Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with MBR:Xpaj-C


  • This topic is locked This topic is locked
8 replies to this topic

#1 alovelyladee

alovelyladee

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 05 October 2017 - 01:00 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2017 01
Ran by Catria (administrator) on CATRIA-PC (05-10-2017 11:58:27)
Running from C:\Users\Catria\Downloads
Loaded Profiles: Catria (Available Profiles: Catria)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\afwServ.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Users\Catria\Downloads\aswMBR.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [217088 2009-03-31] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483428 2009-03-31] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3810304 2008-12-21] (Dell Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [1735760 2009-01-09] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-05-07] (Intel Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-09-14] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [289248 2017-09-30] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-01-30] (SupportSoft, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Startup: C:\Users\Catria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2017-08-06]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-07-12]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-07-12]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8589D407-7A4C-406F-A3A2-91D962501A0F}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-2417886996-1675011580-1612834487-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/intl/en/chrome/browser/desktop/index.html#
HKU\S-1-5-21-2417886996-1675011580-1612834487-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
HKU\S-1-5-21-2417886996-1675011580-1612834487-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.mozilla.org/en-US/firefox/new/?scene=2
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04] (Microsoft Corp.)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-12] (Sun Microsystems, Inc.)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08] (Microsoft Corporation)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2417886996-1675011580-1612834487-1001 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08] (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-08-23] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 6ek3tuz5.default
FF ProfilePath: C:\Users\Catria\AppData\Roaming\Mozilla\Firefox\Profiles\6ek3tuz5.default [2017-10-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2017-08-15] [not signed]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll [2008-10-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-18] (Google Inc.)

Chrome:
=======
CHR NewTab: Default ->  Active:"chrome-extension://lmibdmeehggmjlpiafcbanaaecagcfmg/newtab/newtab.html"
CHR Profile: C:\Users\Catria\AppData\Local\Google\Chrome\User Data\Default [2017-10-02]
CHR Extension: (Google Slides) - C:\Users\Catria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-18]
CHR Extension: (Google Docs) - C:\Users\Catria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-18]
CHR Extension: (Google Drive) - C:\Users\Catria\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-18]
CHR Extension: (YouTube) - C:\Users\Catria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-18]
CHR Extension: (Google Sheets) - C:\Users\Catria\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-18]
CHR Extension: (Google Docs Offline) - C:\Users\Catria\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-18]
CHR Extension: (My Quick Converter) - C:\Users\Catria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmibdmeehggmjlpiafcbanaaecagcfmg [2017-09-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Catria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-30]
CHR Extension: (Gmail) - C:\Users\Catria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [81920 2009-03-31] (Andrea Electronics Corporation)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [276328 2017-09-30] (AVG Technologies CZ, s.r.o.)
R2 AVG Firewall; C:\Program Files\AVG\Antivirus\afwServ.exe [324096 2017-09-30] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5881008 2017-09-30] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-09-14] (AVG Technologies CZ, s.r.o.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2009-01-30] (SupportSoft, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe [254042 2009-03-31] (IDT, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-21] (Dell Inc.) [File not signed]
R2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgbdisk; C:\Windows\system32\drivers\avgbdiskx.sys [135872 2017-10-04] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdriverx.sys [249232 2017-10-04] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidshx.sys [151024 2017-10-04] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgblogx.sys [270344 2017-10-04] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbunivx.sys [43992 2017-10-04] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [35264 2017-10-04] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [117368 2017-10-04] (AVG Technologies CZ, s.r.o.)
R0 avgNdis; C:\Windows\System32\DRIVERS\avgNdis.sys [25784 2017-08-06] (AVG Technologies CZ, s.r.o.)
R0 avgNdis2; C:\Windows\system32\drivers\avgNdis2.sys [333480 2017-10-04] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr.sys [62528 2017-10-04] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [63280 2017-10-04] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [770368 2017-10-04] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [491976 2017-10-04] (AVG Technologies CZ, s.r.o.)
R3 avgStmXP; C:\Windows\system32\drivers\avgStmXP.sys [196272 2017-10-04] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [290264 2017-10-04] (AVG Technologies CZ, s.r.o.)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-21] (Broadcom Corporation)
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; C:\Program Files\Dell Support Center\HWDiag\bin\PCD5SRVC.pkms [22904 2008-11-04] (PC-Doctor, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U3 aswMBR; \??\C:\Users\Catria\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Catria\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-05 11:58 - 2017-10-05 11:59 - 000015679 _____ C:\Users\Catria\Downloads\FRST.txt
2017-10-05 11:57 - 2017-10-05 11:58 - 000000000 ____D C:\FRST
2017-10-05 11:56 - 2017-10-05 11:56 - 001796096 _____ (Farbar) C:\Users\Catria\Downloads\FRST.exe
2017-10-04 14:47 - 2017-10-04 14:47 - 000004150 _____ C:\Users\Catria\Desktop\aswMBR.txt
2017-10-04 14:47 - 2017-10-04 14:47 - 000003959 _____ C:\Users\Catria\Documents\aswMBR.txt
2017-10-04 14:47 - 2017-10-04 14:47 - 000000512 _____ C:\Users\Catria\Documents\MBR.dat
2017-10-04 14:47 - 2017-10-04 14:47 - 000000512 _____ C:\Users\Catria\Desktop\MBR.dat
2017-10-04 14:03 - 2017-10-04 14:03 - 005198336 _____ (AVAST Software) C:\Users\Catria\Downloads\aswMBR.exe
2017-10-04 14:02 - 2017-10-04 14:02 - 005198336 _____ (AVAST Software) C:\Users\Catria\Downloads\aswMBR.exe.part
2017-10-04 14:00 - 2017-10-04 14:00 - 000305936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-10-02 12:16 - 2017-10-02 12:16 - 000081699 _____ C:\Users\Catria\Downloads\Statement_09-16-2017(1).pdf
2017-10-02 12:15 - 2017-10-02 12:16 - 000081699 _____ C:\Users\Catria\Downloads\Statement_09-16-2017.pdf
2017-10-02 11:42 - 2017-10-02 11:42 - 000250357 _____ C:\Users\Catria\Documents\Michael 2012 page 4.pdf
2017-10-02 11:39 - 2017-10-02 11:39 - 000611329 _____ C:\Users\Catria\Documents\Michael 2012 page 2.pdf
2017-10-02 11:39 - 2017-10-02 11:39 - 000266044 _____ C:\Users\Catria\Documents\Michael 2012 page 3.pdf
2017-10-02 11:38 - 2017-10-02 11:38 - 000546090 _____ C:\Users\Catria\Documents\Michael 2012 page 1.pdf
2017-10-02 11:37 - 2017-10-02 11:37 - 000199958 _____ C:\Users\Catria\Documents\Michael 2013 page 3.pdf
2017-10-02 11:36 - 2017-10-02 11:36 - 000612280 _____ C:\Users\Catria\Documents\Michael 2013 page 2.pdf
2017-10-02 11:35 - 2017-10-02 11:35 - 000539673 _____ C:\Users\Catria\Documents\Michael 2013 page 1.pdf
2017-10-02 11:34 - 2017-10-02 11:34 - 000080121 _____ C:\Users\Catria\Documents\Michael 2014 page 4.pdf
2017-10-02 11:33 - 2017-10-02 11:33 - 000659368 _____ C:\Users\Catria\Documents\Michael 2014 page 2.pdf
2017-10-02 11:33 - 2017-10-02 11:33 - 000269595 _____ C:\Users\Catria\Documents\Michael 2014 page 3.pdf
2017-10-02 11:32 - 2017-10-02 11:32 - 000540120 _____ C:\Users\Catria\Documents\Michael 2014 page 1.pdf
2017-10-02 11:31 - 2017-10-02 11:31 - 000146864 _____ C:\Users\Catria\Documents\Michael 2015 page 5.pdf
2017-10-02 11:28 - 2017-10-02 11:28 - 000271548 _____ C:\Users\Catria\Documents\Michael 2015 page 4.pdf
2017-10-02 11:27 - 2017-10-02 11:27 - 000265262 _____ C:\Users\Catria\Documents\Michael 2015 page 3.pdf
2017-10-02 11:26 - 2017-10-02 11:26 - 000655224 _____ C:\Users\Catria\Documents\Michael 2015 page 2.pdf
2017-10-02 11:25 - 2017-10-02 11:25 - 000543398 _____ C:\Users\Catria\Documents\Michael 2015 page 1.pdf
2017-10-02 11:23 - 2017-10-02 11:23 - 000078622 _____ C:\Users\Catria\Documents\Michael 2016 page 4.pdf
2017-10-02 11:22 - 2017-10-02 11:22 - 000280572 _____ C:\Users\Catria\Documents\Michael 2016 page 3.pdf
2017-10-02 11:21 - 2017-10-02 11:21 - 000660830 _____ C:\Users\Catria\Documents\Michael 2016 page 2.pdf
2017-10-02 11:20 - 2017-10-02 11:20 - 000547407 _____ C:\Users\Catria\Documents\Michael 2016 page 1.pdf
2017-10-02 11:18 - 2017-10-02 11:18 - 000074319 _____ C:\Users\Catria\Documents\Scan 7.pdf
2017-10-02 11:16 - 2017-10-02 11:16 - 000123310 _____ C:\Users\Catria\Documents\Scan 6.pdf
2017-10-02 11:15 - 2017-10-02 11:15 - 000480436 _____ C:\Users\Catria\Documents\Scan 5.pdf
2017-10-02 11:14 - 2017-10-02 11:14 - 000595828 _____ C:\Users\Catria\Documents\Scan 4.pdf
2017-10-02 11:13 - 2017-10-02 11:13 - 000541566 _____ C:\Users\Catria\Documents\Scan 3.pdf
2017-10-02 11:12 - 2017-10-02 11:12 - 000172443 _____ C:\Users\Catria\Documents\Scan 2.pdf
2017-10-02 11:10 - 2017-10-02 11:44 - 000000000 ____D C:\Users\Catria\AppData\Local\Adobe
2017-10-02 11:10 - 2017-10-02 11:10 - 000093012 _____ C:\Users\Catria\Documents\Scan 1.pdf
2017-10-02 10:57 - 2017-10-02 10:57 - 000001790 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2017-10-02 10:57 - 2017-10-02 10:57 - 000000000 ____D C:\Users\Catria\AppData\Roaming\HpUpdate
2017-10-02 10:57 - 2017-10-02 10:57 - 000000000 ____D C:\ProgramData\Visan
2017-10-02 10:57 - 2017-10-02 10:57 - 000000000 ____D C:\ProgramData\HP Photo Creations
2017-10-02 10:57 - 2017-10-02 10:57 - 000000000 ____D C:\Program Files\HP Photo Creations
2017-10-02 10:57 - 2017-10-02 10:57 - 000000000 ____D C:\Program Files\Hewlett-Packard
2017-10-02 10:56 - 2017-10-02 10:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-10-02 10:56 - 2017-10-02 10:56 - 000002117 _____ C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk
2017-10-02 10:56 - 2017-10-02 10:56 - 000001064 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 2540 series.lnk
2017-10-02 10:56 - 2014-03-06 11:48 - 000597512 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMC211.dll
2017-10-02 10:53 - 2017-10-02 10:57 - 000000000 ____D C:\Users\Catria\AppData\Local\HP
2017-10-02 10:53 - 2017-10-02 10:57 - 000000000 ____D C:\Program Files\HP
2017-10-02 10:53 - 2017-10-02 10:53 - 000000057 _____ C:\ProgramData\Ament.ini
2017-10-02 10:53 - 2017-10-02 10:53 - 000000000 ____D C:\ProgramData\HP
2017-10-02 10:51 - 2017-10-02 10:52 - 106859936 _____ C:\Users\Catria\Downloads\DJ2540_188 (1).exe
2017-10-02 10:50 - 2017-10-02 10:50 - 106859936 _____ C:\Users\Catria\Downloads\DJ2540_188.exe
2017-10-01 12:57 - 2017-10-01 12:57 - 000000000 ____D C:\Users\Catria\AppData\Local\Stardock_Corporation
2017-10-01 12:21 - 2017-10-01 12:21 - 000000000 ____D C:\Windows\All Users
2017-09-30 17:38 - 2017-09-30 17:39 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Catria\Desktop\AVG_Protection_Free_1606.exe
2017-09-30 12:27 - 2017-09-30 12:28 - 124305050 _____ C:\Users\Catria\Downloads\Unconfirmed 642809.crdownload
2017-09-30 12:15 - 2017-09-30 12:17 - 282066944 _____ C:\Users\Catria\Downloads\gparted-live-0.29.0-1-i686.iso

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-05 11:04 - 2006-11-02 07:45 - 000003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-05 11:04 - 2006-11-02 07:45 - 000003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-04 14:00 - 2017-08-06 14:37 - 000196272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStmXP.sys
2017-10-04 14:00 - 2017-08-06 14:36 - 000770368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-10-04 14:00 - 2017-08-06 14:36 - 000491976 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-10-04 14:00 - 2017-08-06 14:36 - 000290264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-10-04 14:00 - 2017-08-06 14:36 - 000117368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-10-04 14:00 - 2017-08-06 14:36 - 000063280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-10-04 14:00 - 2017-08-06 14:36 - 000062528 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr.sys
2017-10-04 14:00 - 2017-08-06 14:36 - 000035264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-10-04 14:00 - 2017-08-06 14:29 - 000000000 ____D C:\ProgramData\Avg
2017-10-04 13:59 - 2017-08-06 16:48 - 000333480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNdis2.sys
2017-10-04 13:59 - 2017-08-06 14:36 - 000270344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblogx.sys
2017-10-04 13:59 - 2017-08-06 14:36 - 000249232 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriverx.sys
2017-10-04 13:59 - 2017-08-06 14:36 - 000151024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidshx.sys
2017-10-04 13:59 - 2017-08-06 14:36 - 000135872 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiskx.sys
2017-10-04 13:59 - 2017-08-06 14:36 - 000043992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbunivx.sys
2017-10-04 13:58 - 2017-08-18 05:10 - 000000000 ____D C:\Users\Catria\AppData\LocalLow\Mozilla
2017-10-04 13:48 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\inf
2017-10-04 13:48 - 2006-11-02 05:33 - 000703388 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-04 13:42 - 2006-11-02 07:58 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-03 06:19 - 2006-11-02 07:58 - 000014510 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-10-02 11:44 - 2017-08-06 14:18 - 000000000 ____D C:\Users\Catria\AppData\Roaming\Adobe
2017-10-02 10:56 - 2017-08-06 13:51 - 000000000 ____D C:\Users\Catria
2017-10-02 09:59 - 2017-08-18 05:10 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-10-02 09:59 - 2017-08-18 05:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-02 09:51 - 2009-07-12 20:07 - 000000376 _____ C:\Windows\ODBC.INI
2017-10-01 12:21 - 2017-08-06 14:31 - 000000000 ____D C:\Program Files\AVG
2017-10-01 12:20 - 2017-08-06 14:29 - 000000000 ____D C:\Users\Catria\AppData\Local\Avg
2017-10-01 12:20 - 2017-08-06 13:53 - 000000917 _____ C:\Users\Catria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2017-10-01 12:18 - 2017-08-06 14:29 - 000000000 ____D C:\Users\Catria\AppData\Local\AvgSetupLog
2017-09-30 18:26 - 2017-08-06 17:30 - 000000000 ___SD C:\Users\Catria\AppData\LocalLow\Temp
2017-09-30 17:44 - 2017-08-06 14:36 - 000290264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw156d7e7997b9d09b.tmp
2017-09-30 15:40 - 2017-08-06 14:33 - 000000747 _____ C:\Users\Public\Desktop\AVG.lnk
2017-09-30 15:40 - 2017-08-06 14:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-09-30 15:31 - 2017-08-06 14:37 - 000195128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw64c5b1b568bb6338.tmp
2017-09-30 15:31 - 2017-08-06 14:36 - 000492552 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw4f8004efdb534e49.tmp
2017-09-30 15:31 - 2017-08-06 14:36 - 000117368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw4c421538ad701f3c.tmp
2017-09-30 15:31 - 2017-08-06 14:36 - 000063280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw350cd8afb98490a0.tmp
2017-09-30 15:31 - 2017-08-06 14:36 - 000062528 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw18e97dbb7a24ec74.tmp
2017-09-30 15:31 - 2017-08-06 14:36 - 000035264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswdda3bfdfaffc1883.tmp
2017-09-30 15:30 - 2017-08-06 16:48 - 000332968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswdc2e0718010a9b61.tmp
2017-09-30 15:30 - 2017-08-06 14:36 - 000766216 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw2e2afc27e55a3c72.tmp
2017-09-30 15:30 - 2017-08-06 14:36 - 000270344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw12594325ea02d019.tmp
2017-09-30 15:30 - 2017-08-06 14:36 - 000261128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw9638ffaeaef6f96e.tmp
2017-09-30 15:30 - 2017-08-06 14:36 - 000151024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswfca8de7b12c67a09.tmp
2017-09-30 15:30 - 2017-08-06 14:36 - 000135872 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswcae17fe565fbf6a7.tmp
2017-09-30 15:30 - 2017-08-06 14:36 - 000043992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw4c16bd9f040e653f.tmp
2017-09-30 15:11 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\system32\Msdtc
2017-09-30 15:11 - 2006-11-02 05:22 - 033292288 _____ C:\Windows\system32\config\components_previous
2017-09-30 15:11 - 2006-11-02 05:22 - 030408704 _____ C:\Windows\system32\config\software_previous
2017-09-30 15:11 - 2006-11-02 05:22 - 023068672 _____ C:\Windows\system32\config\system_previous
2017-09-30 15:11 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\security_previous
2017-09-30 15:11 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\sam_previous
2017-09-30 15:11 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\default_previous
2017-09-30 15:10 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\system32\spool
2017-09-30 15:10 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\registration
2017-09-13 15:34 - 2017-08-12 20:34 - 000000680 _____ C:\Users\Catria\AppData\Local\d3d9caps.dat

==================== Files in the root of some directories =======

2017-08-12 20:34 - 2017-09-13 15:34 - 000000680 _____ () C:\Users\Catria\AppData\Local\d3d9caps.dat
2017-10-02 10:53 - 2017-10-02 10:53 - 000000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-04 13:48

==================== End of FRST.txt ============================

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2017 01
Ran by Catria (05-10-2017 11:59:25)
Running from C:\Users\Catria\Downloads
Microsoft® Windows Vista™ Home Basic  Service Pack 1 (X86) (2009-07-12 19:41:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2417886996-1675011580-1612834487-500 - Administrator - Disabled)
Catria (S-1-5-21-2417886996-1675011580-1612834487-1001 - Administrator - Enabled) => C:\Users\Catria
Guest (S-1-5-21-2417886996-1675011580-1612834487-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Antivirus (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Antivirus (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
AVG (HKLM\...\{1D382E7D-7E8B-4C85-9233-287017A66599}) (Version: 1.211.2 - AVG Technologies) Hidden
AVG Internet Security (HKLM\...\AVG Antivirus) (Version: 17.7.3032 - AVG Technologies)
Banctec Service Agreement (HKLM\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Choice Guard (HKLM\...\{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}) (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.08335 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.4.115.101 - Alps Electric)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
FMW 1 (HKLM\...\{E2258604-A4CB-4F29-BB9F-58081E193EAA}) (Version: 1.224.4 - AVG Technologies) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HP Deskjet 2540 series Basic Device Software (HKLM\...\{516046F1-6F81-4967-8E63-32273AE2A929}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java™ 6 Update 13 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
Junk Mail filter update (HKLM\...\{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}) (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Word 2003 (HKLM\...\{901B0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 2.0.31005.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 52.4.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.4.0 ESR (x86 en-US)) (Version: 52.4.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.4.0.6473 - Mozilla)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{03E72F11-8D79-4C5C-9659-121ADD6A0846}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
QuickSet (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 9.2.17 - Dell Inc.)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}) (Version: 5.000.817.1 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2017-09-30] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-03-31] (Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2017-09-30] (AVG Technologies CZ, s.r.o.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2D2DEC4F-74BB-4FB5-9626-21B3A60365F1} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => %windir%\system32\rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries <==== ATTENTION
Task: {35BB9EF0-0937-4550-99D3-C2C0EE641B82} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2017-10-04] (AVG Technologies CZ, s.r.o.)
Task: {6A3C9A2F-1866-4FFF-8D9A-6AB063F70AF4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-08-18] (Google Inc.)
Task: {76DE3F28-9168-492E-B8FC-BA01D056C1B0} - System32\Tasks\Launch BCM WLAN Tray => C:\Windows\system32\WLTRAY.EXE [2008-12-21] (Dell Inc.)
Task: {84B9C8F4-86BA-48A1-9A5C-0BF229E394BF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-08-18] (Google Inc.)
Task: {CC19F1DF-F0F2-4C8E-A7F8-985CCF40ACB1} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {CF0292EA-6D13-4B10-89C2-6D7AE79BBD53} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2009-07-12 19:57 - 2008-12-21 13:34 - 000026112 _____ () C:\Windows\System32\WLTRYSVC.EXE
2009-07-12 19:57 - 2008-12-21 13:32 - 000054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2017-09-30 15:30 - 2017-09-30 15:30 - 000060160 _____ () C:\Program Files\AVG\Antivirus\module_lifetime.dll
2017-09-30 15:30 - 2017-09-30 15:30 - 000168216 _____ () C:\Program Files\AVG\Antivirus\JsonRpcServer.dll
2017-09-30 15:30 - 2017-09-30 15:30 - 000213024 _____ () C:\Program Files\AVG\Antivirus\event_routing_rpc.dll
2017-09-30 15:30 - 2017-09-30 15:30 - 000243080 _____ () C:\Program Files\AVG\Antivirus\tasks_core.dll
2017-09-30 15:30 - 2017-09-30 15:30 - 000150688 _____ () C:\Program Files\AVG\Antivirus\network_notifications.dll
2017-10-02 09:52 - 2017-10-02 09:52 - 005886424 _____ () C:\Program Files\AVG\Antivirus\defs\17100202\algo.dll
2017-09-30 17:43 - 2017-09-30 17:44 - 000693528 _____ () C:\Program Files\AVG\Antivirus\ffl2.dll
2017-09-30 15:30 - 2017-09-30 15:30 - 000242568 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2017-10-04 13:44 - 2017-10-04 13:44 - 005886936 _____ () C:\Program Files\AVG\Antivirus\defs\17100404\algo.dll
2017-10-05 11:05 - 2017-10-05 11:05 - 005887960 _____ () C:\Program Files\AVG\Antivirus\defs\17100504\algo.dll
2017-08-06 14:31 - 2017-08-06 14:29 - 048920064 _____ () C:\Program Files\AVG\UiDll\2623\libcef.dll
2017-08-06 14:36 - 2017-08-06 14:36 - 048936448 _____ () C:\Program Files\AVG\Antivirus\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2006-09-18 16:41 - 000000761 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2417886996-1675011580-1612834487-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\cityscape_1920x1200.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{949E4A24-B0ED-4C29-BE3A-ECCC22384829}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{1BFF7CE3-492B-40F2-8FDE-4316FA1C6EF0}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{09EFF972-7856-4726-AF99-1C175102C0E3}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{5AB7E1F5-DE7D-4AD7-8CC1-06274DEE668F}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{45880DD1-04D0-4FB2-8058-B8B0FFF9C61B}] => (Allow) svchost.exe
FirewallRules: [{77BCCE86-4138-4450-9D3D-AA40D1ED2D5D}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{022992F8-5E36-494F-BB2F-6A4B65A7082C}] => (Allow) LPort=80
FirewallRules: [{D118F2E6-D70B-4D88-A764-5101F6B1EA12}] => (Allow) LPort=80
FirewallRules: [{ED720003-8828-4A9A-9EFC-0E26CA8F474F}] => (Allow) LPort=80
FirewallRules: [{BB550EAB-B025-444B-95BB-4FCF09A63690}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{85418FB2-6742-425B-9181-371F5038FAF5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{57C36A8C-D6D2-47D6-AC2A-4C917BE0E585}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{C4716F60-640A-4E63-A82E-B6866FDCB09D}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{D89FEFD9-2901-47E3-AF38-4770790444B6}] => (Allow) LPort=5357
FirewallRules: [{E17CB984-1676-4D34-BACA-29A22420C977}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe

==================== Restore Points =========================

15-09-2017 17:30:23 Scheduled Checkpoint
20-09-2017 16:09:32 Scheduled Checkpoint
30-09-2017 13:14:12 Scheduled Checkpoint
30-09-2017 15:02:26 Restore Operation
30-09-2017 17:53:43 Windows Update
01-10-2017 13:24:44 Scheduled Checkpoint
02-10-2017 06:12:40 Scheduled Checkpoint
02-10-2017 10:54:17 Device Driver Package Install: HP Printers
02-10-2017 10:55:11 Device Driver Package Install: Hewlett-Packard Imaging devices
02-10-2017 10:55:44 Device Driver Package Install: Hewlett-Packard Universal Serial Bus controllers
04-10-2017 15:55:18 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/04/2017 01:57:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt> with error: This operation returned because the timeout period expired.
.

Error: (10/04/2017 01:43:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/02/2017 10:48:41 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt> with error: This operation returned because the timeout period expired.
.

Error: (10/02/2017 10:00:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/02/2017 09:56:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.0.6001.18164 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1c4
Start Time: 01d33adbd67ac7f1
Termination Time: 0

Error: (10/01/2017 12:36:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/01/2017 12:34:19 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: The COM+ Event System could not remove the EventSystem.EventSubscription object {AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.  The HRESULT was 80070005.

Error: (10/01/2017 12:22:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/01/2017 12:20:34 PM) (Source: MsiInstaller) (EventID: 11402) (User: Catria-PC)
Description: Product: AVG PC TuneUp -- Error 1402. Could not open key: HKEY_CURRENT_USER\Software\AVG\AWL.  System error 1018.  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (10/01/2017 12:15:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt> with error: The specified server cannot perform the requested operation.
.


System errors:
=============
Error: (10/04/2017 01:56:28 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: Event-ID 6

Error: (10/04/2017 01:55:46 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: Event-ID 6

Error: (10/04/2017 01:53:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AVG Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (10/04/2017 01:43:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (10/04/2017 01:43:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (10/04/2017 01:42:39 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: Unable to initialize the security package Kerberos for server side authentication.  The data field contains the error number.

Error: (10/02/2017 10:00:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (10/02/2017 10:00:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (10/02/2017 09:59:44 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: Unable to initialize the security package Kerberos for server side authentication.  The data field contains the error number.

Error: (10/01/2017 12:36:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


CodeIntegrity:
===================================
  Date: 2017-10-05 11:59:01.627
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-05 11:59:01.486
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-05 11:59:01.346
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-05 11:59:01.205
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-05 11:59:00.956
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-05 11:59:00.800
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-05 11:59:00.644
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-05 11:59:00.425
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 70%
Total physical RAM: 2009.63 MB
Available physical RAM: 590.09 MB
Total Virtual: 4260.56 MB
Available Virtual: 2105.5 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:134.36 GB) (Free:93.35 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.66 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 alovelyladee

alovelyladee
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 05 October 2017 - 01:07 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2017 01
Ran by Catria (administrator) on CATRIA-PC (05-10-2017 11:58:27)
Running from C:\Users\Catria\Downloads
Loaded Profiles: Catria (Available Profiles: Catria)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\afwServ.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Users\Catria\Downloads\aswMBR.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [217088 2009-03-31] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483428 2009-03-31] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3810304 2008-12-21] (Dell Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [1735760 2009-01-09] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-05-07] (Intel Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-09-14] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [289248 2017-09-30] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-01-30] (SupportSoft, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
Startup: C:\Users\Catria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2017-08-06]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-07-12]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-07-12]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8589D407-7A4C-406F-A3A2-91D962501A0F}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-2417886996-1675011580-1612834487-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/intl/en/chrome/browser/desktop/index.html#
HKU\S-1-5-21-2417886996-1675011580-1612834487-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
HKU\S-1-5-21-2417886996-1675011580-1612834487-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.mozilla.org/en-US/firefox/new/?scene=2
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04] (Microsoft Corp.)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-12] (Sun Microsystems, Inc.)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08] (Microsoft Corporation)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2417886996-1675011580-1612834487-1001 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08] (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-08-23] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 6ek3tuz5.default
FF ProfilePath: C:\Users\Catria\AppData\Roaming\Mozilla\Firefox\Profiles\6ek3tuz5.default [2017-10-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2017-08-15] [not signed]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll [2008-10-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-18] (Google Inc.)

Chrome:
=======
CHR NewTab: Default ->  Active:"chrome-extension://lmibdmeehggmjlpiafcbanaaecagcfmg/newtab/newtab.html"
CHR Profile: C:\Users\Catria\AppData\Local\Google\Chrome\User Data\Default [2017-10-02]
CHR Extension: (Google Slides) - C:\Users\Catria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-18]
CHR Extension: (Google Docs) - C:\Users\Catria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-18]
CHR Extension: (Google Drive) - C:\Users\Catria\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-18]
CHR Extension: (YouTube) - C:\Users\Catria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-18]
CHR Extension: (Google Sheets) - C:\Users\Catria\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-18]
CHR Extension: (Google Docs Offline) - C:\Users\Catria\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-18]
CHR Extension: (My Quick Converter) - C:\Users\Catria\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmibdmeehggmjlpiafcbanaaecagcfmg [2017-09-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Catria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-30]
CHR Extension: (Gmail) - C:\Users\Catria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [81920 2009-03-31] (Andrea Electronics Corporation)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [276328 2017-09-30] (AVG Technologies CZ, s.r.o.)
R2 AVG Firewall; C:\Program Files\AVG\Antivirus\afwServ.exe [324096 2017-09-30] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5881008 2017-09-30] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-09-14] (AVG Technologies CZ, s.r.o.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2009-01-30] (SupportSoft, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe [254042 2009-03-31] (IDT, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-21] (Dell Inc.) [File not signed]
R2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgbdisk; C:\Windows\system32\drivers\avgbdiskx.sys [135872 2017-10-04] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdriverx.sys [249232 2017-10-04] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\Windows\system32\drivers\avgbidshx.sys [151024 2017-10-04] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\Windows\system32\drivers\avgblogx.sys [270344 2017-10-04] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\Windows\system32\drivers\avgbunivx.sys [43992 2017-10-04] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [35264 2017-10-04] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [117368 2017-10-04] (AVG Technologies CZ, s.r.o.)
R0 avgNdis; C:\Windows\System32\DRIVERS\avgNdis.sys [25784 2017-08-06] (AVG Technologies CZ, s.r.o.)
R0 avgNdis2; C:\Windows\system32\drivers\avgNdis2.sys [333480 2017-10-04] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\Windows\system32\drivers\avgRdr.sys [62528 2017-10-04] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [63280 2017-10-04] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [770368 2017-10-04] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [491976 2017-10-04] (AVG Technologies CZ, s.r.o.)
R3 avgStmXP; C:\Windows\system32\drivers\avgStmXP.sys [196272 2017-10-04] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [290264 2017-10-04] (AVG Technologies CZ, s.r.o.)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-21] (Broadcom Corporation)
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; C:\Program Files\Dell Support Center\HWDiag\bin\PCD5SRVC.pkms [22904 2008-11-04] (PC-Doctor, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U3 aswMBR; \??\C:\Users\Catria\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Catria\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-05 11:58 - 2017-10-05 11:59 - 000015679 _____ C:\Users\Catria\Downloads\FRST.txt
2017-10-05 11:57 - 2017-10-05 11:58 - 000000000 ____D C:\FRST
2017-10-05 11:56 - 2017-10-05 11:56 - 001796096 _____ (Farbar) C:\Users\Catria\Downloads\FRST.exe
2017-10-04 14:47 - 2017-10-04 14:47 - 000004150 _____ C:\Users\Catria\Desktop\aswMBR.txt
2017-10-04 14:47 - 2017-10-04 14:47 - 000003959 _____ C:\Users\Catria\Documents\aswMBR.txt
2017-10-04 14:47 - 2017-10-04 14:47 - 000000512 _____ C:\Users\Catria\Documents\MBR.dat
2017-10-04 14:47 - 2017-10-04 14:47 - 000000512 _____ C:\Users\Catria\Desktop\MBR.dat
2017-10-04 14:03 - 2017-10-04 14:03 - 005198336 _____ (AVAST Software) C:\Users\Catria\Downloads\aswMBR.exe
2017-10-04 14:02 - 2017-10-04 14:02 - 005198336 _____ (AVAST Software) C:\Users\Catria\Downloads\aswMBR.exe.part
2017-10-04 14:00 - 2017-10-04 14:00 - 000305936 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\avgBoot.exe
2017-10-02 12:16 - 2017-10-02 12:16 - 000081699 _____ C:\Users\Catria\Downloads\Statement_09-16-2017(1).pdf
2017-10-02 12:15 - 2017-10-02 12:16 - 000081699 _____ C:\Users\Catria\Downloads\Statement_09-16-2017.pdf
2017-10-02 11:42 - 2017-10-02 11:42 - 000250357 _____ C:\Users\Catria\Documents\Michael 2012 page 4.pdf
2017-10-02 11:39 - 2017-10-02 11:39 - 000611329 _____ C:\Users\Catria\Documents\Michael 2012 page 2.pdf
2017-10-02 11:39 - 2017-10-02 11:39 - 000266044 _____ C:\Users\Catria\Documents\Michael 2012 page 3.pdf
2017-10-02 11:38 - 2017-10-02 11:38 - 000546090 _____ C:\Users\Catria\Documents\Michael 2012 page 1.pdf
2017-10-02 11:37 - 2017-10-02 11:37 - 000199958 _____ C:\Users\Catria\Documents\Michael 2013 page 3.pdf
2017-10-02 11:36 - 2017-10-02 11:36 - 000612280 _____ C:\Users\Catria\Documents\Michael 2013 page 2.pdf
2017-10-02 11:35 - 2017-10-02 11:35 - 000539673 _____ C:\Users\Catria\Documents\Michael 2013 page 1.pdf
2017-10-02 11:34 - 2017-10-02 11:34 - 000080121 _____ C:\Users\Catria\Documents\Michael 2014 page 4.pdf
2017-10-02 11:33 - 2017-10-02 11:33 - 000659368 _____ C:\Users\Catria\Documents\Michael 2014 page 2.pdf
2017-10-02 11:33 - 2017-10-02 11:33 - 000269595 _____ C:\Users\Catria\Documents\Michael 2014 page 3.pdf
2017-10-02 11:32 - 2017-10-02 11:32 - 000540120 _____ C:\Users\Catria\Documents\Michael 2014 page 1.pdf
2017-10-02 11:31 - 2017-10-02 11:31 - 000146864 _____ C:\Users\Catria\Documents\Michael 2015 page 5.pdf
2017-10-02 11:28 - 2017-10-02 11:28 - 000271548 _____ C:\Users\Catria\Documents\Michael 2015 page 4.pdf
2017-10-02 11:27 - 2017-10-02 11:27 - 000265262 _____ C:\Users\Catria\Documents\Michael 2015 page 3.pdf
2017-10-02 11:26 - 2017-10-02 11:26 - 000655224 _____ C:\Users\Catria\Documents\Michael 2015 page 2.pdf
2017-10-02 11:25 - 2017-10-02 11:25 - 000543398 _____ C:\Users\Catria\Documents\Michael 2015 page 1.pdf
2017-10-02 11:23 - 2017-10-02 11:23 - 000078622 _____ C:\Users\Catria\Documents\Michael 2016 page 4.pdf
2017-10-02 11:22 - 2017-10-02 11:22 - 000280572 _____ C:\Users\Catria\Documents\Michael 2016 page 3.pdf
2017-10-02 11:21 - 2017-10-02 11:21 - 000660830 _____ C:\Users\Catria\Documents\Michael 2016 page 2.pdf
2017-10-02 11:20 - 2017-10-02 11:20 - 000547407 _____ C:\Users\Catria\Documents\Michael 2016 page 1.pdf
2017-10-02 11:18 - 2017-10-02 11:18 - 000074319 _____ C:\Users\Catria\Documents\Scan 7.pdf
2017-10-02 11:16 - 2017-10-02 11:16 - 000123310 _____ C:\Users\Catria\Documents\Scan 6.pdf
2017-10-02 11:15 - 2017-10-02 11:15 - 000480436 _____ C:\Users\Catria\Documents\Scan 5.pdf
2017-10-02 11:14 - 2017-10-02 11:14 - 000595828 _____ C:\Users\Catria\Documents\Scan 4.pdf
2017-10-02 11:13 - 2017-10-02 11:13 - 000541566 _____ C:\Users\Catria\Documents\Scan 3.pdf
2017-10-02 11:12 - 2017-10-02 11:12 - 000172443 _____ C:\Users\Catria\Documents\Scan 2.pdf
2017-10-02 11:10 - 2017-10-02 11:44 - 000000000 ____D C:\Users\Catria\AppData\Local\Adobe
2017-10-02 11:10 - 2017-10-02 11:10 - 000093012 _____ C:\Users\Catria\Documents\Scan 1.pdf
2017-10-02 10:57 - 2017-10-02 10:57 - 000001790 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2017-10-02 10:57 - 2017-10-02 10:57 - 000000000 ____D C:\Users\Catria\AppData\Roaming\HpUpdate
2017-10-02 10:57 - 2017-10-02 10:57 - 000000000 ____D C:\ProgramData\Visan
2017-10-02 10:57 - 2017-10-02 10:57 - 000000000 ____D C:\ProgramData\HP Photo Creations
2017-10-02 10:57 - 2017-10-02 10:57 - 000000000 ____D C:\Program Files\HP Photo Creations
2017-10-02 10:57 - 2017-10-02 10:57 - 000000000 ____D C:\Program Files\Hewlett-Packard
2017-10-02 10:56 - 2017-10-02 10:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-10-02 10:56 - 2017-10-02 10:56 - 000002117 _____ C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk
2017-10-02 10:56 - 2017-10-02 10:56 - 000001064 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 2540 series.lnk
2017-10-02 10:56 - 2014-03-06 11:48 - 000597512 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMC211.dll
2017-10-02 10:53 - 2017-10-02 10:57 - 000000000 ____D C:\Users\Catria\AppData\Local\HP
2017-10-02 10:53 - 2017-10-02 10:57 - 000000000 ____D C:\Program Files\HP
2017-10-02 10:53 - 2017-10-02 10:53 - 000000057 _____ C:\ProgramData\Ament.ini
2017-10-02 10:53 - 2017-10-02 10:53 - 000000000 ____D C:\ProgramData\HP
2017-10-02 10:51 - 2017-10-02 10:52 - 106859936 _____ C:\Users\Catria\Downloads\DJ2540_188 (1).exe
2017-10-02 10:50 - 2017-10-02 10:50 - 106859936 _____ C:\Users\Catria\Downloads\DJ2540_188.exe
2017-10-01 12:57 - 2017-10-01 12:57 - 000000000 ____D C:\Users\Catria\AppData\Local\Stardock_Corporation
2017-10-01 12:21 - 2017-10-01 12:21 - 000000000 ____D C:\Windows\All Users
2017-09-30 17:38 - 2017-09-30 17:39 - 003449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Catria\Desktop\AVG_Protection_Free_1606.exe
2017-09-30 12:27 - 2017-09-30 12:28 - 124305050 _____ C:\Users\Catria\Downloads\Unconfirmed 642809.crdownload
2017-09-30 12:15 - 2017-09-30 12:17 - 282066944 _____ C:\Users\Catria\Downloads\gparted-live-0.29.0-1-i686.iso

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-05 11:04 - 2006-11-02 07:45 - 000003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-05 11:04 - 2006-11-02 07:45 - 000003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-04 14:00 - 2017-08-06 14:37 - 000196272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgStmXP.sys
2017-10-04 14:00 - 2017-08-06 14:36 - 000770368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSnx.sys
2017-10-04 14:00 - 2017-08-06 14:36 - 000491976 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgSP.sys
2017-10-04 14:00 - 2017-08-06 14:36 - 000290264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgVmm.sys
2017-10-04 14:00 - 2017-08-06 14:36 - 000117368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgMonFlt.sys
2017-10-04 14:00 - 2017-08-06 14:36 - 000063280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRvrt.sys
2017-10-04 14:00 - 2017-08-06 14:36 - 000062528 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgRdr.sys
2017-10-04 14:00 - 2017-08-06 14:36 - 000035264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgHwid.sys
2017-10-04 14:00 - 2017-08-06 14:29 - 000000000 ____D C:\ProgramData\Avg
2017-10-04 13:59 - 2017-08-06 16:48 - 000333480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgNdis2.sys
2017-10-04 13:59 - 2017-08-06 14:36 - 000270344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgblogx.sys
2017-10-04 13:59 - 2017-08-06 14:36 - 000249232 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidsdriverx.sys
2017-10-04 13:59 - 2017-08-06 14:36 - 000151024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbidshx.sys
2017-10-04 13:59 - 2017-08-06 14:36 - 000135872 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbdiskx.sys
2017-10-04 13:59 - 2017-08-06 14:36 - 000043992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgbunivx.sys
2017-10-04 13:58 - 2017-08-18 05:10 - 000000000 ____D C:\Users\Catria\AppData\LocalLow\Mozilla
2017-10-04 13:48 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\inf
2017-10-04 13:48 - 2006-11-02 05:33 - 000703388 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-04 13:42 - 2006-11-02 07:58 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-03 06:19 - 2006-11-02 07:58 - 000014510 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-10-02 11:44 - 2017-08-06 14:18 - 000000000 ____D C:\Users\Catria\AppData\Roaming\Adobe
2017-10-02 10:56 - 2017-08-06 13:51 - 000000000 ____D C:\Users\Catria
2017-10-02 09:59 - 2017-08-18 05:10 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-10-02 09:59 - 2017-08-18 05:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-02 09:51 - 2009-07-12 20:07 - 000000376 _____ C:\Windows\ODBC.INI
2017-10-01 12:21 - 2017-08-06 14:31 - 000000000 ____D C:\Program Files\AVG
2017-10-01 12:20 - 2017-08-06 14:29 - 000000000 ____D C:\Users\Catria\AppData\Local\Avg
2017-10-01 12:20 - 2017-08-06 13:53 - 000000917 _____ C:\Users\Catria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2017-10-01 12:18 - 2017-08-06 14:29 - 000000000 ____D C:\Users\Catria\AppData\Local\AvgSetupLog
2017-09-30 18:26 - 2017-08-06 17:30 - 000000000 ___SD C:\Users\Catria\AppData\LocalLow\Temp
2017-09-30 17:44 - 2017-08-06 14:36 - 000290264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw156d7e7997b9d09b.tmp
2017-09-30 15:40 - 2017-08-06 14:33 - 000000747 _____ C:\Users\Public\Desktop\AVG.lnk
2017-09-30 15:40 - 2017-08-06 14:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-09-30 15:31 - 2017-08-06 14:37 - 000195128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw64c5b1b568bb6338.tmp
2017-09-30 15:31 - 2017-08-06 14:36 - 000492552 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw4f8004efdb534e49.tmp
2017-09-30 15:31 - 2017-08-06 14:36 - 000117368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw4c421538ad701f3c.tmp
2017-09-30 15:31 - 2017-08-06 14:36 - 000063280 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw350cd8afb98490a0.tmp
2017-09-30 15:31 - 2017-08-06 14:36 - 000062528 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw18e97dbb7a24ec74.tmp
2017-09-30 15:31 - 2017-08-06 14:36 - 000035264 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswdda3bfdfaffc1883.tmp
2017-09-30 15:30 - 2017-08-06 16:48 - 000332968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswdc2e0718010a9b61.tmp
2017-09-30 15:30 - 2017-08-06 14:36 - 000766216 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw2e2afc27e55a3c72.tmp
2017-09-30 15:30 - 2017-08-06 14:36 - 000270344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw12594325ea02d019.tmp
2017-09-30 15:30 - 2017-08-06 14:36 - 000261128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw9638ffaeaef6f96e.tmp
2017-09-30 15:30 - 2017-08-06 14:36 - 000151024 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswfca8de7b12c67a09.tmp
2017-09-30 15:30 - 2017-08-06 14:36 - 000135872 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\aswcae17fe565fbf6a7.tmp
2017-09-30 15:30 - 2017-08-06 14:36 - 000043992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\asw4c16bd9f040e653f.tmp
2017-09-30 15:11 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\system32\Msdtc
2017-09-30 15:11 - 2006-11-02 05:22 - 033292288 _____ C:\Windows\system32\config\components_previous
2017-09-30 15:11 - 2006-11-02 05:22 - 030408704 _____ C:\Windows\system32\config\software_previous
2017-09-30 15:11 - 2006-11-02 05:22 - 023068672 _____ C:\Windows\system32\config\system_previous
2017-09-30 15:11 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\security_previous
2017-09-30 15:11 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\sam_previous
2017-09-30 15:11 - 2006-11-02 05:22 - 000262144 _____ C:\Windows\system32\config\default_previous
2017-09-30 15:10 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\system32\spool
2017-09-30 15:10 - 2006-11-02 06:18 - 000000000 ____D C:\Windows\registration
2017-09-13 15:34 - 2017-08-12 20:34 - 000000680 _____ C:\Users\Catria\AppData\Local\d3d9caps.dat

==================== Files in the root of some directories =======

2017-08-12 20:34 - 2017-09-13 15:34 - 000000680 _____ () C:\Users\Catria\AppData\Local\d3d9caps.dat
2017-10-02 10:53 - 2017-10-02 10:53 - 000000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-04 13:48

==================== End of FRST.txt ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2017 01
Ran by Catria (05-10-2017 11:59:25)
Running from C:\Users\Catria\Downloads
Microsoft® Windows Vista™ Home Basic  Service Pack 1 (X86) (2009-07-12 19:41:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2417886996-1675011580-1612834487-500 - Administrator - Disabled)
Catria (S-1-5-21-2417886996-1675011580-1612834487-1001 - Administrator - Enabled) => C:\Users\Catria
Guest (S-1-5-21-2417886996-1675011580-1612834487-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Antivirus (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Antivirus (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
AVG (HKLM\...\{1D382E7D-7E8B-4C85-9233-287017A66599}) (Version: 1.211.2 - AVG Technologies) Hidden
AVG Internet Security (HKLM\...\AVG Antivirus) (Version: 17.7.3032 - AVG Technologies)
Banctec Service Agreement (HKLM\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Choice Guard (HKLM\...\{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}) (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.08335 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.4.115.101 - Alps Electric)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
FMW 1 (HKLM\...\{E2258604-A4CB-4F29-BB9F-58081E193EAA}) (Version: 1.224.4 - AVG Technologies) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HP Deskjet 2540 series Basic Device Software (HKLM\...\{516046F1-6F81-4967-8E63-32273AE2A929}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java™ 6 Update 13 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
Junk Mail filter update (HKLM\...\{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}) (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Word 2003 (HKLM\...\{901B0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 2.0.31005.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 52.4.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.4.0 ESR (x86 en-US)) (Version: 52.4.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.4.0.6473 - Mozilla)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{03E72F11-8D79-4C5C-9659-121ADD6A0846}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
QuickSet (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 9.2.17 - Dell Inc.)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}) (Version: 5.000.817.1 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2017-09-30] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-03-31] (Intel Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2017-09-30] (AVG Technologies CZ, s.r.o.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2D2DEC4F-74BB-4FB5-9626-21B3A60365F1} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => %windir%\system32\rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries <==== ATTENTION
Task: {35BB9EF0-0937-4550-99D3-C2C0EE641B82} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2017-10-04] (AVG Technologies CZ, s.r.o.)
Task: {6A3C9A2F-1866-4FFF-8D9A-6AB063F70AF4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-08-18] (Google Inc.)
Task: {76DE3F28-9168-492E-B8FC-BA01D056C1B0} - System32\Tasks\Launch BCM WLAN Tray => C:\Windows\system32\WLTRAY.EXE [2008-12-21] (Dell Inc.)
Task: {84B9C8F4-86BA-48A1-9A5C-0BF229E394BF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-08-18] (Google Inc.)
Task: {CC19F1DF-F0F2-4C8E-A7F8-985CCF40ACB1} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {CF0292EA-6D13-4B10-89C2-6D7AE79BBD53} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2009-07-12 19:57 - 2008-12-21 13:34 - 000026112 _____ () C:\Windows\System32\WLTRYSVC.EXE
2009-07-12 19:57 - 2008-12-21 13:32 - 000054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2017-09-30 15:30 - 2017-09-30 15:30 - 000060160 _____ () C:\Program Files\AVG\Antivirus\module_lifetime.dll
2017-09-30 15:30 - 2017-09-30 15:30 - 000168216 _____ () C:\Program Files\AVG\Antivirus\JsonRpcServer.dll
2017-09-30 15:30 - 2017-09-30 15:30 - 000213024 _____ () C:\Program Files\AVG\Antivirus\event_routing_rpc.dll
2017-09-30 15:30 - 2017-09-30 15:30 - 000243080 _____ () C:\Program Files\AVG\Antivirus\tasks_core.dll
2017-09-30 15:30 - 2017-09-30 15:30 - 000150688 _____ () C:\Program Files\AVG\Antivirus\network_notifications.dll
2017-10-02 09:52 - 2017-10-02 09:52 - 005886424 _____ () C:\Program Files\AVG\Antivirus\defs\17100202\algo.dll
2017-09-30 17:43 - 2017-09-30 17:44 - 000693528 _____ () C:\Program Files\AVG\Antivirus\ffl2.dll
2017-09-30 15:30 - 2017-09-30 15:30 - 000242568 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2017-10-04 13:44 - 2017-10-04 13:44 - 005886936 _____ () C:\Program Files\AVG\Antivirus\defs\17100404\algo.dll
2017-10-05 11:05 - 2017-10-05 11:05 - 005887960 _____ () C:\Program Files\AVG\Antivirus\defs\17100504\algo.dll
2017-08-06 14:31 - 2017-08-06 14:29 - 048920064 _____ () C:\Program Files\AVG\UiDll\2623\libcef.dll
2017-08-06 14:36 - 2017-08-06 14:36 - 048936448 _____ () C:\Program Files\AVG\Antivirus\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2006-09-18 16:41 - 000000761 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2417886996-1675011580-1612834487-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\cityscape_1920x1200.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{949E4A24-B0ED-4C29-BE3A-ECCC22384829}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{1BFF7CE3-492B-40F2-8FDE-4316FA1C6EF0}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{09EFF972-7856-4726-AF99-1C175102C0E3}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{5AB7E1F5-DE7D-4AD7-8CC1-06274DEE668F}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{45880DD1-04D0-4FB2-8058-B8B0FFF9C61B}] => (Allow) svchost.exe
FirewallRules: [{77BCCE86-4138-4450-9D3D-AA40D1ED2D5D}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{022992F8-5E36-494F-BB2F-6A4B65A7082C}] => (Allow) LPort=80
FirewallRules: [{D118F2E6-D70B-4D88-A764-5101F6B1EA12}] => (Allow) LPort=80
FirewallRules: [{ED720003-8828-4A9A-9EFC-0E26CA8F474F}] => (Allow) LPort=80
FirewallRules: [{BB550EAB-B025-444B-95BB-4FCF09A63690}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{85418FB2-6742-425B-9181-371F5038FAF5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{57C36A8C-D6D2-47D6-AC2A-4C917BE0E585}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{C4716F60-640A-4E63-A82E-B6866FDCB09D}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{D89FEFD9-2901-47E3-AF38-4770790444B6}] => (Allow) LPort=5357
FirewallRules: [{E17CB984-1676-4D34-BACA-29A22420C977}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe

==================== Restore Points =========================

15-09-2017 17:30:23 Scheduled Checkpoint
20-09-2017 16:09:32 Scheduled Checkpoint
30-09-2017 13:14:12 Scheduled Checkpoint
30-09-2017 15:02:26 Restore Operation
30-09-2017 17:53:43 Windows Update
01-10-2017 13:24:44 Scheduled Checkpoint
02-10-2017 06:12:40 Scheduled Checkpoint
02-10-2017 10:54:17 Device Driver Package Install: HP Printers
02-10-2017 10:55:11 Device Driver Package Install: Hewlett-Packard Imaging devices
02-10-2017 10:55:44 Device Driver Package Install: Hewlett-Packard Universal Serial Bus controllers
04-10-2017 15:55:18 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/04/2017 01:57:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt> with error: This operation returned because the timeout period expired.
.

Error: (10/04/2017 01:43:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/02/2017 10:48:41 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt> with error: This operation returned because the timeout period expired.
.

Error: (10/02/2017 10:00:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/02/2017 09:56:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.0.6001.18164 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1c4
Start Time: 01d33adbd67ac7f1
Termination Time: 0

Error: (10/01/2017 12:36:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/01/2017 12:34:19 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: The COM+ Event System could not remove the EventSystem.EventSubscription object {AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.  The HRESULT was 80070005.

Error: (10/01/2017 12:22:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/01/2017 12:20:34 PM) (Source: MsiInstaller) (EventID: 11402) (User: Catria-PC)
Description: Product: AVG PC TuneUp -- Error 1402. Could not open key: HKEY_CURRENT_USER\Software\AVG\AWL.  System error 1018.  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (10/01/2017 12:15:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt> with error: The specified server cannot perform the requested operation.
.


System errors:
=============
Error: (10/04/2017 01:56:28 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: Event-ID 6

Error: (10/04/2017 01:55:46 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: Event-ID 6

Error: (10/04/2017 01:53:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AVG Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (10/04/2017 01:43:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (10/04/2017 01:43:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (10/04/2017 01:42:39 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: Unable to initialize the security package Kerberos for server side authentication.  The data field contains the error number.

Error: (10/02/2017 10:00:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (10/02/2017 10:00:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (10/02/2017 09:59:44 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: Unable to initialize the security package Kerberos for server side authentication.  The data field contains the error number.

Error: (10/01/2017 12:36:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


CodeIntegrity:
===================================
  Date: 2017-10-05 11:59:01.627
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-05 11:59:01.486
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-05 11:59:01.346
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-05 11:59:01.205
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-05 11:59:00.956
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-05 11:59:00.800
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-05 11:59:00.644
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-10-05 11:59:00.425
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 70%
Total physical RAM: 2009.63 MB
Available physical RAM: 590.09 MB
Total Virtual: 4260.56 MB
Available Virtual: 2105.5 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:134.36 GB) (Free:93.35 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.66 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:52 PM

Posted 05 October 2017 - 01:27 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn your System Restore ON - Windows Help
https://support.microsoft.com/en-us/help/17228/windows-protect-my-pc-from-viruses
<<<>>>

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
CHR NewTab: Default ->  Active:"chrome-extension://lmibdmeehggmjlpiafcbanaaecagcfmg/newtab/newtab.html"
R2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U3 aswMBR; \??\C:\Users\Catria\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Catria\AppData\Local\Temp\aswVmm.sys [X]
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===
When all is well update the obsolete programs reported.

Please download Security Analysis by Rocket Grannie from here
  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • When finished, a Notepad window will open with the results of the scan.
  • The log named SALog.txt can also be found on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • For your security I suggest you update all the old programs.
Note: If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.
Note: The link to the most current version of the program will always be in the first post of this topic.
Note: Windows 10 may pop up a warning message.
Note: The current java version on XP will show as "out of date".
Note: Flash Player is pre-installed in Google Chrome and updates automatically!
Note: Flash Player is pre-installed in IE/Hedge and updates automatically!
---

Please let me know what problem persists with this computer.

Edited by nasdaq, 06 October 2017 - 07:39 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:52 PM

Posted 06 October 2017 - 07:41 AM

Hi,

I have edited my previous post to include the instructions on how to restore your Firewall.

===

If you have any issues in following my instructions please let me know in this topic.
Do not create a new topic or by a Personal Message.

#5 alovelyladee

alovelyladee
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 06 October 2017 - 02:24 PM

how do you Run FRST?



#6 alovelyladee

alovelyladee
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 06 October 2017 - 05:42 PM

when ever I hit the fix button, it tells me that I dont know what im doing & closes.    



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:52 PM

Posted 07 October 2017 - 07:22 AM



Hi,

FRST is the Farbar Recovery Scan Tool (FRST)

It located and running from the Download folder.

C:\Users\Catria\Downloads

By now you should have created the fixlist.txt (My post no. 3)

Pleace the file in the Download folder. Run FRST and click the Run button.

Follow the rest of my instructions.

===

p.s.

If you get an error message please post the exact message for my review.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:52 PM

Posted 13 October 2017 - 07:04 AM

Are you still with me?

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:52 PM

Posted 19 October 2017 - 07:27 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users