I read your resolutions with others and got rid of the expired Symantic Corporate and installed Avast Internet Security but this Indexer.exe is still showing up under Zone Alarm Pro trying to access internet (which I deny) but I am finding multiple Indexer.exe running in task manager processes. I "end process" them but I find them back next day. I have run 32 bit Farbar and text is below.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-09-2015 01
Ran by Owner (administrator) on NO-COMP-NM (12-09-2015 00:40:14)
Running from C:\Documents and Settings\Owner\My Documents\Downloads\TechSpot tools 9-2015\Farbar First 32 bit\FRST-OlderVersion
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Zone Labs, LLC) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SafeNet Inc.) C:\WINDOWS\system32\hasplms.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Zone Labs, LLC) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Flexera Software, Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ZoneAlarm Client] => C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [919016 2007-11-14] (Zone Labs, LLC)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-09-07] (AVAST Software)
HKU\S-1-5-21-117609710-602162358-1177238915-1003\...\Run: [SwanSoft CNC: FANUC 0i T] => Regsvr32.exe "C:\Documents and Settings\Owner\Local Settings\Application Data\SwanSoft CNC: FANUC 0i T\kuwmexng.dll"
HKU\S-1-5-21-117609710-602162358-1177238915-1003\...\Run: [tsiVideo] => rundll32.exe C:\DOCUME~1\Owner\LOCALS~1\Temp\\mdi064.dll,asdasd <===== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-09-07] (AVAST Software)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-07-15]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.243.0.12
Tcpip\..\Interfaces\{B835AF2C-F877-4355-AB86-25CF29ED734D}: [DhcpNameServer] 192.168.1.1 71.243.0.12
Internet Explorer:
==================
HKU\S-1-5-21-117609710-602162358-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-117609710-602162358-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-20] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-07] (AVAST Software)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-20] (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-117609710-602162358-1177238915-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1331722979203
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default
FF Homepage: hxxps://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll [2015-01-31] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-20] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\searchplugins\java-api.xml [2014-07-02]
FF Extension: Low Quality Flash - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\Extensions\low_quality_flash@pie2k.com [2015-05-29]
FF Extension: WOT - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-09-07]
FF Extension: YouTube Flash Video Player - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898} [2015-09-04]
FF Extension: YouTube™ Flash® Player - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2015-01-24]
FF Extension: Video Downloader - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\Extensions\yiddxjamun@yiddxjamun.org.xpi [2004-08-03]
FF Extension: YouTube High Definition - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-07-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-12-09]
FF HKLM\...\Firefox\Extensions: [quiknowledge@quiknowledge.com] - C:\Program Files\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-07]
Chrome:
=======
CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-07]
CHR HKLM\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files\TornTV.com\torn10.crx <not found>
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-07] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-09-07] (AVAST Software)
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [89192 2012-10-06] (Dassault Systèmes SolidWorks Corp.)
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-12-09] (Flexera Software, Inc.)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [3750400 2009-12-16] (SafeNet Inc.)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S3 ICDSPTSV; C:\WINDOWS\system32\IcdSptSv.exe [69632 2003-04-01] (Sony Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-20] (Oracle Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel(R) Corporation) [File not signed]
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2012-12-09] (SolidWorks) [File not signed]
R2 vsmon; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [75304 2007-11-14] (Zone Labs, LLC)
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [356864 2009-08-20] (Aladdin Knowledge Systems Ltd.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-09-07] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26096 2015-09-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-09-07] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2015-09-07] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [256160 2015-09-07] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-09-07] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-09-07] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788784 2015-09-07] (AVAST Software)
S1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433264 2015-09-07] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [161472 2015-09-07] (AVAST Software)
R3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-09-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-09-07] (AVAST Software)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.)
S3 ICDUSB2; C:\WINDOWS\System32\Drivers\ICDUSB2.sys [39048 2002-11-28] (Sony Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46080 2006-03-09] (Sonic Solutions) [File not signed]
R0 srescan; C:\WINDOWS\System32\ZoneLabs\srescan.sys [51176 2011-06-14] (Zone Labs, LLC)
R1 vcdrom; C:\Temp\Win Virtual CDROM\VCdRom.sys [8576 2001-12-19] (Microsoft Corporation) [File not signed]
R1 vsdatant; C:\WINDOWS\System32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)
S3 cpuz136; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz136\cpuz136_x32.sys [X]
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-12 00:36 - 2015-09-12 00:40 - 00000000 ____D C:\FRST
2015-09-11 20:33 - 2015-09-11 20:33 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
2015-09-07 20:24 - 2015-09-07 20:24 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\AVAST Software
2015-09-07 20:23 - 2015-09-07 20:23 - 00001749 _____ C:\Documents and Settings\All Users\Desktop\Avast SafeZone.lnk
2015-09-07 20:23 - 2015-09-07 20:23 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Internet Security.lnk
2015-09-07 20:23 - 2015-09-07 20:23 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-09-07 20:22 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2015-09-07 20:21 - 2015-09-07 20:22 - 00010067 _____ C:\WINDOWS\Wdf01009Inst.log
2015-09-07 20:21 - 2015-09-07 20:22 - 00000000 ____D C:\WINDOWS\LastGood
2015-09-07 20:21 - 2015-09-07 20:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$
2015-09-07 20:19 - 2015-09-11 20:19 - 00000314 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-09-07 20:17 - 2015-09-07 20:17 - 00788784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-09-07 20:17 - 2015-09-07 20:17 - 00256160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdis2.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00161472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-09-07 20:17 - 2015-09-07 20:17 - 00026096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00012112 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswNdis.sys
2015-09-07 20:15 - 2015-09-07 20:15 - 00000000 ____D C:\Program Files\AVAST Software
2015-09-07 20:12 - 2015-09-07 20:12 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ipjpydmj.sys
2015-09-07 18:23 - 2015-09-07 18:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-09-07 18:20 - 2015-07-28 19:29 - 214939448 _____ (AVAST Software) C:\Documents and Settings\All Users\Desktop\avast_internet_security_setup.exe
2015-09-07 16:08 - 2015-04-13 20:52 - 00050688 _____ (Atribune.org) C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
2015-09-01 20:42 - 2015-09-01 20:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-31 21:30 - 2015-08-31 21:30 - 00000000 ____D C:\Program Files\Common Files\Nero
2015-08-31 21:26 - 2015-08-31 21:26 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\HTC MediaHub
2015-08-31 21:17 - 2015-08-31 21:17 - 00000000 ____D C:\Documents and Settings\Administrator\IETldCache
2015-08-31 20:56 - 2015-08-31 21:23 - 00000000 ___SD C:\Documents and Settings\Administrator
2015-08-31 19:54 - 2015-08-31 21:24 - 00000000 ____D C:\Documents and Settings\Owner\Start Menu\Programs\Dropbox(2)
2015-08-31 19:50 - 2015-09-11 23:55 - 00000988 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-117609710-602162358-1177238915-1003UA.job
2015-08-31 19:50 - 2015-09-11 19:55 - 00000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-117609710-602162358-1177238915-1003Core.job
2015-08-31 19:50 - 2015-08-31 19:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Dropbox
2015-08-31 06:25 - 2015-08-31 06:31 - 00000005 _____ C:\WINDOWS\system32\lMMLDeleteUserData42107612FX.tmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-12 00:40 - 2011-06-14 05:41 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Temp
2015-09-12 00:19 - 2011-06-13 11:27 - 00761922 _____ C:\WINDOWS\setupapi.log
2015-09-11 22:19 - 2013-04-18 22:19 - 00000216 _____ C:\WINDOWS\Tasks\AutoKMSDaily.job
2015-09-11 08:55 - 2011-06-14 05:41 - 00032626 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-08 15:00 - 2014-10-15 06:35 - 00000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-09-07 20:22 - 2011-06-13 11:30 - 00900350 _____ C:\WINDOWS\FaxSetup.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00463501 _____ C:\WINDOWS\ocgen.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00354973 _____ C:\WINDOWS\tsoc.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00310463 _____ C:\WINDOWS\comsetup.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00189078 _____ C:\WINDOWS\ntdtcsetup.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00140515 _____ C:\WINDOWS\iis6.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00050789 _____ C:\WINDOWS\ocmsn.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00046078 _____ C:\WINDOWS\msgsocm.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00001355 _____ C:\WINDOWS\imsins.log
2015-09-07 20:08 - 2011-06-13 21:39 - 01093905 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-07 20:07 - 2014-10-15 06:35 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-09-07 20:07 - 2011-06-14 07:25 - 00352185 _____ C:\WINDOWS\system32\vsconfig.xml
2015-09-07 20:07 - 2011-06-14 07:25 - 00004212 ____H C:\WINDOWS\system32\zllictbl.dat
2015-09-07 20:07 - 2011-06-13 11:32 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-09-07 20:07 - 2011-06-13 11:32 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-09-07 20:06 - 2013-04-18 22:19 - 00000216 _____ C:\WINDOWS\Tasks\AutoKMS.job
2015-09-07 20:06 - 2011-06-14 05:41 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
2015-09-07 20:06 - 2011-06-14 05:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-07 19:56 - 2011-06-14 07:17 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-09-07 19:56 - 2011-06-14 07:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Symantec
2015-09-07 19:36 - 2012-11-11 17:40 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2015-09-07 19:36 - 2006-01-05 05:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-07 19:35 - 2011-06-14 05:41 - 00000000 ____D C:\Documents and Settings\Owner
2015-09-07 15:07 - 2011-06-13 11:26 - 00172590 _____ C:\WINDOWS\setupact.log
2015-09-05 12:53 - 2014-05-25 13:35 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\pool pool
2015-09-01 20:43 - 2015-01-12 22:14 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-01 20:43 - 2011-06-14 08:02 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-09-01 20:36 - 2014-03-30 18:09 - 00000000 ____D C:\Program Files\Paragon Software
2015-09-01 20:21 - 2015-01-17 20:31 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Dropbox
2015-08-31 22:12 - 2015-01-17 20:37 - 00000000 ___RD C:\Documents and Settings\Owner\My Documents\Dropbox
2015-08-31 21:45 - 2011-06-13 11:26 - 00296456 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-31 21:45 - 2004-08-03 21:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-31 21:42 - 2011-06-14 05:41 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-08-31 21:42 - 2011-06-13 21:43 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-08-31 21:41 - 2011-06-13 21:38 - 00000000 ____D C:\WINDOWS\Registration
2015-08-31 21:30 - 2015-02-01 18:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HTC
2015-08-31 21:26 - 2015-02-01 18:13 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\HTC
2015-08-31 21:26 - 2015-02-01 18:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HTC
2015-08-30 22:15 - 2015-03-21 12:55 - 00000000 ____D C:\Documents and Settings\Owner\.freemind
2015-08-30 21:12 - 2015-03-21 13:04 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Free Mind_______
==================== Files in the root of some directories =======
2014-02-17 20:58 - 2014-02-17 20:58 - 0000138 _____ () C:\Documents and Settings\Owner\Application Data\wpstate.ini
2012-03-10 19:29 - 2015-06-07 20:17 - 0049664 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\Temp\mdi064.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-09-2015 01
Ran by Owner (2015-09-12 00:41:25)
Running from C:\Documents and Settings\Owner\My Documents\Downloads\TechSpot tools 9-2015\Farbar First 32 bit\FRST-OlderVersion
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2011-06-14 05:42:42)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-117609710-602162358-1177238915-500 - Administrator - Enabled)
Guest (S-1-5-21-117609710-602162358-1177238915-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-117609710-602162358-1177238915-1000 - Limited - Disabled)
Owner (S-1-5-21-117609710-602162358-1177238915-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-117609710-602162358-1177238915-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Pro Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat 8 Professional (HKLM\...\Adobe Acrobat 8 Professional) (Version: 8.0.0 - Adobe Systems)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arduino (HKLM\...\Arduino) (Version: 1.0.5-r2 - Arduino LLC)
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avast Internet Security (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bootstrapper (Version: 1.1.0.0 - Minitab, Inc.) Hidden
BS.Player PRO (HKLM\...\BSPlayerp) (Version: 2.56.1043 - Webteh, d.o.o.)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc)
DWGeditor (Version: 18.21.12 - SolidWorks) Hidden
EaseUS Partition Master 9.3.0 (HKLM\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Flash Movie Player 1.5 (HKLM\...\Flash Movie Player) (Version: 1.5 - Eolsoft)
FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
Hetman Partition Recovery 2.1 (HKLM\...\Hetman Partition Recovery) (Version: - )
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.37.2 - HTC)
Intel(R) Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel(R) PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - )
Intel(R) PROSet for Wired Connections (HKLM\...\{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}) (Version: 8.00.5000 - Dell)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Mavis Beacon Teaches Typing 9.0.0 (HKLM\...\MavisBeacon9) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM\...\Office14.PRJPRO) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Minitab 16 (HKLM\...\Minitab16) (Version: 16.1.1 - Minitab, Inc.)
Minitab Software Update Manager (HKLM\...\MinitabSoftwareManager) (Version: 1.1.0.0 - Minitab, Inc.)
Minitab16 (Version: 16.1.1.0 - Minitab Inc) Hidden
Minitab16 (Version: 16.1.1.0 - Minitab, Inc.) Hidden
Minitab16 (Version: 16.1.1.1 - Minitab Inc) Hidden
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
MPLAB Tools v8.70 (HKLM\...\InstallShield_{04BCCDE5-83FF-4507-A0DF-8DA962DC1712}) (Version: 8.70 - Microchip Technology Inc.)
MPLAB Tools v8.70 (Version: 8.70 - Microchip Technology Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Paragon Partition Manager™ 12 Professional (HKLM\...\{A35001F0-F1E4-11DD-A38B-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PhotoView 360 (Version: 18.21.12 - SolidWorks Corporation) Hidden
ProjectLibre (HKLM\...\{E29A4ED9-3192-4D72-A2E2-9C32B512714D}) (Version: 1.5.19.0 - ProjectLibre)
Quicken WillMaker Plus 2013 (HKLM\...\{8065044B-2AF3-434E-A6E2-B7C60CDB978B}) (Version: 1.0.0.0 - Nolo)
Quiknowledge (HKLM\...\Quiknowledge) (Version: 1.9.0.3 - Quiknowledge) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6316 - Realtek Semiconductor Corp.)
SoftwareManager (Version: 1.1.0.0 - Minitab, Inc.) Hidden
SolidWorks 2010 SP02.1 (HKLM\...\SolidWorks Installation Manager 20100-40201-1100-200) (Version: 18.2.1.12 - SolidWorks Corporation)
SolidWorks 2010 SP02.1 (Version: 18.121.12 - SolidWorks) Hidden
SolidWorks 2012 SP05 (HKLM\...\SolidWorks Installation Manager 20120-40500-1100-200) (Version: 20.5.0.80 - SolidWorks Corporation)
SolidWorks 2012 SP05 (Version: 20.150.80 - SolidWorks) Hidden
SolidWorks eDrawings 2010 (Version: 10.2.122 - Dassault Systèmes SolidWorks Corp.) Hidden
SolidWorks eDrawings 2012 SP05 (Version: 12.5.114 - Dassault Systèmes SolidWorks Corp.) Hidden
SolidWorks Explorer 2012 SP05 (Version: 20.50.80 - SolidWorks Corporation) Hidden
Sony Digital Voice Editor 3 (HKLM\...\Sony Digital Voice Editor 3) (Version: - )
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
The QI Macros for Excel (HKLM\...\The QI Macros for Excel) (Version: Excel 2000-2010 - KnowWare International Inc)
TLP LogixPro Simulator (HKLM\...\LogixPro PLC Simulator_is1) (Version: - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-117609710-602162358-1177238915-1003\...\WinDirStat) (Version: - )
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WinZip (HKLM\...\WinZip) (Version: 10.0 (6698) - WinZip Computing LP)
XMind 2013 (v3.4.1) (HKLM\...\XMind_is1) (Version: 3.4.1.201401221918 - XMind Ltd.)
ZoneAlarm Pro (HKLM\...\ZoneAlarm Pro) (Version: 7.0.462.000 - Check Point, Inc)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-117609710-602162358-1177238915-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-117609710-602162358-1177238915-1003_Classes\CLSID\{08561A80-72D2-7B13-980E-CB624AB9A0BC}\InprocServer32 -> C:\WINDOWS\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-117609710-602162358-1177238915-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No File
==================== Restore Points =========================
01-08-2015 19:59:21 System Checkpoint
02-08-2015 20:33:45 System Checkpoint
03-08-2015 22:15:57 System Checkpoint
04-08-2015 22:46:58 System Checkpoint
05-08-2015 23:03:08 System Checkpoint
06-08-2015 23:06:36 System Checkpoint
07-08-2015 23:10:12 System Checkpoint
09-08-2015 00:09:04 System Checkpoint
10-08-2015 00:14:46 System Checkpoint
11-08-2015 01:14:50 System Checkpoint
12-08-2015 02:09:15 System Checkpoint
13-08-2015 03:07:52 System Checkpoint
14-08-2015 04:06:31 System Checkpoint
15-08-2015 04:10:46 System Checkpoint
16-08-2015 04:18:58 System Checkpoint
17-08-2015 04:25:42 System Checkpoint
18-08-2015 05:20:12 System Checkpoint
19-08-2015 06:20:13 System Checkpoint
20-08-2015 07:20:09 System Checkpoint
21-08-2015 08:20:13 System Checkpoint
22-08-2015 09:20:10 System Checkpoint
23-08-2015 10:20:13 System Checkpoint
24-08-2015 11:20:09 System Checkpoint
25-08-2015 12:20:09 System Checkpoint
26-08-2015 13:20:09 System Checkpoint
27-08-2015 14:20:09 System Checkpoint
28-08-2015 15:20:09 System Checkpoint
29-08-2015 16:20:09 System Checkpoint
30-08-2015 17:20:11 System Checkpoint
31-08-2015 06:31:22 Removed HTC Sync Manager.
31-08-2015 21:21:15 Restore Operation
02-09-2015 00:26:10 System Checkpoint
03-09-2015 01:16:56 System Checkpoint
04-09-2015 02:10:06 System Checkpoint
05-09-2015 03:05:24 System Checkpoint
06-09-2015 03:58:05 System Checkpoint
07-09-2015 04:00:29 System Checkpoint
07-09-2015 19:34:38 Removed Symantec Endpoint Protection.
07-09-2015 19:53:09 Removed Symantec Endpoint Protection.
07-09-2015 20:15:48 avast! antivirus system restore point
07-09-2015 20:22:05 Installed Windows XP Wdf01009.
08-09-2015 21:17:15 System Checkpoint
09-09-2015 22:15:54 System Checkpoint
10-09-2015 23:14:36 System Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-08-03 21:00 - 2004-08-03 21:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-117609710-602162358-1177238915-1003Core.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-117609710-602162358-1177238915-1003UA.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Minitab Software Update Manager.job => C:\Program Files\Common Files\Minitab Shared\Software Manager\SoftwareManager.exe
==================== Loaded Modules (Whitelisted) ==============
2011-06-14 07:25 - 2007-11-14 15:06 - 00026096 _____ () C:\WINDOWS\system32\zonelabs\lib\pyd\signedDll.pyd
2011-06-14 07:25 - 2007-11-14 15:06 - 00026096 _____ () C:\WINDOWS\system32\zonelabs\lib\pyd\pyvsinit.pyd
2011-06-14 07:25 - 2007-11-14 15:06 - 00144880 _____ () C:\WINDOWS\system32\zonelabs\lib\pyd\pyexpat.pyd
2011-06-14 07:25 - 2007-11-14 15:06 - 00046576 _____ () C:\WINDOWS\system32\zonelabs\lib\pyd\_socket.pyd
2011-06-14 07:25 - 2007-11-14 15:04 - 00796048 _____ () C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-12-18 15:25 - 2014-12-18 15:25 - 00031080 _____ () C:\Program Files\HTC\HTC Sync Manager\DbAccess.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00607376 _____ () C:\Program Files\HTC\HTC Sync Manager\sqlite3.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00059752 _____ () C:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00036216 _____ () C:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00080248 _____ () C:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2011-06-14 07:25 - 2007-11-14 15:06 - 00194032 _____ () C:\WINDOWS\system32\ZoneLabs\lib\pyd\zpui.pyd
2011-06-14 07:25 - 2007-11-14 15:06 - 00144880 _____ () C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyexpat.pyd
2015-09-07 20:17 - 2015-09-07 20:17 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-07 20:17 - 2015-09-07 20:17 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-07 20:18 - 2015-09-07 20:18 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15072800\algo.dll
2015-09-11 18:27 - 2015-09-11 18:27 - 02962944 _____ () C:\Program Files\AVAST Software\Avast\defs\15091109\algo.dll
2015-09-07 20:17 - 2015-09-07 20:17 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Documents and Settings\Owner\Desktop\Bible Chapter Titles.pdf:com.dropbox.attributes
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-117609710-602162358-1177238915-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 192.168.1.1 - 71.243.0.12
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
DomainProfile\AuthorizedApplications: [C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe] => Enabled:HTCSyncManager
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\GROOVE.EXE] => Enabled:Microsoft SharePoint Workspace
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE] => Enabled:Microsoft OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\hasplms.exe] => Enabled:HASP LLM
StandardProfile\AuthorizedApplications: [C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe] => Enabled:HTCSyncManager
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/07/2015 08:31:56 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
Error: (09/07/2015 07:56:27 PM) (Source: Automatic LiveUpdate Scheduler) (EventID: 101) (User: NT AUTHORITY)
Description: errorFailed unregistering service.
Error: (09/07/2015 07:52:53 PM) (Source: Symantec AntiVirus) (EventID: 14) (User: )
Description: Symantec Endpoint Protection services failed to start. (2000005F)Application has encountered an error.
For more information, please go to: http://www.symantec.com/techsupp/se...ish&module=1000&error=0011&build=symantec_ent
Error: (09/07/2015 07:51:40 PM) (Source: SescLU) (EventID: 13) (User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.
Error: (09/07/2015 07:34:38 PM) (Source: MsiInstaller) (EventID: 11719) (User: NO-COMP-NM)
Description: Product: Symantec Endpoint Protection -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.
Error: (09/07/2015 07:33:09 PM) (Source: MsiInstaller) (EventID: 11500) (User: NO-COMP-NM)
Description: Product: Symantec Endpoint Protection -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
Error: (09/07/2015 07:31:56 PM) (Source: MsiInstaller) (EventID: 11500) (User: NO-COMP-NM)
Description: Product: Symantec Endpoint Protection -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
Error: (09/07/2015 07:31:55 PM) (Source: MsiInstaller) (EventID: 11500) (User: NO-COMP-NM)
Description: Product: Symantec Endpoint Protection -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
Error: (09/07/2015 07:31:54 PM) (Source: MsiInstaller) (EventID: 11500) (User: NO-COMP-NM)
Description: Product: Symantec Endpoint Protection -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
Error: (09/07/2015 07:31:54 PM) (Source: MsiInstaller) (EventID: 11500) (User: NO-COMP-NM)
Description: Product: Symantec Endpoint Protection -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
System errors:
=============
Error: (09/11/2015 03:00:49 AM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-
Error: (09/11/2015 02:00:25 AM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-
Error: (09/11/2015 01:00:08 AM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-
Error: (09/10/2015 11:59:48 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-
Error: (09/10/2015 10:24:34 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-
Error: (09/10/2015 08:47:57 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-
Error: (09/10/2015 06:47:33 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-
Error: (09/10/2015 05:36:33 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-
Error: (09/10/2015 04:00:20 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-
Error: (09/10/2015 01:59:55 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-
Microsoft Office:
=========================
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of memory in use: 35%
Total physical RAM: 2045.98 MB
Available physical RAM: 1315.05 MB
Total Virtual: 3942.64 MB
Available Virtual: 3169.35 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:76.68 GB) (Free:14.62 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive f: (BIG_BACKUP) (Fixed) (Total:37.25 GB) (Free:37.07 GB) FAT32 ==>[drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 76.7 GB) (Disk ID: ED00ED00)
Partition 1: (Active) - (Size=76.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 60E154B1)
Partition 1: (Active) - (Size=37.3 GB) - (Type=0C)
==================== End of Addition.txt ============================
I have downloaded all the tools you noted in previous posts but only ran Farbar so far. Your assistance is appreciated. This is XP SP3 on a Dell 3000 tower but I can see that everything is exposed from running Farbar. End first post 9-12-2015 1am
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-09-2015 01
Ran by Owner (administrator) on NO-COMP-NM (12-09-2015 00:40:14)
Running from C:\Documents and Settings\Owner\My Documents\Downloads\TechSpot tools 9-2015\Farbar First 32 bit\FRST-OlderVersion
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Zone Labs, LLC) C:\WINDOWS\system32\ZoneLabs\vsmon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SafeNet Inc.) C:\WINDOWS\system32\hasplms.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Zone Labs, LLC) C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Flexera Software, Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152 2006-10-22] (Adobe Systems Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ZoneAlarm Client] => C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [919016 2007-11-14] (Zone Labs, LLC)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-09-07] (AVAST Software)
HKU\S-1-5-21-117609710-602162358-1177238915-1003\...\Run: [SwanSoft CNC: FANUC 0i T] => Regsvr32.exe "C:\Documents and Settings\Owner\Local Settings\Application Data\SwanSoft CNC: FANUC 0i T\kuwmexng.dll"
HKU\S-1-5-21-117609710-602162358-1177238915-1003\...\Run: [tsiVideo] => rundll32.exe C:\DOCUME~1\Owner\LOCALS~1\Temp\\mdi064.dll,asdasd <===== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-09-07] (AVAST Software)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-07-15]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.243.0.12
Tcpip\..\Interfaces\{B835AF2C-F877-4355-AB86-25CF29ED734D}: [DhcpNameServer] 192.168.1.1 71.243.0.12
Internet Explorer:
==================
HKU\S-1-5-21-117609710-602162358-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-117609710-602162358-1177238915-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-20] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-07] (AVAST Software)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-20] (Oracle Corporation)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-117609710-602162358-1177238915-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1331722979203
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default
FF Homepage: hxxps://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll [2015-01-31] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-20] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\searchplugins\java-api.xml [2014-07-02]
FF Extension: Low Quality Flash - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\Extensions\low_quality_flash@pie2k.com [2015-05-29]
FF Extension: WOT - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-09-07]
FF Extension: YouTube Flash Video Player - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898} [2015-09-04]
FF Extension: YouTube™ Flash® Player - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2015-01-24]
FF Extension: Video Downloader - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\Extensions\yiddxjamun@yiddxjamun.org.xpi [2004-08-03]
FF Extension: YouTube High Definition - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mqcn8t6w.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-07-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-12-09]
FF HKLM\...\Firefox\Extensions: [quiknowledge@quiknowledge.com] - C:\Program Files\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-07]
Chrome:
=======
CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-07]
CHR HKLM\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files\TornTV.com\torn10.crx <not found>
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-07] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-09-07] (AVAST Software)
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [89192 2012-10-06] (Dassault Systèmes SolidWorks Corp.)
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-12-09] (Flexera Software, Inc.)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [3750400 2009-12-16] (SafeNet Inc.)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S3 ICDSPTSV; C:\WINDOWS\system32\IcdSptSv.exe [69632 2003-04-01] (Sony Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-20] (Oracle Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel(R) Corporation) [File not signed]
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2012-12-09] (SolidWorks) [File not signed]
R2 vsmon; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [75304 2007-11-14] (Zone Labs, LLC)
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [356864 2009-08-20] (Aladdin Knowledge Systems Ltd.)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-09-07] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [26096 2015-09-07] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-09-07] (AVAST Software)
R0 aswNdis; C:\WINDOWS\System32\DRIVERS\aswNdis.sys [12112 2015-09-07] (ALWIL Software)
R0 aswNdis2; C:\WINDOWS\system32\Drivers\aswNdis2.sys [256160 2015-09-07] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-09-07] (AVAST Software)
S0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-09-07] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [788784 2015-09-07] (AVAST Software)
S1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433264 2015-09-07] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [161472 2015-09-07] (AVAST Software)
R3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-09-07] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-09-07] (AVAST Software)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.)
S3 ICDUSB2; C:\WINDOWS\System32\Drivers\ICDUSB2.sys [39048 2002-11-28] (Sony Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46080 2006-03-09] (Sonic Solutions) [File not signed]
R0 srescan; C:\WINDOWS\System32\ZoneLabs\srescan.sys [51176 2011-06-14] (Zone Labs, LLC)
R1 vcdrom; C:\Temp\Win Virtual CDROM\VCdRom.sys [8576 2001-12-19] (Microsoft Corporation) [File not signed]
R1 vsdatant; C:\WINDOWS\System32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)
S3 cpuz136; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz136\cpuz136_x32.sys [X]
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-12 00:36 - 2015-09-12 00:40 - 00000000 ____D C:\FRST
2015-09-11 20:33 - 2015-09-11 20:33 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
2015-09-07 20:24 - 2015-09-07 20:24 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\AVAST Software
2015-09-07 20:23 - 2015-09-07 20:23 - 00001749 _____ C:\Documents and Settings\All Users\Desktop\Avast SafeZone.lnk
2015-09-07 20:23 - 2015-09-07 20:23 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Internet Security.lnk
2015-09-07 20:23 - 2015-09-07 20:23 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-09-07 20:22 - 2008-11-07 18:55 - 00016928 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2015-09-07 20:21 - 2015-09-07 20:22 - 00010067 _____ C:\WINDOWS\Wdf01009Inst.log
2015-09-07 20:21 - 2015-09-07 20:22 - 00000000 ____D C:\WINDOWS\LastGood
2015-09-07 20:21 - 2015-09-07 20:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$
2015-09-07 20:19 - 2015-09-11 20:19 - 00000314 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-09-07 20:17 - 2015-09-07 20:17 - 00788784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00313472 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-09-07 20:17 - 2015-09-07 20:17 - 00256160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdis2.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00208664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00161472 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00076000 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00057888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00055200 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00049776 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-09-07 20:17 - 2015-09-07 20:17 - 00026096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00024016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-09-07 20:17 - 2015-09-07 20:17 - 00012112 _____ (ALWIL Software) C:\WINDOWS\system32\Drivers\aswNdis.sys
2015-09-07 20:15 - 2015-09-07 20:15 - 00000000 ____D C:\Program Files\AVAST Software
2015-09-07 20:12 - 2015-09-07 20:12 - 00433264 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ipjpydmj.sys
2015-09-07 18:23 - 2015-09-07 18:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-09-07 18:20 - 2015-07-28 19:29 - 214939448 _____ (AVAST Software) C:\Documents and Settings\All Users\Desktop\avast_internet_security_setup.exe
2015-09-07 16:08 - 2015-04-13 20:52 - 00050688 _____ (Atribune.org) C:\Documents and Settings\Owner\Desktop\ATF-Cleaner.exe
2015-09-01 20:42 - 2015-09-01 20:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-31 21:30 - 2015-08-31 21:30 - 00000000 ____D C:\Program Files\Common Files\Nero
2015-08-31 21:26 - 2015-08-31 21:26 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\HTC MediaHub
2015-08-31 21:17 - 2015-08-31 21:17 - 00000000 ____D C:\Documents and Settings\Administrator\IETldCache
2015-08-31 20:56 - 2015-08-31 21:23 - 00000000 ___SD C:\Documents and Settings\Administrator
2015-08-31 19:54 - 2015-08-31 21:24 - 00000000 ____D C:\Documents and Settings\Owner\Start Menu\Programs\Dropbox(2)
2015-08-31 19:50 - 2015-09-11 23:55 - 00000988 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-117609710-602162358-1177238915-1003UA.job
2015-08-31 19:50 - 2015-09-11 19:55 - 00000936 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-117609710-602162358-1177238915-1003Core.job
2015-08-31 19:50 - 2015-08-31 19:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Dropbox
2015-08-31 06:25 - 2015-08-31 06:31 - 00000005 _____ C:\WINDOWS\system32\lMMLDeleteUserData42107612FX.tmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-12 00:40 - 2011-06-14 05:41 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Temp
2015-09-12 00:19 - 2011-06-13 11:27 - 00761922 _____ C:\WINDOWS\setupapi.log
2015-09-11 22:19 - 2013-04-18 22:19 - 00000216 _____ C:\WINDOWS\Tasks\AutoKMSDaily.job
2015-09-11 08:55 - 2011-06-14 05:41 - 00032626 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-08 15:00 - 2014-10-15 06:35 - 00000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-09-07 20:22 - 2011-06-13 11:30 - 00900350 _____ C:\WINDOWS\FaxSetup.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00463501 _____ C:\WINDOWS\ocgen.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00354973 _____ C:\WINDOWS\tsoc.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00310463 _____ C:\WINDOWS\comsetup.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00189078 _____ C:\WINDOWS\ntdtcsetup.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00140515 _____ C:\WINDOWS\iis6.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00050789 _____ C:\WINDOWS\ocmsn.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00046078 _____ C:\WINDOWS\msgsocm.log
2015-09-07 20:22 - 2011-06-13 11:30 - 00001355 _____ C:\WINDOWS\imsins.log
2015-09-07 20:08 - 2011-06-13 21:39 - 01093905 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-07 20:07 - 2014-10-15 06:35 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-09-07 20:07 - 2011-06-14 07:25 - 00352185 _____ C:\WINDOWS\system32\vsconfig.xml
2015-09-07 20:07 - 2011-06-14 07:25 - 00004212 ____H C:\WINDOWS\system32\zllictbl.dat
2015-09-07 20:07 - 2011-06-13 11:32 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-09-07 20:07 - 2011-06-13 11:32 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-09-07 20:06 - 2013-04-18 22:19 - 00000216 _____ C:\WINDOWS\Tasks\AutoKMS.job
2015-09-07 20:06 - 2011-06-14 05:41 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
2015-09-07 20:06 - 2011-06-14 05:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-07 19:56 - 2011-06-14 07:17 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-09-07 19:56 - 2011-06-14 07:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Symantec
2015-09-07 19:36 - 2012-11-11 17:40 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2015-09-07 19:36 - 2006-01-05 05:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-07 19:35 - 2011-06-14 05:41 - 00000000 ____D C:\Documents and Settings\Owner
2015-09-07 15:07 - 2011-06-13 11:26 - 00172590 _____ C:\WINDOWS\setupact.log
2015-09-05 12:53 - 2014-05-25 13:35 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\pool pool
2015-09-01 20:43 - 2015-01-12 22:14 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-01 20:43 - 2011-06-14 08:02 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-09-01 20:36 - 2014-03-30 18:09 - 00000000 ____D C:\Program Files\Paragon Software
2015-09-01 20:21 - 2015-01-17 20:31 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Dropbox
2015-08-31 22:12 - 2015-01-17 20:37 - 00000000 ___RD C:\Documents and Settings\Owner\My Documents\Dropbox
2015-08-31 21:45 - 2011-06-13 11:26 - 00296456 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-31 21:45 - 2004-08-03 21:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-31 21:42 - 2011-06-14 05:41 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-08-31 21:42 - 2011-06-13 21:43 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-08-31 21:41 - 2011-06-13 21:38 - 00000000 ____D C:\WINDOWS\Registration
2015-08-31 21:30 - 2015-02-01 18:01 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HTC
2015-08-31 21:26 - 2015-02-01 18:13 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\HTC
2015-08-31 21:26 - 2015-02-01 18:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HTC
2015-08-30 22:15 - 2015-03-21 12:55 - 00000000 ____D C:\Documents and Settings\Owner\.freemind
2015-08-30 21:12 - 2015-03-21 13:04 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Free Mind_______
==================== Files in the root of some directories =======
2014-02-17 20:58 - 2014-02-17 20:58 - 0000138 _____ () C:\Documents and Settings\Owner\Application Data\wpstate.ini
2012-03-10 19:29 - 2015-06-07 20:17 - 0049664 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\Temp\mdi064.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-09-2015 01
Ran by Owner (2015-09-12 00:41:25)
Running from C:\Documents and Settings\Owner\My Documents\Downloads\TechSpot tools 9-2015\Farbar First 32 bit\FRST-OlderVersion
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2011-06-14 05:42:42)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-117609710-602162358-1177238915-500 - Administrator - Enabled)
Guest (S-1-5-21-117609710-602162358-1177238915-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-117609710-602162358-1177238915-1000 - Limited - Disabled)
Owner (S-1-5-21-117609710-602162358-1177238915-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-117609710-602162358-1177238915-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Pro Firewall (Disabled) {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat 8 Professional (HKLM\...\Adobe Acrobat 8 Professional) (Version: 8.0.0 - Adobe Systems)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arduino (HKLM\...\Arduino) (Version: 1.0.5-r2 - Arduino LLC)
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avast Internet Security (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bootstrapper (Version: 1.1.0.0 - Minitab, Inc.) Hidden
BS.Player PRO (HKLM\...\BSPlayerp) (Version: 2.56.1043 - Webteh, d.o.o.)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc)
DWGeditor (Version: 18.21.12 - SolidWorks) Hidden
EaseUS Partition Master 9.3.0 (HKLM\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Flash Movie Player 1.5 (HKLM\...\Flash Movie Player) (Version: 1.5 - Eolsoft)
FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
Hetman Partition Recovery 2.1 (HKLM\...\Hetman Partition Recovery) (Version: - )
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.37.2 - HTC)
Intel(R) Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel(R) PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - )
Intel(R) PROSet for Wired Connections (HKLM\...\{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}) (Version: 8.00.5000 - Dell)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Mavis Beacon Teaches Typing 9.0.0 (HKLM\...\MavisBeacon9) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM\...\Office14.PRJPRO) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Minitab 16 (HKLM\...\Minitab16) (Version: 16.1.1 - Minitab, Inc.)
Minitab Software Update Manager (HKLM\...\MinitabSoftwareManager) (Version: 1.1.0.0 - Minitab, Inc.)
Minitab16 (Version: 16.1.1.0 - Minitab Inc) Hidden
Minitab16 (Version: 16.1.1.0 - Minitab, Inc.) Hidden
Minitab16 (Version: 16.1.1.1 - Minitab Inc) Hidden
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
MPLAB Tools v8.70 (HKLM\...\InstallShield_{04BCCDE5-83FF-4507-A0DF-8DA962DC1712}) (Version: 8.70 - Microchip Technology Inc.)
MPLAB Tools v8.70 (Version: 8.70 - Microchip Technology Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Paragon Partition Manager™ 12 Professional (HKLM\...\{A35001F0-F1E4-11DD-A38B-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PhotoView 360 (Version: 18.21.12 - SolidWorks Corporation) Hidden
ProjectLibre (HKLM\...\{E29A4ED9-3192-4D72-A2E2-9C32B512714D}) (Version: 1.5.19.0 - ProjectLibre)
Quicken WillMaker Plus 2013 (HKLM\...\{8065044B-2AF3-434E-A6E2-B7C60CDB978B}) (Version: 1.0.0.0 - Nolo)
Quiknowledge (HKLM\...\Quiknowledge) (Version: 1.9.0.3 - Quiknowledge) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6316 - Realtek Semiconductor Corp.)
SoftwareManager (Version: 1.1.0.0 - Minitab, Inc.) Hidden
SolidWorks 2010 SP02.1 (HKLM\...\SolidWorks Installation Manager 20100-40201-1100-200) (Version: 18.2.1.12 - SolidWorks Corporation)
SolidWorks 2010 SP02.1 (Version: 18.121.12 - SolidWorks) Hidden
SolidWorks 2012 SP05 (HKLM\...\SolidWorks Installation Manager 20120-40500-1100-200) (Version: 20.5.0.80 - SolidWorks Corporation)
SolidWorks 2012 SP05 (Version: 20.150.80 - SolidWorks) Hidden
SolidWorks eDrawings 2010 (Version: 10.2.122 - Dassault Systèmes SolidWorks Corp.) Hidden
SolidWorks eDrawings 2012 SP05 (Version: 12.5.114 - Dassault Systèmes SolidWorks Corp.) Hidden
SolidWorks Explorer 2012 SP05 (Version: 20.50.80 - SolidWorks Corporation) Hidden
Sony Digital Voice Editor 3 (HKLM\...\Sony Digital Voice Editor 3) (Version: - )
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
The QI Macros for Excel (HKLM\...\The QI Macros for Excel) (Version: Excel 2000-2010 - KnowWare International Inc)
TLP LogixPro Simulator (HKLM\...\LogixPro PLC Simulator_is1) (Version: - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-117609710-602162358-1177238915-1003\...\WinDirStat) (Version: - )
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
WinZip (HKLM\...\WinZip) (Version: 10.0 (6698) - WinZip Computing LP)
XMind 2013 (v3.4.1) (HKLM\...\XMind_is1) (Version: 3.4.1.201401221918 - XMind Ltd.)
ZoneAlarm Pro (HKLM\...\ZoneAlarm Pro) (Version: 7.0.462.000 - Check Point, Inc)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-117609710-602162358-1177238915-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-117609710-602162358-1177238915-1003_Classes\CLSID\{08561A80-72D2-7B13-980E-CB624AB9A0BC}\InprocServer32 -> C:\WINDOWS\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-117609710-602162358-1177238915-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No File
==================== Restore Points =========================
01-08-2015 19:59:21 System Checkpoint
02-08-2015 20:33:45 System Checkpoint
03-08-2015 22:15:57 System Checkpoint
04-08-2015 22:46:58 System Checkpoint
05-08-2015 23:03:08 System Checkpoint
06-08-2015 23:06:36 System Checkpoint
07-08-2015 23:10:12 System Checkpoint
09-08-2015 00:09:04 System Checkpoint
10-08-2015 00:14:46 System Checkpoint
11-08-2015 01:14:50 System Checkpoint
12-08-2015 02:09:15 System Checkpoint
13-08-2015 03:07:52 System Checkpoint
14-08-2015 04:06:31 System Checkpoint
15-08-2015 04:10:46 System Checkpoint
16-08-2015 04:18:58 System Checkpoint
17-08-2015 04:25:42 System Checkpoint
18-08-2015 05:20:12 System Checkpoint
19-08-2015 06:20:13 System Checkpoint
20-08-2015 07:20:09 System Checkpoint
21-08-2015 08:20:13 System Checkpoint
22-08-2015 09:20:10 System Checkpoint
23-08-2015 10:20:13 System Checkpoint
24-08-2015 11:20:09 System Checkpoint
25-08-2015 12:20:09 System Checkpoint
26-08-2015 13:20:09 System Checkpoint
27-08-2015 14:20:09 System Checkpoint
28-08-2015 15:20:09 System Checkpoint
29-08-2015 16:20:09 System Checkpoint
30-08-2015 17:20:11 System Checkpoint
31-08-2015 06:31:22 Removed HTC Sync Manager.
31-08-2015 21:21:15 Restore Operation
02-09-2015 00:26:10 System Checkpoint
03-09-2015 01:16:56 System Checkpoint
04-09-2015 02:10:06 System Checkpoint
05-09-2015 03:05:24 System Checkpoint
06-09-2015 03:58:05 System Checkpoint
07-09-2015 04:00:29 System Checkpoint
07-09-2015 19:34:38 Removed Symantec Endpoint Protection.
07-09-2015 19:53:09 Removed Symantec Endpoint Protection.
07-09-2015 20:15:48 avast! antivirus system restore point
07-09-2015 20:22:05 Installed Windows XP Wdf01009.
08-09-2015 21:17:15 System Checkpoint
09-09-2015 22:15:54 System Checkpoint
10-09-2015 23:14:36 System Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-08-03 21:00 - 2004-08-03 21:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-117609710-602162358-1177238915-1003Core.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-117609710-602162358-1177238915-1003UA.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Minitab Software Update Manager.job => C:\Program Files\Common Files\Minitab Shared\Software Manager\SoftwareManager.exe
==================== Loaded Modules (Whitelisted) ==============
2011-06-14 07:25 - 2007-11-14 15:06 - 00026096 _____ () C:\WINDOWS\system32\zonelabs\lib\pyd\signedDll.pyd
2011-06-14 07:25 - 2007-11-14 15:06 - 00026096 _____ () C:\WINDOWS\system32\zonelabs\lib\pyd\pyvsinit.pyd
2011-06-14 07:25 - 2007-11-14 15:06 - 00144880 _____ () C:\WINDOWS\system32\zonelabs\lib\pyd\pyexpat.pyd
2011-06-14 07:25 - 2007-11-14 15:06 - 00046576 _____ () C:\WINDOWS\system32\zonelabs\lib\pyd\_socket.pyd
2011-06-14 07:25 - 2007-11-14 15:04 - 00796048 _____ () C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-12-18 15:25 - 2014-12-18 15:25 - 00031080 _____ () C:\Program Files\HTC\HTC Sync Manager\DbAccess.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00607376 _____ () C:\Program Files\HTC\HTC Sync Manager\sqlite3.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00059752 _____ () C:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00036216 _____ () C:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-12-18 15:26 - 2014-12-18 15:26 - 00080248 _____ () C:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2011-06-14 07:25 - 2007-11-14 15:06 - 00194032 _____ () C:\WINDOWS\system32\ZoneLabs\lib\pyd\zpui.pyd
2011-06-14 07:25 - 2007-11-14 15:06 - 00144880 _____ () C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyexpat.pyd
2015-09-07 20:17 - 2015-09-07 20:17 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-07 20:17 - 2015-09-07 20:17 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-07 20:18 - 2015-09-07 20:18 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15072800\algo.dll
2015-09-11 18:27 - 2015-09-11 18:27 - 02962944 _____ () C:\Program Files\AVAST Software\Avast\defs\15091109\algo.dll
2015-09-07 20:17 - 2015-09-07 20:17 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Documents and Settings\Owner\Desktop\Bible Chapter Titles.pdf:com.dropbox.attributes
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-117609710-602162358-1177238915-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 192.168.1.1 - 71.243.0.12
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
DomainProfile\AuthorizedApplications: [C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe] => Enabled:HTCSyncManager
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\GROOVE.EXE] => Enabled:Microsoft SharePoint Workspace
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE] => Enabled:Microsoft OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\hasplms.exe] => Enabled:HASP LLM
StandardProfile\AuthorizedApplications: [C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe] => Enabled:HTCSyncManager
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/07/2015 08:31:56 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
Error: (09/07/2015 07:56:27 PM) (Source: Automatic LiveUpdate Scheduler) (EventID: 101) (User: NT AUTHORITY)
Description: errorFailed unregistering service.
Error: (09/07/2015 07:52:53 PM) (Source: Symantec AntiVirus) (EventID: 14) (User: )
Description: Symantec Endpoint Protection services failed to start. (2000005F)Application has encountered an error.
For more information, please go to: http://www.symantec.com/techsupp/se...ish&module=1000&error=0011&build=symantec_ent
Error: (09/07/2015 07:51:40 PM) (Source: SescLU) (EventID: 13) (User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.
Error: (09/07/2015 07:34:38 PM) (Source: MsiInstaller) (EventID: 11719) (User: NO-COMP-NM)
Description: Product: Symantec Endpoint Protection -- Error 1719.Windows Installer service could not be accessed. Contact your support personnel to verify that it is properly registered and enabled.
Error: (09/07/2015 07:33:09 PM) (Source: MsiInstaller) (EventID: 11500) (User: NO-COMP-NM)
Description: Product: Symantec Endpoint Protection -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
Error: (09/07/2015 07:31:56 PM) (Source: MsiInstaller) (EventID: 11500) (User: NO-COMP-NM)
Description: Product: Symantec Endpoint Protection -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
Error: (09/07/2015 07:31:55 PM) (Source: MsiInstaller) (EventID: 11500) (User: NO-COMP-NM)
Description: Product: Symantec Endpoint Protection -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
Error: (09/07/2015 07:31:54 PM) (Source: MsiInstaller) (EventID: 11500) (User: NO-COMP-NM)
Description: Product: Symantec Endpoint Protection -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
Error: (09/07/2015 07:31:54 PM) (Source: MsiInstaller) (EventID: 11500) (User: NO-COMP-NM)
Description: Product: Symantec Endpoint Protection -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.
System errors:
=============
Error: (09/11/2015 03:00:49 AM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-
Error: (09/11/2015 02:00:25 AM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-
Error: (09/11/2015 01:00:08 AM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-
Error: (09/10/2015 11:59:48 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-
Error: (09/10/2015 10:24:34 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-
Error: (09/10/2015 08:47:57 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-
Error: (09/10/2015 06:47:33 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-
Error: (09/10/2015 05:36:33 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-
Error: (09/10/2015 04:00:20 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-
Error: (09/10/2015 01:59:55 PM) (Source: 0) (EventID: 8003) (User: )
Description: \Device\LanmanDatagramReceiver2CELESTENetBT_Tcpip_{B835AF2C-F877-4355-
Microsoft Office:
=========================
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of memory in use: 35%
Total physical RAM: 2045.98 MB
Available physical RAM: 1315.05 MB
Total Virtual: 3942.64 MB
Available Virtual: 3169.35 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:76.68 GB) (Free:14.62 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive f: (BIG_BACKUP) (Fixed) (Total:37.25 GB) (Free:37.07 GB) FAT32 ==>[drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 76.7 GB) (Disk ID: ED00ED00)
Partition 1: (Active) - (Size=76.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 37.3 GB) (Disk ID: 60E154B1)
Partition 1: (Active) - (Size=37.3 GB) - (Type=0C)
==================== End of Addition.txt ============================
I have downloaded all the tools you noted in previous posts but only ran Farbar so far. Your assistance is appreciated. This is XP SP3 on a Dell 3000 tower but I can see that everything is exposed from running Farbar. End first post 9-12-2015 1am