1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive laptop acting weird again?

Discussion in 'Malware and Virus Removal' started by dodopie, 2016/02/17.

Thread Status:
Not open for further replies.
  1. 2016/02/17
    dodopie Contributing Member

    dodopie Well-Known Member Thread Starter

    Joined:
    2010/12/26
    Messages:
    458
    Likes Received:
    2
    [Inactive] laptop acting weird again?

    Hi this laptop again is action to weird like the TFC takes hours to run and desktop is looking weird all of a sudden, like the wallpaper is like a parallelogram so here the fubar reports:

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-02-2016
    Ran by jerry (administrator) on JERRY-PC (17-02-2016 09:58:34)
    Running from C:\Users\jerry\Downloads
    Loaded Profiles: jerry (Available Profiles: jerry)
    Platform: Microsoft® Windows Vistaâ„¢ Home Basic Service Pack 2 (X86) Language: English (United States)
    Internet Explorer Version 9 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgrsx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
    (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
    (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    (CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
    (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    () C:\ACER\Mobility Center\MobilityService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (Realtek Semiconductor Corp.) C:\Users\jerry\AppData\Local\temp\RtkBtMnt.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    (CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [3873704 2016-02-01] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6266880 2008-07-02] (Realtek Semiconductor)
    HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-06-25] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1298456 2015-04-20] (CANON INC.)
    HKU\S-1-5-21-4103279818-402611227-566158514-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6628056 2016-01-15] (Piriform Ltd)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{79014BAE-3FE6-48B6-8DA3-FF4DE66098F4}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=1214&m=aspire_5515
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-4103279818-402611227-566158514-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.search.yahoo.com/?fr=hp-dt&type=bestsearch_US_HomePage
    HKU\S-1-5-21-4103279818-402611227-566158514-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4103279818-402611227-566158514-1000 -> DefaultScope {42AB4FD8-C833-46E4-8226-26D2A1E7EC01} URL = hxxp://us.search.yahoo.com/search?fr=ds-dt&type=bestsearch_US_DefaultSearchEngine&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-4103279818-402611227-566158514-1000 -> {42AB4FD8-C833-46E4-8226-26D2A1E7EC01} URL = hxxp://us.search.yahoo.com/search?fr=ds-dt&type=bestsearch_US_DefaultSearchEngine&p={searchTerms}
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\jerry\AppData\Roaming\Mozilla\Firefox\Profiles\bg9g0ey0.default-1450399361726
    FF Homepage: hxxps://www.yahoo.com/
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
    FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Extension: WOT - C:\Users\jerry\AppData\Roaming\Mozilla\Firefox\Profiles\bg9g0ey0.default-1450399361726\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-17]
    FF Extension: Ebates Cash Back - C:\Users\jerry\AppData\Roaming\Mozilla\Firefox\Profiles\bg9g0ey0.default-1450399361726\extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2016-01-20]
    FF Extension: Adblock Plus - C:\Users\jerry\AppData\Roaming\Mozilla\Firefox\Profiles\bg9g0ey0.default-1450399361726\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-20]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-12-25] [not signed]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [3881184 2016-02-01] (AVG Technologies CZ, s.r.o.)
    R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [865704 2016-01-12] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [561104 2016-02-01] (AVG Technologies CZ, s.r.o.)
    R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
    S2 MBAMService; C:\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [129552 2008-08-06] (AMD Technologies Inc.)
    R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [149936 2015-11-06] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [257456 2016-01-05] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [207792 2016-01-08] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [229296 2015-10-21] (AVG Technologies CZ, s.r.o.)
    R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [308656 2015-08-14] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [198576 2016-01-22] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [37296 2015-12-04] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [231856 2015-10-08] (AVG Technologies CZ, s.r.o.)
    R0 Avgunivx; C:\Windows\System32\DRIVERS\avgunivx.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
    S3 WinRing0_1_2_0; \??\C:\Program Files\TurboYourPC\Service.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-17 09:58 - 2016-02-17 09:59 - 00009587 _____ C:\Users\jerry\Downloads\FRST.txt
    2016-02-17 09:58 - 2016-02-17 09:58 - 00000000 ____D C:\FRST
    2016-02-17 09:57 - 2016-02-17 09:57 - 01721344 _____ (Farbar) C:\Users\jerry\Downloads\FRST.exe
    2016-02-11 21:59 - 2016-02-17 09:47 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2016-02-10 08:45 - 2016-01-29 22:09 - 00429056 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
    2016-02-10 08:45 - 2016-01-29 22:09 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\sdohlp.dll
    2016-02-10 08:45 - 2016-01-29 22:09 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
    2016-02-10 08:45 - 2016-01-29 22:09 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
    2016-02-10 08:45 - 2016-01-29 22:09 - 00217600 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
    2016-02-10 08:45 - 2016-01-29 22:09 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\sbeio.dll
    2016-02-10 08:45 - 2016-01-29 22:08 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
    2016-02-10 08:45 - 2016-01-29 22:08 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll
    2016-02-10 08:45 - 2016-01-29 22:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
    2016-02-10 08:45 - 2016-01-29 22:08 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
    2016-02-10 08:45 - 2016-01-29 22:08 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax
    2016-02-10 08:45 - 2016-01-29 22:08 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
    2016-02-10 08:45 - 2016-01-29 22:08 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll
    2016-02-10 08:45 - 2016-01-29 22:08 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\iasdatastore.dll
    2016-02-10 08:45 - 2016-01-29 20:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\iashost.exe
    2016-02-10 08:39 - 2016-02-01 12:21 - 01208776 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2016-02-10 08:39 - 2016-01-29 22:15 - 03609024 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2016-02-10 08:39 - 2016-01-29 22:15 - 03556800 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-02-10 08:39 - 2016-01-29 22:09 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2016-02-10 08:39 - 2016-01-29 22:09 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2016-02-10 08:39 - 2016-01-29 22:08 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2016-02-10 08:39 - 2016-01-29 22:07 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2016-02-10 08:39 - 2016-01-29 22:07 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2016-02-10 08:39 - 2016-01-29 20:24 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2016-02-10 08:36 - 2016-01-07 10:21 - 02068480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-02-10 08:26 - 2016-01-07 10:18 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2016-02-10 08:18 - 2016-01-09 12:06 - 00501760 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-02-10 07:18 - 2016-01-24 23:59 - 01815552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-02-10 07:18 - 2016-01-24 23:57 - 12391424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-02-10 07:18 - 2016-01-24 23:55 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2016-02-10 07:18 - 2016-01-24 23:54 - 09753600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-02-10 07:18 - 2016-01-24 23:54 - 01140224 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-02-10 07:18 - 2016-01-24 23:53 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-02-10 07:18 - 2016-01-24 23:52 - 01804800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-02-10 07:18 - 2016-01-24 23:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-02-10 07:18 - 2016-01-24 23:52 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-02-10 07:18 - 2016-01-24 23:52 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-02-10 07:18 - 2016-01-24 23:52 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-02-10 07:18 - 2016-01-24 23:52 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2016-02-10 07:18 - 2016-01-24 23:52 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2016-02-10 07:18 - 2016-01-24 23:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2016-02-10 07:18 - 2016-01-24 23:51 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2016-02-10 07:18 - 2016-01-24 23:51 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2016-02-10 07:18 - 2016-01-24 23:51 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2016-02-10 07:18 - 2016-01-24 23:51 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2016-02-10 07:18 - 2016-01-24 23:51 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-02-10 07:18 - 2016-01-24 23:51 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2016-02-10 07:18 - 2016-01-24 23:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2016-02-10 07:18 - 2016-01-24 23:51 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2016-02-09 12:09 - 2016-02-09 12:16 - 00000000 ____D C:\Users\jerry\Desktop\Mail_20160209
    2016-02-09 12:06 - 2016-02-09 12:06 - 00000000 ___HD C:\ProgramData\CanonIJScan
    2016-02-09 12:05 - 2016-02-16 17:02 - 00000000 ____D C:\Users\jerry\AppData\Roaming\Canon
    2016-02-09 12:01 - 2016-02-09 12:01 - 00001880 _____ C:\Users\Public\Desktop\Canon MP Navigator EX 4.0.lnk
    2016-02-09 11:59 - 2016-02-09 12:01 - 49819216 _____ C:\Users\jerry\Downloads\mpnx_4_0-win-4_03-ea23_2.exe
    2016-02-09 11:58 - 2016-02-09 11:58 - 14937672 _____ C:\Users\jerry\Downloads\mp68-win-mp280-1_03-ejs.exe
    2016-02-09 11:56 - 2016-02-09 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
    2016-02-09 11:56 - 2016-02-09 11:56 - 00001806 _____ C:\Users\Public\Desktop\Canon Quick Menu.lnk
    2016-02-09 11:55 - 2016-02-09 12:01 - 00000000 ____D C:\Program Files\Canon
    2016-02-09 11:55 - 2016-02-09 11:55 - 09661976 _____ C:\Users\jerry\Downloads\qm__-win-2_6_1-ea31_2.exe
    2016-02-09 11:55 - 2016-02-09 11:55 - 00000000 ____D C:\ProgramData\CanonIJWSpt
    2016-02-09 11:29 - 2016-02-09 11:46 - 00116793 _____ C:\Users\jerry\Downloads\Self Employment Ledger.pdf
    2016-01-27 05:40 - 2016-01-27 05:41 - 06828320 _____ (Piriform Ltd) C:\Users\jerry\Downloads\ccsetup514.exe
    2016-01-24 21:43 - 2016-01-24 21:46 - 00000000 ____D C:\Users\jerry\Desktop\heli
    2016-01-24 21:41 - 2016-01-24 21:41 - 01175289 _____ C:\Users\jerry\Downloads\Attachments_2016124.zip
    2016-01-22 19:12 - 2016-01-22 19:30 - 00000000 ____D C:\Users\jerry\Desktop\New Folder
    2016-01-22 15:13 - 2016-01-22 15:13 - 00198576 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
    2016-01-18 07:25 - 2016-01-18 07:25 - 00113798 _____ C:\Users\jerry\Desktop\eBay Order details.htm
    2016-01-18 07:25 - 2016-01-18 07:25 - 00000000 ____D C:\Users\jerry\Desktop\eBay Order details_files

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-17 09:48 - 2006-11-02 07:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-02-17 09:48 - 2006-11-02 07:45 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2016-02-17 09:48 - 2006-11-02 07:45 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2016-02-17 09:47 - 2015-12-17 19:58 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2016-02-17 09:45 - 2006-11-02 07:58 - 00032618 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2016-02-17 09:34 - 2015-12-13 10:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-02-17 08:20 - 2014-12-25 08:00 - 00000000 ____D C:\ProgramData\MFAData
    2016-02-15 22:12 - 2016-01-07 00:38 - 00000000 ____D C:\Users\jerry\Desktop\pics
    2016-02-12 18:55 - 2015-12-19 07:39 - 00000508 _____ C:\Windows\wininit.ini
    2016-02-10 11:34 - 2015-10-22 06:42 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2016-02-10 11:34 - 2015-10-22 06:42 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2016-02-10 09:15 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache
    2016-02-10 09:04 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\inf
    2016-02-10 09:04 - 2006-11-02 05:33 - 00758854 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-02-10 08:58 - 2006-11-02 07:44 - 00301472 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-02-10 08:34 - 2014-12-24 22:18 - 00000000 ____D C:\Windows\system32\MRT
    2016-02-10 08:26 - 2006-11-02 05:24 - 144254680 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2016-02-09 09:34 - 2015-12-14 00:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2016-02-03 18:52 - 2014-12-26 19:52 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-01-27 05:43 - 2015-05-18 07:19 - 00000000 ____D C:\Users\jerry\AppData\Local\CrashDumps
    2016-01-27 05:42 - 2015-10-25 19:17 - 00000808 _____ C:\Users\Public\Desktop\CCleaner.lnk

    ==================== Files in the root of some directories =======

    2015-12-17 07:23 - 2015-12-17 07:23 - 0000000 _____ () C:\Users\jerry\AppData\Roaming\wklnhst.dat
    2016-01-09 10:11 - 2016-01-09 10:11 - 0003584 _____ () C:\Users\jerry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    Some files in TEMP:
    ====================
    C:\Users\jerry\AppData\Local\temp\RtkBtMnt.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-02-17 09:53

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-02-2016
    Ran by jerry (2016-02-17 09:59:35)
    Running from C:\Users\jerry\Downloads
    Microsoft® Windows Vistaâ„¢ Home Basic Service Pack 2 (X86) (2014-12-25 04:58:30)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4103279818-402611227-566158514-500 - Administrator - Disabled)
    Guest (S-1-5-21-4103279818-402611227-566158514-501 - Limited - Disabled)
    jerry (S-1-5-21-4103279818-402611227-566158514-1000 - Administrator - Enabled) => C:\Users\jerry

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
    Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    ATI Catalyst Install Manager (HKLM\...\{67A8747E-0517-75EF-244F-9E219C440107}) (Version: 3.0.682.0 - ATI Technologies, Inc.)
    AVG (HKLM\...\AvgZen) (Version: 1.31.1.48846 - AVG Technologies)
    AVG (Version: 16.41.7442 - AVG Technologies) Hidden
    AVG 2016 (Version: 16.0.4530 - AVG Technologies) Hidden
    AVG Protection (HKLM\...\AVG) (Version: 2016.41.7442 - AVG Technologies)
    AVG Zen (Version: 1.31.9 - AVG Technologies) Hidden
    Canon MP Navigator EX 4.0 (HKLM\...\MP Navigator EX 4.0) (Version: - )
    Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: - )
    Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.6.1 - Canon Inc.)
    ccc-core-static (Version: 2008.0703.2236.38526 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
    FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden
    InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0-B9.574 - InterVideo Inc.)
    InterVideo WinDVD 8 (Version: 8.0-B9.574 - InterVideo Inc.) Hidden
    iPhone Backup Extractor (HKU\S-1-5-21-4103279818-402611227-566158514-1000\...\iPhone Backup Extractor) (Version: 6.0.5.768 - Reincubate Ltd)
    iPhone Backup Extractor (Version: 6.0.5.768 - Reincubate Ltd) Hidden
    LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Word 2000 (HKLM\...\{00170409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
    Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
    MozBackup 1.5.1 (HKLM\...\MozBackup) (Version: - Pavel Cvrcek)
    Mozilla Firefox 44.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5657 - Realtek Semiconductor Corp.)
    Skins (Version: 2008.0703.2236.38526 - ATI) Hidden
    Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.2.0 - Synaptics)
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {2E839851-64A0-46DF-AE81-FCCB18DB1383} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
    Task: {A7966D42-CBAF-44C5-857C-117C8C182EAC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
    Task: {ED1459E4-D920-4BC1-91C7-F5231BE0E9B3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2008-12-04 06:05 - 2008-07-03 22:37 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
    2008-12-04 08:14 - 2007-12-06 19:15 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
    2008-12-04 08:14 - 2007-11-27 18:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
    2015-12-13 23:59 - 2015-12-13 23:56 - 40500224 _____ () C:\Program Files\AVG\UiDll\2171\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4103279818-402611227-566158514-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\jerry\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{D64DAAC3-3615-46D7-9676-E10679B9500C}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    FirewallRules: [{0DDE240D-FD2A-4050-AB17-AF76C247A3BE}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    FirewallRules: [{259F1611-C159-42C3-AFAF-5539853B7035}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    FirewallRules: [{5533EFBD-587E-4F6D-8CB1-9F6108E273C2}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    FirewallRules: [{BE1E1569-ADF3-41A9-AFE0-3FC8BE991B45}] => (Allow) LPort=80
    FirewallRules: [{7159459A-A8C5-4553-9438-3CCE6EAB70B8}] => (Allow) LPort=80
    FirewallRules: [{BCC31CF4-84BC-4C5B-B2E1-2ED8BCD49C5A}] => (Allow) LPort=80
    FirewallRules: [{F906CAAC-8DDC-4649-9D7C-EC061306C23A}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [{6855460D-A199-43C0-AE89-15D51F0FD8F5}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [{1D5EEB6A-9D2D-4A8D-A642-8A8F44023604}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{070D6C14-EF15-42AB-911A-120A071C43BB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{29B0AD16-8FB2-42CA-A907-E77EEAD7AF2B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{5A6A4999-D213-474E-9218-2C40DB4A4009}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    FirewallRules: [{CFE4FE28-3EC5-4FA2-A6E5-C916CD1B584C}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    FirewallRules: [{87FB7EA3-705F-4CDD-87EE-993637BD74BB}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
    FirewallRules: [{AD7643AB-98A6-46B5-8C9C-7978642AB843}] => (Allow) C:\Program Files\Internet Explorer\iexplore.exe
    FirewallRules: [TCP Query User{8F85832B-7017-4F37-A23F-1821F63EF196}C:\users\jerry\appdata\local\mozilla firefox\firefox.exe] => (Allow) C:\users\jerry\appdata\local\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{636974B4-0146-46C7-B2BF-E76E92225D36}C:\users\jerry\appdata\local\mozilla firefox\firefox.exe] => (Allow) C:\users\jerry\appdata\local\mozilla firefox\firefox.exe
    FirewallRules: [{575321A2-C5AE-48D7-9EF4-F84527992757}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
    FirewallRules: [{BB68C489-EF1D-4F36-A480-8CFDF8C17E93}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
    FirewallRules: [{B0062BB1-250D-4FAD-903A-5202E0FFD75F}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
    FirewallRules: [{58AA972B-6526-4743-BE84-8B6B4F0855E1}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
    FirewallRules: [{E854F8FA-3512-4EEF-9B81-8E8BB9D9C5A3}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
    FirewallRules: [{6638745A-EC98-40AA-8336-C456CC02010A}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
    FirewallRules: [{BB9CDCBE-DC76-4ADD-BF8F-A04AF833FF4C}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [{8F26D9C5-3156-4371-BBC4-2548174CE6EE}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [TCP Query User{A6E575D2-4BE7-444E-A032-F2D7950751F5}C:\program files\free torrent opener\free torrent opener.exe] => (Block) C:\program files\free torrent opener\free torrent opener.exe
    FirewallRules: [UDP Query User{8D168CB0-C15A-40B5-A6F7-8E7657E9D3B7}C:\program files\free torrent opener\free torrent opener.exe] => (Block) C:\program files\free torrent opener\free torrent opener.exe
    FirewallRules: [TCP Query User{E1479E41-B0C2-4CCD-80FE-01E96C5CC02C}C:\program files\free torrent opener\free torrent opener.exe] => (Allow) C:\program files\free torrent opener\free torrent opener.exe
    FirewallRules: [UDP Query User{1FAA337C-B904-4563-BB8C-3192E195305F}C:\program files\free torrent opener\free torrent opener.exe] => (Allow) C:\program files\free torrent opener\free torrent opener.exe
    FirewallRules: [{A91425A6-7044-4832-98F0-79A1BF5D5192}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
    FirewallRules: [{CC8F6F30-6802-4884-87BA-2B92E14C0189}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
    FirewallRules: [{5241FAAD-4674-4703-8C73-350E33308835}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{C5ED38DA-FAB3-4583-AB64-01C1396CEA42}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{494CE74D-E75B-4CEB-A40B-F2FF5EAC476C}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
    FirewallRules: [{30B7C3A8-C28F-4D26-8AF1-BDB88DAA7D02}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
    FirewallRules: [{9CB74D6D-E035-423F-A49F-99ECA3B5D238}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
    FirewallRules: [{FFB7B59F-7D18-4233-B134-BB3E06F1B204}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
    FirewallRules: [{65088AA2-1047-4E71-B434-9434C80A760E}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
    FirewallRules: [{1F77362C-5A62-4CC4-BDFF-F0A0668FB7AE}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe

    ==================== Restore Points =========================

    06-02-2016 12:52:07 Scheduled Checkpoint
    07-02-2016 16:15:54 Scheduled Checkpoint
    08-02-2016 06:53:08 Scheduled Checkpoint
    09-02-2016 00:26:23 Scheduled Checkpoint
    09-02-2016 12:42:46 Scheduled Checkpoint
    10-02-2016 08:18:00 Windows Update
    11-02-2016 08:26:48 Scheduled Checkpoint
    12-02-2016 00:00:01 Scheduled Checkpoint
    13-02-2016 06:53:41 Scheduled Checkpoint
    14-02-2016 01:18:20 Scheduled Checkpoint
    15-02-2016 10:09:04 Scheduled Checkpoint
    16-02-2016 00:00:02 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/17/2016 09:49:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/16/2016 09:37:02 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\JERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BG9G0EY0.DEFAULT-1450399361726\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (02/16/2016 09:46:39 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\JERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BG9G0EY0.DEFAULT-1450399361726\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (02/16/2016 03:24:12 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\JERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BG9G0EY0.DEFAULT-1450399361726\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (02/14/2016 09:20:58 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\JERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BG9G0EY0.DEFAULT-1450399361726\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (02/13/2016 08:42:53 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\JERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BG9G0EY0.DEFAULT-1450399361726\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (02/13/2016 08:40:19 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\JERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BG9G0EY0.DEFAULT-1450399361726\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (02/13/2016 05:39:33 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\JERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BG9G0EY0.DEFAULT-1450399361726\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (02/13/2016 08:01:47 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\JERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BG9G0EY0.DEFAULT-1450399361726\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (02/13/2016 05:56:22 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\JERRY\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\BG9G0EY0.DEFAULT-1450399361726\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)


    System errors:
    =============
    Error: (02/17/2016 09:49:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Parallel port driver%%1058

    Error: (02/11/2016 09:34:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: 30000avgsvc

    Error: (02/10/2016 04:26:03 PM) (Source: Server) (EventID: 2505) (User: )
    Description: The server could not bind to the transport \Device\NetBT_Tcpip_{79014BAE-3FE6-48B6-8DA3-FF4DE66098F4} because another computer on the network has the same name. The server could not start.

    Error: (02/10/2016 08:59:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Parallel port driver%%1058

    Error: (02/09/2016 12:04:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Parallel port driver%%1058

    Error: (02/09/2016 12:01:39 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

    Error: (02/09/2016 11:38:26 AM) (Source: Print) (EventID: 6161) (User: jerry-PC)
    Description: The document Self Employment Ledger.pdf, owned by jerry, failed to print on printer Canon MP280 series Printer. Try to print the document again, or restart the print spooler.
    Data type: NT EMF 1.008. Size of the spool file in bytes: 524288. Number of bytes printed: 357456. Total number of pages in the document: 2. Number of pages printed: 0. Client computer: \\JERRY-PC. Win32 error code returned by the print processor: Self Employment Ledger.pdf0. Self Employment Ledger.pdf1

    Error: (02/09/2016 09:45:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Parallel port driver%%1058

    Error: (02/09/2016 09:34:17 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: AVGIDSAgent3758213661 (0xE001CA1D)

    Error: (02/06/2016 10:18:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Parallel port driver%%1058


    CodeIntegrity:
    ===================================
    Date: 2016-02-17 09:59:29.379
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgmfx86.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-17 09:59:28.849
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgmfx86.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-17 09:59:28.319
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgmfx86.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-17 09:59:27.773
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgmfx86.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-17 09:58:56.745
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-17 09:58:56.207
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-17 09:58:55.667
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-17 09:58:55.065
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-17 09:58:49.693
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgunivx.sys because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-17 09:58:48.535
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgunivx.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: AMD Athlon(tm) Processor 2650e
    Percentage of memory in use: 44%
    Total physical RAM: 2813.25 MB
    Available physical RAM: 1572.87 MB
    Total Virtual: 5871.05 MB
    Available Virtual: 4566.09 MB

    ==================== Drives ================================

    Drive c: (ACER) (Fixed) (Total:69.52 GB) (Free:30.58 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: () (Fixed) (Total:69.52 GB) (Free:64.72 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 149.1 GB) (Disk ID: B63EE216)
    Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
    Partition 2: (Active) - (Size=69.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=69.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  2. 2016/02/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I don't see much there.
    Did you try system restore?
     

  3. to hide this advert.

Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.