Hello Broni:
Thanks for your support. While I am waiting for our Dell Inspiron, Windows 7, Laptop's scans to complete, here are logs of my old laptop that I worked on since yesterday. I have used this offline, except a couple of occasions. But, it is runnig a bit slow now. I would appreciate it if you could review these logs, too.
_______________
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by troubleshooter (administrator) on PC129202628113 (12-04-2017 12:36:13)
Running from C:\troubleshooter\spring17\security_sw
Loaded Profiles: troubleshooter (Available Profiles: Hamid Mirzad & Dorna & troubleshooter & Administrator & Guest)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
() C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\WINDOWS\vsnpstd2.exe
(Hewlett-Packard Company) C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\HPQ\Shared\hpqwmi.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPLpr] => C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [102492 2005-02-02] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1015808 2007-09-15] (Synaptics, Inc.)
HKLM\...\Run: [SNPSTD2] => C:\WINDOWS\vsnpstd2.exe [286720 2004-08-30] ()
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [794624 2005-04-01] (Hewlett-Packard Company)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [339968 2005-04-11] (ATI Technologies, Inc.)
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-15] (Synaptics, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-08-10] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [831576 2017-04-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03] (SUPERAntiSpyware.com)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2005-04-11] (ATI Technologies Inc.)
Winlogon\Notify\WgaLogon:
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-3770514664-2019765740-1449222041-1009\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Startup: C:\Documents and Settings\Dorna\Start Menu\Programs\Startup\LimeWire On Startup.lnk [2006-05-23]
ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files\LimeWire\LimeWire.exe (No File)
Startup: C:\Documents and Settings\Hamid Mirzad\Start Menu\Programs\Startup\wkcalrem.LNK [2006-03-04]
ShortcutTarget: wkcalrem.LNK -> C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
BootExecute: autocheck autochk * ?????
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9 01 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2016-02-22] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2016-02-22] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 22 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2016-02-22] (Avira Operations GmbH & Co. KG)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{66C89E5A-7395-438C-96E6-A39EDB29D439}: [DhcpNameServer] 10.0.0.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3770514664-2019765740-1449222041-1009\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3770514664-2019765740-1449222041-1009\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://login.yahoo.com/config/login_verify2?&.src=ym
HKU\S-1-5-21-3770514664-2019765740-1449222041-1009\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-25] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-25] (Oracle Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226710311859
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll [2010-05-05] (Belarc, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\troubleshooter\Application Data\Mozilla\Firefox\Profiles\euyovg51.default [2017-04-12]
FF SelectedSearchEngine: C:\Documents and Settings\troubleshooter\Application Data\Mozilla\Firefox\Profiles\euyovg51.default -> Google
FF Homepage: C:\Documents and Settings\troubleshooter\Application Data\Mozilla\Firefox\Profiles\euyovg51.default -> hxxps://login.yahoo.com/config/login_verify2?&.src=ym
FF NetworkProxy: C:\Documents and Settings\troubleshooter\Application Data\Mozilla\Firefox\Profiles\euyovg51.default -> autoconfig_url", "http://dewey.smc.edu/wpad.dat"
FF NetworkProxy: C:\Documents and Settings\troubleshooter\Application Data\Mozilla\Firefox\Profiles\euyovg51.default -> http", "proxy2.smc.edu"
FF NetworkProxy: C:\Documents and Settings\troubleshooter\Application Data\Mozilla\Firefox\Profiles\euyovg51.default -> http_port", 80
FF NetworkProxy: C:\Documents and Settings\troubleshooter\Application Data\Mozilla\Firefox\Profiles\euyovg51.default -> type", 4
FF Extension: (Microsoft .NET Framework Assistant) - C:\Documents and Settings\troubleshooter\Application Data\Mozilla\Firefox\Profiles\euyovg51.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-08-26] [not signed]
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008-11-29] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-08-22] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_241.dll [2014-08-25] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-25] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-08-22] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2010-10-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2010-10-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2010-10-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2010-10-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2010-10-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2010-10-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2010-10-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npunagi2.dll [2005-08-09] (America Online, Inc.)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc.exe [970632 2017-04-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [470600 2017-04-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [470600 2017-04-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\AVWEBGRD.EXE [1253352 2017-04-10] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG)
R3 hpqwmi; C:\Program Files\HPQ\SHARED\HPQWMI.exe [98304 2005-03-04] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1355928 2010-09-05] (Lavasoft)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [38912 2005-02-22] () [File not signed]
S4 HidServ; %SystemRoot%\System32\hidserv.dll [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [39424 2004-08-11] (Advanced Micro Devices)
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2008-01-24] (Windows (R) 2000 DDK provider) [File not signed]
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [115600 2016-08-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [140272 2016-08-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2016-02-22] (Avira Operations GmbH & Co. KG)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2008-02-27] () [File not signed]
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1391104 2008-10-23] (Broadcom Corporation)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [55320 2005-01-18] (Broadcom Corporation.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 eabfiltr; C:\WINDOWS\system32\drivers\EABFiltr.sys [7432 2004-04-14] (Hewlett-Packard Company)
S3 eabusb; C:\WINDOWS\system32\drivers\eabusb.sys [5220 2003-06-06] (Hewlett-Packard Company)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-12] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-12] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP)
R3 HSFHWATI; C:\WINDOWS\System32\DRIVERS\HSFHWATI.sys [231424 2005-08-22] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-08-22] (Conexant Systems, Inc.)
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64288 2010-06-21] (Lavasoft AB)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC)
S3 snpstd2; C:\WINDOWS\System32\DRIVERS\snpstd2.sys [347264 2004-12-16] ()
U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-13] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; no ImagePath
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
U3 Winsock - Google Desktop Search Backup Before First Install; no ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-12 12:35 - 2017-04-12 12:36 - 00000000 ____D C:\FRST
2017-04-10 13:53 - 2007-01-11 19:10 - 00017408 _____ C:\Documents and Settings\Dorna\My Documents\Copy of WORK5.wps
2017-04-10 13:53 - 2006-08-17 21:02 - 06705134 _____ C:\Documents and Settings\Dorna\My Documents\Copy of LimeWireOSX.dmg
2017-04-10 11:16 - 2017-04-10 11:16 - 00000859 _____ C:\Documents and Settings\All Users\Desktop\Avira Launcher.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-12 12:37 - 2010-10-03 11:02 - 00000000 ____D C:\Documents and Settings\troubleshooter\Local Settings\temp
2017-04-12 12:29 - 2008-11-09 21:42 - 00000000 ____D C:\troubleshooter
2017-04-12 11:48 - 2004-08-07 06:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-12 11:47 - 2010-04-20 21:19 - 00032582 _____ C:\WINDOWS\SchedLgU.Txt
2017-04-12 11:46 - 2008-11-09 10:16 - 00000178 ___SH C:\Documents and Settings\troubleshooter\ntuser.ini
2017-04-12 11:46 - 2008-11-09 10:16 - 00000000 ____D C:\Documents and Settings\troubleshooter
2017-04-12 10:23 - 2004-08-07 06:16 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2017-04-10 16:29 - 2012-04-13 17:33 - 00242950 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2017-04-10 15:03 - 2009-04-13 19:39 - 00000000 ____D C:\Documents and Settings\troubleshooter\Application Data\Intuit
2017-04-10 15:03 - 2009-04-13 19:09 - 00000000 ____D C:\Program Files\TurboTax
2017-04-10 15:00 - 2005-10-06 10:09 - 00000000 ___RD C:\Documents and Settings\Hamid Mirzad\My Documents
2017-04-10 14:55 - 2010-10-03 11:02 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2017-04-10 13:55 - 2012-04-15 19:47 - 01466948 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3770514664-2019765740-1449222041-1009-0.dat
2017-04-10 13:53 - 2006-04-29 14:17 - 00000000 ___RD C:\Documents and Settings\Dorna\My Documents
2017-04-10 13:43 - 2008-11-10 20:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2017-04-10 11:42 - 2016-04-14 15:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2017-04-10 11:15 - 2016-04-14 15:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2017-04-10 10:36 - 2016-04-14 15:07 - 00018760 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\ssmdrv.sys
2017-03-19 19:47 - 2004-08-07 06:10 - 00521160 ____C C:\WINDOWS\system32\PerfStringBackup.INI
==================== Files in the root of some directories =======
2009-11-14 11:02 - 2009-11-14 11:02 - 0000000 _____ () C:\Documents and Settings\troubleshooter\Application Data\wklnhst.dat
2010-02-06 09:21 - 2010-02-06 09:21 - 0003584 _____ () C:\Documents and Settings\troubleshooter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-11-06 21:43 - 2006-11-06 21:56 - 0000780 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2012-04-13 16:52 - 2016-04-14 16:24 - 0001485 _____ () C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
2006-09-09 09:15 - 2010-09-05 16:20 - 0001759 ____C () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Some files in TEMP:
====================
2016-04-14 15:11 - 2016-04-14 15:11 - 0000000 ____D () C:\Documents and Settings\troubleshooter\Local Settings\temp\avgnt.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Thanks for your support. While I am waiting for our Dell Inspiron, Windows 7, Laptop's scans to complete, here are logs of my old laptop that I worked on since yesterday. I have used this offline, except a couple of occasions. But, it is runnig a bit slow now. I would appreciate it if you could review these logs, too.
_______________
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by troubleshooter (administrator) on PC129202628113 (12-04-2017 12:36:13)
Running from C:\troubleshooter\spring17\security_sw
Loaded Profiles: troubleshooter (Available Profiles: Hamid Mirzad & Dorna & troubleshooter & Administrator & Guest)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
() C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\WINDOWS\vsnpstd2.exe
(Hewlett-Packard Company) C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\HPQ\Shared\hpqwmi.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPLpr] => C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [102492 2005-02-02] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1015808 2007-09-15] (Synaptics, Inc.)
HKLM\...\Run: [SNPSTD2] => C:\WINDOWS\vsnpstd2.exe [286720 2004-08-30] ()
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [794624 2005-04-01] (Hewlett-Packard Company)
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [339968 2005-04-11] (ATI Technologies, Inc.)
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-15] (Synaptics, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-08-10] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [831576 2017-04-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03] (SUPERAntiSpyware.com)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2005-04-11] (ATI Technologies Inc.)
Winlogon\Notify\WgaLogon:
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-3770514664-2019765740-1449222041-1009\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Startup: C:\Documents and Settings\Dorna\Start Menu\Programs\Startup\LimeWire On Startup.lnk [2006-05-23]
ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files\LimeWire\LimeWire.exe (No File)
Startup: C:\Documents and Settings\Hamid Mirzad\Start Menu\Programs\Startup\wkcalrem.LNK [2006-03-04]
ShortcutTarget: wkcalrem.LNK -> C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
BootExecute: autocheck autochk * ?????
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9 01 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2016-02-22] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2016-02-22] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 22 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2016-02-22] (Avira Operations GmbH & Co. KG)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{66C89E5A-7395-438C-96E6-A39EDB29D439}: [DhcpNameServer] 10.0.0.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3770514664-2019765740-1449222041-1009\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3770514664-2019765740-1449222041-1009\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://login.yahoo.com/config/login_verify2?&.src=ym
HKU\S-1-5-21-3770514664-2019765740-1449222041-1009\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-25] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-25] (Oracle Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226710311859
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll [2010-05-05] (Belarc, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\troubleshooter\Application Data\Mozilla\Firefox\Profiles\euyovg51.default [2017-04-12]
FF SelectedSearchEngine: C:\Documents and Settings\troubleshooter\Application Data\Mozilla\Firefox\Profiles\euyovg51.default -> Google
FF Homepage: C:\Documents and Settings\troubleshooter\Application Data\Mozilla\Firefox\Profiles\euyovg51.default -> hxxps://login.yahoo.com/config/login_verify2?&.src=ym
FF NetworkProxy: C:\Documents and Settings\troubleshooter\Application Data\Mozilla\Firefox\Profiles\euyovg51.default -> autoconfig_url", "http://dewey.smc.edu/wpad.dat"
FF NetworkProxy: C:\Documents and Settings\troubleshooter\Application Data\Mozilla\Firefox\Profiles\euyovg51.default -> http", "proxy2.smc.edu"
FF NetworkProxy: C:\Documents and Settings\troubleshooter\Application Data\Mozilla\Firefox\Profiles\euyovg51.default -> http_port", 80
FF NetworkProxy: C:\Documents and Settings\troubleshooter\Application Data\Mozilla\Firefox\Profiles\euyovg51.default -> type", 4
FF Extension: (Microsoft .NET Framework Assistant) - C:\Documents and Settings\troubleshooter\Application Data\Mozilla\Firefox\Profiles\euyovg51.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-08-26] [not signed]
FF Extension: (No Name) - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008-11-29] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-08-22] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_241.dll [2014-08-25] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-25] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011-08-22] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2010-10-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2010-10-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2010-10-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2010-10-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2010-10-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2010-10-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2010-10-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npunagi2.dll [2005-08-09] (America Online, Inc.)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc.exe [970632 2017-04-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [470600 2017-04-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [470600 2017-04-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\AVWEBGRD.EXE [1253352 2017-04-10] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG)
R3 hpqwmi; C:\Program Files\HPQ\SHARED\HPQWMI.exe [98304 2005-03-04] (Hewlett-Packard Development Company, L.P.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1355928 2010-09-05] (Lavasoft)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [38912 2005-02-22] () [File not signed]
S4 HidServ; %SystemRoot%\System32\hidserv.dll [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [39424 2004-08-11] (Advanced Micro Devices)
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2008-01-24] (Windows (R) 2000 DDK provider) [File not signed]
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [115600 2016-08-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [140272 2016-08-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2016-02-22] (Avira Operations GmbH & Co. KG)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2008-02-27] () [File not signed]
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1391104 2008-10-23] (Broadcom Corporation)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [55320 2005-01-18] (Broadcom Corporation.) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 eabfiltr; C:\WINDOWS\system32\drivers\EABFiltr.sys [7432 2004-04-14] (Hewlett-Packard Company)
S3 eabusb; C:\WINDOWS\system32\drivers\eabusb.sys [5220 2003-06-06] (Hewlett-Packard Company)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-12] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-12] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP)
R3 HSFHWATI; C:\WINDOWS\System32\DRIVERS\HSFHWATI.sys [231424 2005-08-22] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [1035008 2005-08-22] (Conexant Systems, Inc.)
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64288 2010-06-21] (Lavasoft AB)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC)
S3 snpstd2; C:\WINDOWS\System32\DRIVERS\snpstd2.sys [347264 2004-12-16] ()
U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-13] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; no ImagePath
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
U3 Winsock - Google Desktop Search Backup Before First Install; no ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-12 12:35 - 2017-04-12 12:36 - 00000000 ____D C:\FRST
2017-04-10 13:53 - 2007-01-11 19:10 - 00017408 _____ C:\Documents and Settings\Dorna\My Documents\Copy of WORK5.wps
2017-04-10 13:53 - 2006-08-17 21:02 - 06705134 _____ C:\Documents and Settings\Dorna\My Documents\Copy of LimeWireOSX.dmg
2017-04-10 11:16 - 2017-04-10 11:16 - 00000859 _____ C:\Documents and Settings\All Users\Desktop\Avira Launcher.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-12 12:37 - 2010-10-03 11:02 - 00000000 ____D C:\Documents and Settings\troubleshooter\Local Settings\temp
2017-04-12 12:29 - 2008-11-09 21:42 - 00000000 ____D C:\troubleshooter
2017-04-12 11:48 - 2004-08-07 06:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-12 11:47 - 2010-04-20 21:19 - 00032582 _____ C:\WINDOWS\SchedLgU.Txt
2017-04-12 11:46 - 2008-11-09 10:16 - 00000178 ___SH C:\Documents and Settings\troubleshooter\ntuser.ini
2017-04-12 11:46 - 2008-11-09 10:16 - 00000000 ____D C:\Documents and Settings\troubleshooter
2017-04-12 10:23 - 2004-08-07 06:16 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2017-04-10 16:29 - 2012-04-13 17:33 - 00242950 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2017-04-10 15:03 - 2009-04-13 19:39 - 00000000 ____D C:\Documents and Settings\troubleshooter\Application Data\Intuit
2017-04-10 15:03 - 2009-04-13 19:09 - 00000000 ____D C:\Program Files\TurboTax
2017-04-10 15:00 - 2005-10-06 10:09 - 00000000 ___RD C:\Documents and Settings\Hamid Mirzad\My Documents
2017-04-10 14:55 - 2010-10-03 11:02 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2017-04-10 13:55 - 2012-04-15 19:47 - 01466948 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3770514664-2019765740-1449222041-1009-0.dat
2017-04-10 13:53 - 2006-04-29 14:17 - 00000000 ___RD C:\Documents and Settings\Dorna\My Documents
2017-04-10 13:43 - 2008-11-10 20:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2017-04-10 11:42 - 2016-04-14 15:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2017-04-10 11:15 - 2016-04-14 15:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2017-04-10 10:36 - 2016-04-14 15:07 - 00018760 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\ssmdrv.sys
2017-03-19 19:47 - 2004-08-07 06:10 - 00521160 ____C C:\WINDOWS\system32\PerfStringBackup.INI
==================== Files in the root of some directories =======
2009-11-14 11:02 - 2009-11-14 11:02 - 0000000 _____ () C:\Documents and Settings\troubleshooter\Application Data\wklnhst.dat
2010-02-06 09:21 - 2010-02-06 09:21 - 0003584 _____ () C:\Documents and Settings\troubleshooter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-11-06 21:43 - 2006-11-06 21:56 - 0000780 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2012-04-13 16:52 - 2016-04-14 16:24 - 0001485 _____ () C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
2006-09-09 09:15 - 2010-09-05 16:20 - 0001759 ____C () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Some files in TEMP:
====================
2016-04-14 15:11 - 2016-04-14 15:11 - 0000000 ____D () C:\Documents and Settings\troubleshooter\Local Settings\temp\avgnt.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================