NNasdaq , FRST successfully created both logs this time. I don't know if there is a reason for this , but the computer seems to be running a bit better . Would that fix you had me do have something to do with it? Heres the addition log.
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-09-2016
Ran by Owner (23-09-2016 11:22:04)
Running from C:\Documents and Settings\Owner\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2010-01-22 17:51:37)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1192153782-1980124124-3360170330-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1192153782-1980124124-3360170330-1004 - Limited - Enabled)
Guest (S-1-5-21-1192153782-1980124124-3360170330-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1192153782-1980124124-3360170330-1005 - Limited - Disabled)
Owner (S-1-5-21-1192153782-1980124124-3360170330-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
SUPPORT_388945a0 (S-1-5-21-1192153782-1980124124-3360170330-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AiO_Scan (Version: 40.0.105.000 - Hewlett-Packard) Hidden
AIOMinimal (Version: 40.0.105.000 - Hewlett-Packard) Hidden
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1012 - )
ATI Control Panel (HKLM\...\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}) (Version: 6.14.10.5145 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.12-050317m-022739C - )
Audacity 2.0.2 (HKLM\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avast Free Antivirus (HKLM\...\avast) (Version: 11.2.2262 - AVAST Software)
BigFix (HKLM\...\BigFix) (Version: - ) <==== ATTENTION
Business Card Workshop 2 (HKLM\...\InstallShield_{83457075-C6D0-4A09-9E90-27027C383A1A}) (Version: 2.00.0000 - ValuSoft)
Business Card Workshop 2 (Version: 2.00.0000 - ValuSoft) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
Digital Media Reader (HKLM\...\InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}) (Version: 1.10 - )
Digital Media Reader (Version: 1.10 - ) Hidden
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FinePix Studio (HKLM\...\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}) (Version: - )
FinePixViewer Resource (HKLM\...\{B44529FF-501E-47CD-A06D-223C161BE058}) (Version: 1.2 - FUJIFILM Corporation)
FinePixViewer Ver.5.4 (HKLM\...\{24ED4D80-8294-11D5-96CD-0040266301AD}) (Version: 5.4 - FUJIFILM Corporation)
FUJIFILM USB Driver (HKLM\...\{5490882C-6961-11D5-BAE5-00E0188E010B}) (Version: - )
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Hallmark Card Studio 2009 Deluxe (HKLM\...\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}) (Version: 10.0.0.28 - Creative Home)
HP PSC & OfficeJet 3.5 (HKLM\...\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}) (Version: 3.5 - HP)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.290 - McAfee, Inc.)
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB979904) (HKLM\...\KB979904) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Money 2005 (HKLM\...\Money2005b) (Version: 14 - Microsoft)
Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Keyboard Driver (HKLM\...\{FF262740-C85A-11D5-BBEC-00D0B740900A}) (Version: - )
Napster (HKLM\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 3.0.3.7 - Napster)
Napster Burn Engine (Version: 2.5.0000 - Roxio) Hidden
Nero BurnRights (HKLM\...\Nero BurnRights!UninstallKey) (Version: - )
Nero OEM (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - )
Overland (Version: 2.1.4 - Hewlett-Packard) Hidden
PHOTOfunSTUDIO -viewer- (HKLM\...\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}) (Version: 2.00.000 - Panasonic)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\QuickTime) (Version: - ) <==== ATTENTION
RealPlayer Basic (HKLM\...\RealPlayer 6.0) (Version: - )
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: - )
Recovery Software Suite eMachines (HKLM\...\{15377C3E-9655-400F-B441-E69F0A6BEAFE}) (Version: 1.00.0000 - eMachines)
SafeZone Stable 1.48.2066.101 (Version: 1.48.2066.101 - Avast Software) Hidden
Scan (Version: 3.5.0.0 - Hewlett-Packard) Hidden
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Skype™ 7.27 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Snippy 1.0 (HKLM\...\{2A4A9714-0E9D-4E42-8448-AC96CD2EDF18}_is1) (Version: - CodePackage)
SoftV92 Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1) (Version: - )
Spotify (HKLM\...\Spotify) (Version: 0.5.2 - )
SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369) (HKLM\...\MC05Upd1) (Version: - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player 1.1.7 (HKLM\...\VLC media player) (Version: 1.1.7 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows XP Media Center Edition 2005 KB890629 (HKLM\...\KB890629) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB890760 (HKLM\...\KB890760) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB895198 (HKLM\...\KB895198) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB895678 (HKLM\...\KB895678) (Version: - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{013F891C-58A8-42F1-BA17-A3954DDED562}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{073258F7-8BC6-4a64-A4E7-919E4D32DC63}\InprocServer32 -> C:\Program Files\Common Files\Roxio Shared\SharedCOM\RXACWMA.dll (Roxio, Inc.)
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{12897008-A82D-4267-92A3-04D22450D565}\InprocServer32 -> C:\Program Files\Common Files\Roxio Shared\SharedCOM\RXAudioCodec.dll (Roxio, Inc.)
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{1C6E0E46-4E5F-492D-B946-44291B931361}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{2000AA1D-2E7C-4EBA-9893-DAE4EF5E1FE5}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{403BD5FD-724C-4D96-86ED-B9E3A2ACBD8E}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{616A7D2A-A222-4083-8FF2-363141AFBC56}\InprocServer32 -> C:\WINDOWS\system32\CDDBUIRoxio.dll (Gracenote)
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{8917825A-AFBC-40C1-BC8A-CD0DC7F7A6E2}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{A0A0888B-8977-45b5-B884-57CC3A164650}\InprocServer32 -> C:\Program Files\Common Files\Roxio Shared\SharedCOM\RXACMP3CTD.dll (Roxio, Inc.)
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{AF7C0A6A-3D7C-46DC-AF54-BF1E1C2DDD50}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{C955DD8E-0167-440B-BE27-DAC0A2E03233}\InprocServer32 -> C:\WINDOWS\system32\CDDBUIRoxio.dll (Gracenote)
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{D07DC324-55D5-4DBE-8A41-1F2E13E8D933}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{D48915E5-268D-4C2A-9146-EE042C6A7CCE}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{D806C170-3B96-4A54-AD9F-B546E3C21408}\InprocServer32 -> C:\WINDOWS\system32\CDDBUIRoxio.dll (Gracenote)
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{DF525519-639E-47AF-9576-330DF39B29FE}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{FB07A580-07A7-46EE-82A1-EDE5C3AEEC68}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
CustomCLSID: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006_Classes\CLSID\{FF866659-937C-4EFF-9416-BD79B72C7BA1}\InprocServer32 -> C:\WINDOWS\system32\CDDBControlRoxio.dll (Gracenote (formerly CDDB, Inc.))
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1192153782-1980124124-3360170330-1006Core.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1192153782-1980124124-3360170330-1006UA.job => C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1460687301.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-03-19 18:23 - 2016-05-19 12:01 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-19 18:23 - 2016-05-19 12:01 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-22 13:40 - 2016-09-22 13:40 - 03118360 _____ () C:\Program Files\AVAST Software\Avast\defs\16092201\algo.dll
2015-11-16 11:27 - 2016-05-19 12:01 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-09-23 11:17 - 2016-09-23 11:17 - 03118360 _____ () C:\Program Files\AVAST Software\Avast\defs\16092300\algo.dll
2015-11-16 11:27 - 2016-05-19 12:01 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2010-01-22 14:24 - 2004-09-28 05:54 - 00269824 _____ () C:\WINDOWS\system32\sbe.dll
2010-01-22 14:24 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2010-01-22 14:19 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2010-01-22 14:22 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2010-01-22 15:30 - 2005-05-03 18:02 - 00543232 _____ () C:\WINDOWS\zHotkey.exe
2010-01-22 15:30 - 2001-07-02 11:36 - 00024576 _____ () C:\WINDOWS\HKNTDLL.dll
2015-03-14 11:32 - 2015-12-11 15:09 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 [125]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2010-01-22 14:20 - 2012-12-03 11:05 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1192153782-1980124124-3360170330-1006\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.254
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk => C:\WINDOWS\pss\BigFix.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminder 2009.lnk => C:\WINDOWS\pss\Event Planner Reminder 2009.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk => C:\WINDOWS\pss\ExifLauncher2.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PHOTOfunSTUDIO -viewer-.lnk => C:\WINDOWS\pss\PHOTOfunSTUDIO -viewer-.lnkCommon Startup
MSCONFIG\startupreg: ATIPTA => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MSCONFIG\startupreg: ehTray => C:\WINDOWS\ehome\ehtray.exe
MSCONFIG\startupreg: Facebook Update => "C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: HP Component Manager => "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
MSCONFIG\startupreg: MCAgentExe => c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: NeroFilterCheck => C:\WINDOWS\system32\NeroCheck.exe
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: SoundMan => SOUNDMAN.EXE
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\Loader\aolload.exe] => Enabled:AOL Application Loader
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Spotify\spotify.exe] => Enabled:Spotify
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft LifeCam\LifeExp.exe] => Enabled:LifeExp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft LifeCam\LifeCam.exe] => Enabled:LifeCam.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft LifeCam\LifeEnC2.exe] => Enabled:LifeEnC2.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft LifeCam\LifeTray.exe] => Enabled:LifeTray.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe] => Enabled:McAfee Shared Service Host
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe] => Enabled:McAfee Shared Service Host
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe] => Enabled:Facebook Video Calling Plugin
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
==================== Restore Points =========================
21-09-2016 20:59:06 System Checkpoint
22-09-2016 10:10:34 Restore Point Created by FRST
==================== Faulty Device Manager Devices =============
Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/21/2016 08:14:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application frst.exe, version 21.9.2016.0, faulting module frst.exe, version 21.9.2016.0, fault address 0x000211de.
Processing media-specific event for [frst.exe!ws!]
Error: (09/08/2016 02:54:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 47.0.1.6018, faulting module mozglue.dll, version 47.0.1.6018, fault address 0x0000f02b.
Processing media-specific event for [plugin-container.exe!ws!]
Error: (09/07/2016 09:06:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application finepixviewer.exe, version 5.4.1.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [finepixviewer.exe!ws!]
Error: (08/26/2016 10:35:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 47.0.1.6018, faulting module mozglue.dll, version 47.0.1.6018, fault address 0x0000f02b.
Processing media-specific event for [plugin-container.exe!ws!]
Error: (07/05/2016 01:10:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application finepixviewer.exe, version 5.4.1.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [finepixviewer.exe!ws!]
Error: (07/01/2016 05:08:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 47.0.0.5999, faulting module mozglue.dll, version 47.0.0.5999, fault address 0x0000f3ad.
Processing media-specific event for [plugin-container.exe!ws!]
Error: (06/28/2016 07:17:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application finepixviewer.exe, version 5.4.1.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [finepixviewer.exe!ws!]
Error: (06/21/2016 02:15:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 47.0.0.5999, faulting module mozglue.dll, version 47.0.0.5999, fault address 0x0000f3ad.
Processing media-specific event for [plugin-container.exe!ws!]
Error: (06/17/2016 12:21:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 47.0.0.5999, faulting module mozglue.dll, version 47.0.0.5999, fault address 0x0000f3ad.
Processing media-specific event for [plugin-container.exe!ws!]
Error: (01/14/2016 01:06:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 43.0.4.5848, faulting module mozglue.dll, version 43.0.4.5848, fault address 0x0000ed44.
Processing media-specific event for [plugin-container.exe!ws!]
System errors:
=============
Error: (09/22/2016 10:10:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
Error: (09/22/2016 10:10:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PrismXL service terminated unexpectedly. It has done this 1 time(s).
Error: (09/22/2016 10:10:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MSCamSvc service terminated unexpectedly. It has done this 1 time(s).
Error: (09/22/2016 10:10:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
Error: (09/22/2016 10:10:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
Error: (09/22/2016 10:10:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
Error: (09/22/2016 10:10:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (09/22/2016 10:10:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
Error: (09/22/2016 10:10:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
Error: (09/22/2016 09:50:01 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
==================== Memory info ===========================
Processor: AMD Athlon 64 Processor 3500+
Percentage of memory in use: 47%
Total physical RAM: 894.48 MB
Available physical RAM: 471.8 MB
Total Virtual: 2166.13 MB
Available Virtual: 1741.28 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:182.19 GB) (Free:154.56 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (RECOVERY) (Fixed) (Total:4.11 GB) (Free:1.71 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 186.3 GB) (Disk ID: 52DF0FB1)
Partition 1: (Active) - (Size=182.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4.1 GB) - (Type=0B)
==================== End of Addition.txt ============================
Here's the other Log
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-09-2016
Ran by Owner (administrator) on MITZI (23-09-2016 11:20:37)
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehRecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(New Boundary Technologies, Inc.) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
() C:\WINDOWS\zHotkey.exe
(Microsoft Corporation) C:\WINDOWS\vVX1000.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [CHotkey] => C:\WINDOWS\zHotkey.exe [543232 2005-05-03] ()
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-14] ()
HKLM\...\Run: [REGSHAVE] => C:\Program Files\REGSHAVE\REGSHAVE.EXE [53248 2002-02-04] (FUJI PHOTO FILM CO., LTD.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2010-01-22] (Apple Computer, Inc.)
HKLM\...\Run: [VX1000] => C:\WINDOWS\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2005-03-15] (ATI Technologies Inc.)
HKU\S-1-5-21-1192153782-1980124124-3360170330-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-05-19] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{AD29A29A-8BFB-471A-A54C-9175FB00E164}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1192153782-1980124124-3360170330-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1192153782-1980124124-3360170330-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.yahoo.com/
SearchScopes: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> DefaultScope {581D6D8B-3055-4D20-81FE-B10272979761} URL = hxxp://search.yahoo.com/search?fr=mcafee&type=A010US0&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> {581D6D8B-3055-4D20-81FE-B10272979761} URL = hxxp://search.yahoo.com/search?fr=mcafee&type=A010US0&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> {77C3C071-4B61-4E6D-9719-FAC4804C6190} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
SearchScopes: HKU\S-1-5-21-1192153782-1980124124-3360170330-1006 -> {EC376F27-6DC3-468A-B11A-8B722F2F81F4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=B8MCDF&pc=B8MC&src=IE-SearchBox
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-14] (AVAST Software)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll [2003-12-22] (Hewlett-Packard Company)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s9lvdxna.default
FF DefaultSearchEngine.US: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: hxxp://us.my.yahoo.com/
FF Keyword.URL: hxxps://search.yahoo.com/search?fr=mcafee&type=B110US0D20131111&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-14] ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-19] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1192153782-1980124124-3360170330-1006: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-07-27]
FF Extension: (Firefox Hotfix) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\s9lvdxna.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-01-18] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-19]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2016-08-06]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-19]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2016-02-12]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-19] (AVAST Software)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-19] (Oracle Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2016-02-12] (McAfee, Inc.)
R2 PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [172032 2010-01-22] (New Boundary Technologies, Inc.) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2004-08-10] (Microsoft Corporation)
R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2317504 2005-04-19] (Realtek Semiconductor Corp.)
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2010-01-22] (Windows ® 2000 DDK provider) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [32792 2016-05-19] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-05-19] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [91168 2016-05-19] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-05-19] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [58776 2016-05-19] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [815792 2016-05-19] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [449640 2016-05-19] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [187208 2016-05-19] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [67216 2016-05-19] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224616 2016-08-05] (AVAST Software)
S3 CAM1690; C:\WINDOWS\System32\Drivers\cam1690.sys [181888 2007-11-21] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [44288 2004-11-10] (Roxio) [File not signed]
R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [24832 2004-11-10] (Roxio) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51056 2004-01-05] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-01-05] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21488 2004-01-05] (HP)
S3 mxnic; C:\WINDOWS\System32\DRIVERS\mxnic.sys [19968 2001-08-17] (Macronix International Co., Ltd. )
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [70144 2004-04-14] (Realtek Semiconductor Corporation )
S3 SunkFilt; C:\WINDOWS\System32\Drivers\sunkfilt.sys [36804 2004-11-15] (Alcor Micro Corp.) [File not signed]
R3 VX1000; C:\WINDOWS\System32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation)
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-23 11:20 - 2016-09-23 11:21 - 00014322 _____ C:\Documents and Settings\Owner\Desktop\FRST.txt
2016-09-22 10:10 - 2016-09-22 10:14 - 00004393 _____ C:\Documents and Settings\Owner\Desktop\Fixlog.txt
2016-09-21 20:36 - 2016-09-21 20:36 - 00001098 _____ C:\Documents and Settings\Owner\Desktop\SALog.txt
2016-09-21 20:35 - 2016-09-21 20:35 - 00898560 _____ C:\Documents and Settings\Owner\Desktop\RGSA.exe
2016-09-21 20:14 - 2016-09-21 20:14 - 00000394 _____ C:\Documents and Settings\Owner\My Documents\Addition.txt
2016-09-21 20:13 - 2016-09-23 11:20 - 00000000 ____D C:\FRST
2016-09-21 20:13 - 2016-09-21 20:14 - 00022594 _____ C:\Documents and Settings\Owner\My Documents\FRST.txt
2016-09-21 20:11 - 2016-09-21 20:11 - 00001062 _____ C:\Documents and Settings\Owner\My Documents\malware bytes.txt
2016-09-21 19:15 - 2016-09-21 19:15 - 01753088 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2016-09-12 19:38 - 2016-09-12 20:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-09-12 19:29 - 2016-09-12 19:29 - 00245743 _____ C:\Documents and Settings\Owner\My Documents\RegCertificate sunny 2016.pdf
2016-09-12 19:28 - 2016-09-12 19:28 - 00257585 _____ C:\Documents and Settings\Owner\My Documents\Receipt sunnys registration 2016.pdf
2016-09-01 10:57 - 2016-09-01 10:57 - 00000022 _____ C:\Documents and Settings\Owner\My Documents\sunny tracking.txt
2016-08-26 20:09 - 2016-08-26 20:09 - 00064388 _____ C:\Documents and Settings\Owner\My Documents\pams card id.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-23 11:21 - 2012-12-03 11:08 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\temp
2016-09-23 11:19 - 2012-12-04 17:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP
2016-09-23 11:18 - 2014-07-10 13:29 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-23 11:17 - 2010-01-22 13:51 - 00000000 ___RD C:\Documents and Settings\Owner\My Documents
2016-09-23 11:15 - 2016-04-14 22:28 - 00000460 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1460687301.job
2016-09-23 11:15 - 2010-01-22 13:52 - 00004576 _____ C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt
2016-09-23 11:15 - 2004-10-27 21:14 - 00000000 ____D C:\WINDOWS\Registration
2016-09-23 11:14 - 2013-08-15 15:49 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2016-09-23 11:14 - 2010-02-10 17:29 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-23 11:14 - 2004-10-27 21:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-22 15:00 - 2010-01-22 13:51 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
2016-09-22 15:00 - 2004-10-27 21:26 - 00032652 _____ C:\WINDOWS\SchedLgU.Txt
2016-09-22 14:59 - 2010-02-10 17:29 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-22 14:40 - 2007-08-23 16:02 - 00099375 _____ C:\Documents and Settings\Owner\My Documents\Wells fargo Wachovia.txt
2016-09-22 14:38 - 2015-10-24 20:37 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-22 11:40 - 2013-10-16 19:17 - 00364096 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2016-09-22 11:40 - 2010-01-22 13:51 - 00000000 ____D C:\Documents and Settings\Owner
2016-09-22 10:40 - 2010-06-06 16:50 - 00000000 ____D C:\Program Files\SpywareBlaster
2016-09-22 10:38 - 2013-01-09 20:33 - 00000998 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1192153782-1980124124-3360170330-1006UA.job
2016-09-21 19:38 - 2013-01-09 20:33 - 00000976 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1192153782-1980124124-3360170330-1006Core.job
2016-09-21 18:45 - 2011-04-07 21:23 - 00000000 ____D C:\Program Files\Amazon
2016-09-21 18:45 - 2011-04-07 21:23 - 00000000 ____D C:\Documents and Settings\Owner\Start Menu\Programs\Amazon
2016-09-20 19:08 - 2010-01-22 13:51 - 00000000 ___RD C:\Documents and Settings\Owner\My Documents\My Pictures
2016-09-20 17:16 - 2004-10-27 20:52 - 00001170 _____ C:\WINDOWS\system32\wpa.dbl
2016-09-14 19:36 - 2011-02-17 22:57 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Skype
2016-09-14 18:58 - 2015-12-11 21:22 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2016-09-14 15:38 - 2016-07-14 14:38 - 06502080 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2016-09-14 15:38 - 2012-04-01 19:44 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-09-14 15:38 - 2011-05-19 10:33 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-09-14 15:38 - 2004-10-27 21:16 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-09-12 22:04 - 2013-07-04 12:14 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-09-12 20:02 - 2016-07-22 14:45 - 00000981 _____ C:\Documents and Settings\Owner\My Documents\sunnys trip november twenty sixteen.txt
2016-09-07 21:00 - 2010-01-24 15:18 - 00000000 ____D C:\Program Files\FinePixViewer
2016-09-04 15:09 - 2014-05-17 17:06 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\shortcuts desktop
2016-08-30 11:03 - 2015-10-17 17:15 - 00000000 ___RD C:\Program Files\Skype
2016-08-30 11:02 - 2011-02-17 22:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2016-08-29 21:47 - 2015-08-29 09:53 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2016-08-27 19:33 - 2014-07-10 10:20 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-08-27 19:32 - 2015-03-07 18:16 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-27 19:32 - 2014-07-10 10:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-26 20:14 - 2012-11-20 16:31 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-08-26 14:38 - 2010-09-20 11:15 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\SRP
==================== Files in the root of some directories =======
2010-06-08 22:05 - 2014-11-04 15:12 - 0000438 ____C () C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2010-01-22 21:00 - 2013-04-25 16:21 - 0012288 ____C () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-01-22 21:35 - 2010-01-22 21:35 - 0000128 ____C () C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
2010-01-22 20:36 - 2010-01-24 16:24 - 0010977 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================