
21-02-2015 10:49:43 System Checkpoint
23-02-2015 09:46:11 System Checkpoint
24-02-2015 10:03:21 System Checkpoint
28-02-2015 20:17:16 System Checkpoint
05-03-2015 15:52:36 System Checkpoint
07-03-2015 18:15:14 System Checkpoint
11-03-2015 09:00:23 Software Distribution Service 3.0
16-03-2015 17:58:27 System Checkpoint
18-03-2015 10:31:49 System Checkpoint
24-03-2015 19:14:01 System Checkpoint
27-03-2015 08:01:31 System Checkpoint
29-03-2015 08:43:22 System Checkpoint
30-03-2015 18:28:04 System Checkpoint
01-04-2015 07:06:55 System Checkpoint
03-04-2015 13:17:38 System Checkpoint
06-04-2015 14:33:02 System Checkpoint
12-04-2015 09:39:06 System Checkpoint
13-04-2015 11:53:42 System Checkpoint
16-04-2015 12:20:02 Software Distribution Service 3.0
19-04-2015 17:32:10 System Checkpoint
20-04-2015 19:21:42 System Checkpoint
22-04-2015 08:29:57 System Checkpoint
23-04-2015 09:15:15 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 07:00 - 2008-12-01 23:08 - 00000781 _RASH C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
                                 

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\WINDOWS\TEMP\{6398D782-7889-43EF-8CFB-D538B647B7FE}.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-09-01 16:07 - 2008-10-24 11:36 - 00840704 _____ () C:\Program Files\IOGEAR Auto Printer Sharing Switch\AutoPrt.exe
2009-05-08 15:08 - 2009-05-08 15:08 - 02854976 _____ () C:\WINDOWS\system32\btwicons.dll
2009-05-08 15:06 - 2009-05-08 15:06 - 00069697 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2015-04-23 12:32 - 2015-04-23 12:32 - 00043008 _____ () c:\Documents and Settings\Buyer\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpugoifs.dll
2015-03-04 16:45 - 2015-03-04 16:45 - 00750080 _____ () C:\Documents and Settings\Buyer\Application Data\Dropbox\bin\libGLESv2.dll
2015-03-04 16:45 - 2015-03-04 16:45 - 00047616 _____ () C:\Documents and Settings\Buyer\Application Data\Dropbox\bin\libEGL.dll
2015-03-04 16:45 - 2015-03-04 16:45 - 00865280 _____ () C:\Documents and Settings\Buyer\Application Data\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 16:45 - 2015-03-04 16:45 - 00200704 _____ () C:\Documents and Settings\Buyer\Application Data\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-04-15 12:42 - 2015-04-15 12:42 - 16863920 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Documentation:Roxio EMC Stream
AlternateDataStreams: C:\Program Files\WindowsUpdate:WinGffaqzqlNGoFi4b
AlternateDataStreams: C:\Program Files\Common Files\System:KN6Hp5kXe8MKhBWyh
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:1GGgJ2CEJxtEJuJxTAR26l1u10FCrV
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:dZLzmdgpdRLLqV9nZQJqnL
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:s5dBL8q7WdxNhjQpngosjvTr
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:T4qhDAIkc9w78vKZe0awUy
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0D786AE3
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
AlternateDataStreams: C:\Documents and Settings\Buyer\Local Settings\Temporary Internet Files:jnshEwtrtO2cyl2n7vmQD
AlternateDataStreams: C:\Documents and Settings\Buyer\Local Settings\Application Data\szNHq5QvbAu7br:kB9w9PNWM8eTwW6IEmNJSiIJ2q
AlternateDataStreams: C:\Documents and Settings\Buyer\My Documents\Bluetooth Exchange Folder:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Buyer\My Documents\Downloads:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Buyer\My Documents\My eBooks:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Buyer\My Documents\My Received Files:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Buyer\My Documents\My Scans:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Buyer\My Documents\NeroVision:Roxio EMC Stream
AlternateDataStreams: C:\Documents and Settings\Buyer\My Documents\Play:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2025429265-1960408961-1801674531-1003\...\kuaiche.com -> hxxp://software.kuaiche.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2025429265-1960408961-1801674531-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Buyer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
HKU\S-1-5-21-2025429265-1960408961-1801674531-1005\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Patty\Application Data\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/23/2015 06:13:16 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/23/2015 06:13:16 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (04/23/2015 06:11:12 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (04/23/2015 06:11:12 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (04/23/2015 06:00:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 37.0.1.5570, faulting module mozalloc.dll, version 37.0.1.5570, fault address 0x00001aa1.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (04/23/2015 06:00:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 37.0.1.5570, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/23/2015 04:36:14 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (04/23/2015 04:36:14 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (04/23/2015 04:30:10 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (04/23/2015 04:30:10 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.


System errors:
=============
Error: (04/23/2015 11:24:26 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
TfFsMon
TFSysMon

Error: (04/23/2015 11:24:19 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Java Quick Starter service terminated with service-specific error 1 (0x1).

Error: (04/23/2015 11:22:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bluetooth Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/23/2015 11:22:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/23/2015 11:22:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/23/2015 11:22:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/23/2015 11:21:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/23/2015 11:21:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/23/2015 11:21:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bluetooth Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/23/2015 11:21:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor:  Intel® Pentium® 4 CPU 3.20GHz
Percentage of memory in use: 36%
Total physical RAM: 3061.79 MB
Available physical RAM: 1949.43 MB
Total Pagefile: 4425.66 MB
Available Pagefile: 3494.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:186.31 GB) (Free:137.56 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: (Elements) (Fixed) (Total:931.51 GB) (Free:159.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 186.3 GB) (Disk ID: FEAFFEAF)
Partition 1: (Active) - (Size=186.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 00024A91)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:34 PM

Posted 27 April 2015 - 01:48 PM

Hi triedthatdidntwork,
 
:welcome: to Bleeping Computer.
 
My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.
 
Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code or quote boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

In the upper right hand corner of the topic you will see the Follow This Topic button. Click on this then choose Receive Notification Immediately and then click Follow This Topic and you will be sent an email once I have posted a response and make the cleaning process faster.
 
Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.


Malwarebytes
Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"

    malwarebytes-anti-malware-fix-now.jpg
     
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.

    malwarebytes-anti-malware-2-0-update-now
     
  • The THREAT SCAN will automatically begin.

    malwarebytes-anti-malware-scan.jpg
     
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.

    malwarebytes-anti-malware-potential-thre
     
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. [color=green]Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    mbam4_zps490948cc.png
     
  • After rebooting the computer, copy and paste the mbam.log in your next reply.
  • To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
    • Open Malwarebytes Anti-Malware.
    • Click the History Tab at the top and select Application Logs.
    • Select (check) the box next to Scan Log. Choose the most current scan.
    • Click the View button.
    • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
    • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
    • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

 

In your next reply, please include:

  • Malwarebytes log
  • How is your computer running now?

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:12:34 PM

Posted 03 May 2015 - 11:39 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users