[Inactive-A] Grandmothers computer has issues

[Nabrin]

Had someone remote in and try to fix some issues. Sounds like there might be more. Want to run this through VD process.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-05-2015 01
Ran by Maisie (administrator) on MAISIE-PC on 13-05-2015 17:23:15
Running from C:\My Downloads
Loaded Profiles: Maisie (Available profiles: Maisie)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3745232 2015-04-15] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\avgrsstarter: C:\WINDOWS\system32\avgrsstx.dll [2009-08-19] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll [2004-06-06] (Intel Corporation)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll [2014-01-23] (LogMeIn, Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1715567821-813497703-1060284298-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\ssmypics.scr [47104 2008-04-13] (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restartsdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1715567821-813497703-1060284298-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1715567821-813497703-1060284298-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2011-10-04] (Google Inc.)
Toolbar: HKLM - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKU\S-1-5-21-1715567821-813497703-1060284298-1004 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobio...ne/install.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll [2013-06-27] (AVG Secure Search)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2013-10-29] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2013-10-29] (Microsoft Corporation)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Maisie\Application Data\Mozilla\Firefox\Profiles\ohlo9pbj.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll [2013-06-27] (AVG Technologies)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-21] (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-10-04] (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Documents and Settings\Maisie\Application Data\Mozilla\Firefox\Profiles\ohlo9pbj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-05]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\ChromeExt\15.3.0.11\avg.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3438032 2015-04-15] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [311792 2015-04-15] (AVG Technologies CZ, s.r.o.)
S4 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [0 2015-05-10] () <==== ATTENTION (zero size file/folder)
R2 ReflectService; C:\Program Files\Macrium\Reflect\ReflectService.exe [220128 2010-07-29] ()
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
S4 COM NetBIOS Endpoint WLAN Call; C:\gpfmjqwbnfv\qwjkyksrh.exe [X]
S4 Resource Diagnostic Defender Virtual Socket; C:\socn5y7\nwuynexeibacm.exe [X]
S4 Secondary Color Firewall Volume; C:\rkdnvfdzmmibqpz\jjoehyvl.exe [X]
S4 vToolbarUpdater15.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4027840 2007-03-08] (Realtek Semiconductor Corp.)
S3 AN983; C:\WINDOWS\System32\DRIVERS\AN983.sys [36224 2004-08-03] (ADMtek Incorporated.)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [211424 2015-04-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [166880 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [29664 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [269792 2015-03-11] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [110048 2015-04-03] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [213984 2015-04-07] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-06-27] (AVG Technologies)
S3 FA312; C:\WINDOWS\System32\DRIVERS\FA312nd5.sys [16074 2001-08-17] (NETGEAR Corp.)
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
S3 hamachi; C:\WINDOWS\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 hidgame; C:\WINDOWS\System32\DRIVERS\hidgame.sys [8576 2001-08-17] (Microsoft Corporation)
S3 ltmodem5; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [606684 2004-08-03] (LT)
R0 pssnap; C:\WINDOWS\System32\DRIVERS\pssnap.sys [15328 2010-07-29] (Macrium Software)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R0 SI3112; C:\WINDOWS\System32\DRIVERS\SI3112.sys [74280 2008-08-20] (Silicon Image, Inc)
R0 SiFilter; C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys [19240 2008-08-20] (Silicon Image, Inc)
R0 SiRemFil; C:\WINDOWS\System32\DRIVERS\SiRemFil.sys [15400 2008-08-20] (Silicon Image, Inc)
R0 ViaIde; C:\WINDOWS\System32\DRIVERS\viaidexp.sys [6144 2001-10-18] (VIA Technologies, Inc.)
R1 VIAPFD; C:\WINDOWS\System32\Drivers\VIAPFD.SYS [3279 2001-12-18] (VIA Technologies. Inc.) [File not signed]
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]
S4 LMIRfsClientNP; No ImagePath
S0 MpFilter; system32\DRIVERS\MpFilter.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-13 17:22 - 2015-05-13 17:23 - 00000000 ____D () C:\FRST
2015-05-13 06:20 - 2015-05-13 06:25 - 00047419 _____ () C:\WINDOWS\wininit.ini
2015-05-12 23:17 - 2015-05-12 23:17 - 00000712 _____ () C:\Documents and Settings\All Users\Desktop\TeamViewer 10.lnk
2015-05-12 23:17 - 2015-05-12 23:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 10
2015-05-12 22:23 - 2015-05-12 22:23 - 00000000 ____D () C:\Documents and Settings\Maisie\My Documents\ProcAlyzer Dumps
2015-05-12 22:06 - 2015-05-13 17:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2015-05-12 22:01 - 2015-05-13 06:28 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2015-05-12 22:01 - 2015-05-12 22:01 - 00001848 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-05-12 22:01 - 2015-05-12 22:01 - 00001842 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2015-05-12 22:01 - 2015-05-12 22:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2015-05-12 22:00 - 2015-05-13 06:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-05-12 22:00 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2015-05-12 21:58 - 2015-05-12 22:10 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-05-12 21:53 - 2015-05-12 21:53 - 00000000 ____D () C:\Documents and Settings\Maisie\Application Data\AVG2015
2015-05-12 21:52 - 2015-05-12 21:52 - 00000708 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2015-05-12 21:52 - 2015-05-12 21:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-05-12 21:51 - 2015-05-12 22:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2015
2015-05-12 21:51 - 2015-05-12 21:51 - 00000000 ___HD () C:\$AVG
2015-05-12 21:48 - 2015-05-13 17:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2015-05-12 21:48 - 2015-05-12 22:35 - 00000000 ____D () C:\Documents and Settings\Maisie\Local Settings\Application Data\Avg2015
2015-05-12 21:48 - 2015-05-12 21:48 - 00000000 ____D () C:\Documents and Settings\Maisie\Local Settings\Application Data\MFAData
2015-05-12 20:26 - 2015-05-13 17:17 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-12 20:26 - 2015-05-12 20:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-12 20:26 - 2015-05-12 20:26 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-12 20:26 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-10 20:31 - 2015-05-10 20:31 - 00000000 ___DC () C:\WINDOWS\system32\dllcache\wuaueng.dll
2015-05-10 20:31 - 2015-05-10 20:31 - 00000000 ___DC () C:\WINDOWS\system32\dllcache\wuauclt.exe
2015-05-10 20:31 - 2015-05-10 20:31 - 00000000 ____D () C:\WINDOWS\system32\wups2.dll
2015-05-10 20:31 - 2015-05-10 20:31 - 00000000 ____D () C:\WINDOWS\system32\wuaueng.dll
2015-05-10 20:31 - 2015-05-10 20:31 - 00000000 ____D () C:\WINDOWS\system32\wuauclt.exe
2015-05-07 19:58 - 2015-05-07 19:58 - 00000000 ___HD () C:\Documents and Settings\LocalService\Local Settings\Application Data\kvbnvjnbiqu
2015-05-07 04:56 - 2015-05-12 20:16 - 00000000 ____D () C:\WINDOWS\socn5y7
2015-05-05 20:48 - 2015-05-05 20:48 - 00000000 ____D () C:\Documents and Settings\Maisie\Local Settings\Application Data\Ofi Labs
2015-05-05 20:47 - 2015-05-12 20:53 - 00000000 ____D () C:\WINDOWS\gpfmjqwbnfv
2015-05-04 20:22 - 2015-05-04 20:22 - 00973312 _____ () C:\WINDOWS\system32\libpff.dll
2015-05-04 20:22 - 2015-05-04 20:22 - 00273408 _____ () C:\WINDOWS\system32\pcre.dll
2015-05-04 20:21 - 2015-05-04 20:21 - 00000000 ___HD () C:\Documents and Settings\Maisie\Local Settings\Application Data\kvbnvjnbiqu
2015-05-03 18:02 - 2015-05-11 20:48 - 00000000 ___HD () C:\recyclebin
2015-05-03 18:02 - 2015-05-03 18:02 - 02789718 _____ () C:\WINDOWS\system32\binaries_burst6x.zip
2015-05-03 18:02 - 2015-05-02 20:39 - 00000000 ____D () C:\WINDOWS\system32\binaries_burst6x
2015-05-03 16:40 - 2015-05-03 16:40 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Ofi Labs
2015-05-03 16:39 - 2015-05-03 16:39 - 00164864 _____ (Info-Zip <www.info-zip.org>) C:\WINDOWS\system32\unzip.exe
2015-05-03 16:38 - 2015-05-11 20:48 - 00000000 ___HD () C:\WINDOWS\system32\kvbnvjnbiqu
2015-05-02 20:09 - 2015-05-03 16:38 - 00000000 ____D () C:\WINDOWS\rkdnvfdzmmibqpz
2015-04-23 19:40 - 2015-04-23 19:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-19 17:55 - 2015-04-19 17:58 - 00000000 ____D () C:\Documents and Settings\Maisie\My Documents\Gatorland-April 2015
2015-04-15 13:05 - 2015-04-15 13:05 - 00206816 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx86.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-13 17:23 - 2008-09-13 16:24 - 00000000 ____D () C:\Documents and Settings\Maisie\Local Settings\Temp
2015-05-13 17:19 - 2008-09-13 12:00 - 00000245 __RSH () C:\boot.ini
2015-05-13 17:17 - 2008-09-13 12:13 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2015-05-13 17:17 - 2008-09-13 12:13 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-05-13 17:16 - 2008-09-13 16:20 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-13 17:16 - 2008-09-13 12:10 - 00114968 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-13 06:28 - 2008-09-13 16:24 - 00000278 ___SH () C:\Documents and Settings\Maisie\ntuser.ini
2015-05-13 06:28 - 2008-09-13 16:23 - 00032456 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-13 05:37 - 2012-08-10 11:37 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-13 04:00 - 2014-02-08 16:50 - 00000000 ____D () C:\Program Files\TeamViewer
2015-05-12 21:52 - 2010-05-12 22:02 - 00549357 _____ () C:\WINDOWS\setupapi.log
2015-05-12 21:50 - 2008-09-13 21:59 - 00000000 ____D () C:\Program Files\AVG
2015-05-12 21:11 - 2008-09-13 17:02 - 02093684 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-12 21:03 - 2008-09-13 12:10 - 00273251 _____ () C:\WINDOWS\setupact.log
2015-05-12 20:57 - 2002-08-29 08:00 - 00000644 _____ () C:\WINDOWS\win.ini
2015-05-12 20:57 - 2002-08-29 08:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-05-12 20:26 - 2012-12-11 17:11 - 00000783 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-12 20:26 - 2010-11-11 11:24 - 00000000 ____D () C:\Documents and Settings\Maisie\Application Data\Malwarebytes
2015-05-12 20:26 - 2010-11-11 11:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-05-11 20:47 - 2002-08-29 08:00 - 00012598 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-10 20:33 - 2013-10-07 20:48 - 00000000 ____D () C:\Documents and Settings\Maisie\My Documents\Cindy
2015-05-10 20:30 - 2013-07-13 13:23 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-10 20:30 - 2008-11-24 19:32 - 00000000 __HDC () C:\WINDOWS\$NtServicePackUninstall$
2015-05-07 20:24 - 2014-06-08 21:23 - 00000000 ____D () C:\Documents and Settings\Maisie\My Documents\Isabelle 2014
2015-05-06 17:36 - 2014-07-08 18:41 - 00000000 ____D () C:\Documents and Settings\Maisie\My Documents\Jaxon
2015-05-03 16:48 - 2013-11-19 20:58 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2015-05-03 16:48 - 2008-09-13 16:23 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-04-24 20:56 - 2012-05-04 16:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-04-18 20:48 - 2008-10-15 17:47 - 06470492 __SHC () C:\Documents and Settings\Maisie\My Documents\Thumbs.db
2015-04-15 20:56 - 2008-09-13 16:24 - 00000000 ____D () C:\Documents and Settings\Maisie
2015-04-15 16:37 - 2012-08-10 11:37 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-15 16:37 - 2012-08-10 11:37 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2008-09-14 18:16 - 2010-09-23 16:52 - 0005120 ____C () C:\Documents and Settings\Maisie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some content of TEMP:
====================
C:\Documents and Settings\Maisie\Local Settings\Temp\uninstall.exe


Some zero byte size files/folders:
==========================
C:\Windows\System32\wuauclt.exe
C:\Windows\System32\wuaueng.dll
C:\Windows\System32\wups2.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

[Nabrin]

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-05-2015 01
Ran by Maisie at 2015-05-13 17:24:42
Running from C:\My Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1715567821-813497703-1060284298-500 - Administrator - Enabled)
Guest (S-1-5-21-1715567821-813497703-1060284298-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1715567821-813497703-1060284298-1000 - Limited - Disabled)
Maisie (S-1-5-21-1715567821-813497703-1060284298-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Maisie
SUPPORT_388945a0 (S-1-5-21-1715567821-813497703-1060284298-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5941 - AVG Technologies)
AVG 2015 (Version: 15.0.4342 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5941 - AVG Technologies) Hidden
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - )
Canon MG5300 series On-screen Manual (HKLM\...\Canon MG5300 series On-screen Manual) (Version: - )
Canon MG5300 series User Registration (HKLM\...\Canon MG5300 series User Registration) (Version: - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version: - Microsoft Corporation)
Family Tree Maker (HKLM\...\FTW) (Version: - )
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 5520 series Basic Device Software (HKLM\...\{E8ED5ADB-3EB5-4890-85F6-0FEA13A47EEE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Help (HKLM\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)
HP Photosmart 5520 series Product Improvement Study (HKLM\...\{B58FBD4F-C69A-41C1-94AC-1A47AD946C91}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Intel(R) Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: - )
Macrium Reflect - Free Edition (HKLM\...\{DB35267F-B5C6-495C-8407-75ADC34E759D}) (Version: 4.2.2525 - Macrium)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office XP Media Content (HKLM\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.6.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.6.0 (x86 en-US)) (Version: 31.6.0 - Mozilla)
On Ancient Wings (HKLM\...\On Ancient Wings) (Version: - )
OneTouch Version 3.0 (HKLM\...\OneTouch Version 3.0) (Version: Version 3.0 - Visioneer Inc.)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.34 - Realtek Semiconductor Corp.)
Remove Dogs (HKLM\...\Dogs) (Version: - )
Remove wal-wildanimals (HKLM\...\wal-wildanimals) (Version: - )
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.41459 - TeamViewer)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.0.5 (HKLM\...\VLC media player) (Version: 1.0.5 - VideoLAN Team)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1715567821-813497703-1060284298-1004_Classes\CLSID\{DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611}\InprocServer32 -> C:\Program Files\Macrium\Reflect\RShellExt.dll (Paramount Software UK Ltd)

==================== Restore Points =========================

ATTENTION: System Restore is disabled.
03-02-2015 18:35:33 System Checkpoint
04-02-2015 18:53:01 System Checkpoint
06-02-2015 17:22:16 System Checkpoint
09-02-2015 16:38:32 System Checkpoint
16-02-2015 17:19:30 System Checkpoint
17-02-2015 18:19:04 System Checkpoint
19-02-2015 18:40:41 System Checkpoint
22-02-2015 21:59:41 System Checkpoint
24-02-2015 16:25:09 System Checkpoint
26-02-2015 20:42:44 System Checkpoint
28-02-2015 12:01:26 System Checkpoint
02-03-2015 19:13:26 System Checkpoint
07-03-2015 16:31:26 System Checkpoint
12-03-2015 09:15:08 System Checkpoint
14-03-2015 17:03:47 System Checkpoint
16-03-2015 22:01:22 System Checkpoint
20-03-2015 17:40:49 System Checkpoint
25-03-2015 17:36:20 System Checkpoint
26-03-2015 17:42:11 System Checkpoint
28-03-2015 19:29:50 System Checkpoint
31-03-2015 16:12:11 System Checkpoint
01-04-2015 16:35:15 System Checkpoint
05-04-2015 18:53:38 System Checkpoint
06-04-2015 19:19:24 System Checkpoint
07-04-2015 19:53:25 System Checkpoint
09-04-2015 17:31:54 System Checkpoint
10-04-2015 19:41:21 System Checkpoint
12-04-2015 19:23:41 System Checkpoint
15-04-2015 18:01:47 System Checkpoint
19-04-2015 18:16:25 System Checkpoint
21-04-2015 19:05:32 System Checkpoint
23-04-2015 20:02:43 System Checkpoint
26-04-2015 20:43:35 System Checkpoint
30-04-2015 20:41:00 System Checkpoint
01-05-2015 20:46:57 System Checkpoint
03-05-2015 17:11:24 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2002-08-29 08:00 - 2015-05-07 19:58 - 00000022 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Loaded Modules (whitelisted) ==============

2010-07-29 16:05 - 2010-07-29 15:27 - 00220128 _____ () C:\Program Files\Macrium\Reflect\ReflectService.exe
2015-05-12 22:00 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-05-12 22:00 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-05-12 22:00 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2002-08-29 08:00 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2002-08-29 08:00 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll
2002-08-29 08:00 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1715567821-813497703-1060284298-1004\...\com.tw -> hxxp://asia.msi.com.tw


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1715567821-813497703-1060284298-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Maisie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 65.32.5.111 - 65.32.5.112

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Maisie^Start Menu^Programs^Startup^JL Alpine Advent Calendar.lnk => C:\WINDOWS\pss\JL Alpine Advent Calendar.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Maisie^Start Menu^Programs^Startup^JL Edwardian Advent Calendar.lnk => C:\WINDOWS\pss\JL Edwardian Advent Calendar.lnkStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BMUpdate => C:\WINDOWS\system32\BMUpdate.exe
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: DCOM PNRP Task Client WLAN => C:\socn5y7\nwuynexeibacm.exe
MSCONFIG\startupreg: Host Sharing Config Certificate => C:\rkdnvfdzmmibqpz\jjoehyvl.exe
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: Net.Tcp Publication Block Control Bus Link Trap => C:\gpfmjqwbnfv\qwjkyksrh.exe
MSCONFIG\startupreg: OneTouch Monitor => C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
MSCONFIG\startupreg: PnP-X Builder Reports Proxy Biometric => C:\WINDOWS\system32\lnkctvm.exe
MSCONFIG\startupreg: SoundMan => SOUNDMAN.EXE
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

StandardProfile\AuthorizedApplications: [C:\Program Files\VideoLAN\VLC\vlc.exe] => Enabled:VLC media player
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgnsx.exe] => Enabled:Online Shield
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgdiagex.exe] => Enabled:AVG Diagnostics 2015
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgemcx.exe] => Enabled:Personal Email Scanner
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/12/2015 10:02:43 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/12/2015 10:02:43 PM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/12/2015 08:16:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application lnkctvm.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x8d3a0f8e.
Processing media-specific event for [lnkctvm.exe!ws!]

Error: (05/11/2015 08:48:26 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 1191103967.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (05/11/2015 08:47:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mmlsqwadbwr.exe, version 0.0.0.0, faulting module mmlsqwadbwr.exe, version 0.0.0.0, fault address 0x0010d33a.
Processing media-specific event for [mmlsqwadbwr.exe!ws!]

Error: (05/03/2015 04:38:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mmlsqwadbwr.exe, version 0.0.0.0, faulting module mmlsqwadbwr.exe, version 0.0.0.0, fault address 0x0010d33a.
Processing media-specific event for [mmlsqwadbwr.exe!ws!]

Error: (02/18/2015 09:34:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application thunderbird.exe, version 31.4.0.5487, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/14/2015 09:12:27 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 786972443.

Error: (02/14/2015 09:11:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application thunderbird.exe, version 31.4.0.5487, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/11/2015 04:41:35 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 686128560.


System errors:
=============
Error: (05/13/2015 05:17:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
MpFilter

Error: (05/13/2015 05:17:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (05/13/2015 05:17:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (05/13/2015 05:17:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (05/13/2015 05:17:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (05/13/2015 05:17:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (05/12/2015 10:02:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (05/12/2015 10:02:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (05/12/2015 09:11:41 PM) (Source: DCOM) (EventID: 10005) (User: MAISIE-PC)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (05/12/2015 09:01:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
MpFilter


Microsoft Office Sessions:
=========================
Error: (05/12/2015 10:02:43 PM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.co...throotstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/12/2015 10:02:43 PM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.co...throotstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (05/12/2015 08:16:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: lnkctvm.exe0.0.0.0unknown0.0.0.08d3a0f8e

Error: (05/11/2015 08:48:26 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: 1191103967

Error: (05/11/2015 08:47:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mmlsqwadbwr.exe0.0.0.0mmlsqwadbwr.exe0.0.0.00010d33a

Error: (05/03/2015 04:38:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mmlsqwadbwr.exe0.0.0.0mmlsqwadbwr.exe0.0.0.00010d33a

Error: (02/18/2015 09:34:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: thunderbird.exe31.4.0.5487hungapp0.0.0.000000000

Error: (02/14/2015 09:12:27 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: 786972443

Error: (02/14/2015 09:11:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: thunderbird.exe31.4.0.5487hungapp0.0.0.000000000

Error: (01/11/2015 04:41:35 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: 686128560


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz
Percentage of memory in use: 29%
Total physical RAM: 2039.48 MB
Available physical RAM: 1428.64 MB
Total Pagefile: 3935.6 MB
Available Pagefile: 3486.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1924.95 MB

==================== Drives ================================

Drive c: (system) (Fixed) (Total:232.88 GB) (Free:178.59 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Images) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: CFDDCFDD)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================

There is definitely some infection present.

ATTENTION: System Restore is disabled.

Are you aware of it?
If not can you turn system restore back on?

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
  
  
  
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  
  
  
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the Scan Log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

[Nabrin]

RogueKiller V10.6.3.0 [May 11 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Maisie [Administrator]
Started from : C:\My Downloads\RogueKiller.exe
Mode : Delete -- Date : 05/14/2015 18:42:33

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Not selected
[Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Not selected
[Orphan] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {95B7759C-8C7F-4BF1-B163-73684A933233} : -> Not selected
[PUP] HKEY_USERS\S-1-5-21-1715567821-813497703-1060284298-1004\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} : -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vToolbarUpdater15.3.0 (C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vToolbarUpdater15.3.0 (C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe) -> Not selected
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vToolbarUpdater15.3.0 (C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe) -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1715567821-813497703-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0 -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] Microsoft Antimalware Scheduled Scan.job -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> Not selected

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS\system32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] c515bc37109a8a2d7ac16c25ee6fc3bc
[BSP] 738d18cd4ffe4e6b9b3f638db3dde6f5 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 238464 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Multi Flash Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_05142015_183729.log

[Nabrin]

Running Mal now. Should I do a System Backup since restore was off? I did turn it back on.

We are leaning toward getting her a new computer since this one is XP based and is pretty old.

[Broni]

I did turn it back on.

That's all you had to do.

[Nabrin]

Not able to get to her computer tonight. Will try to post more logs tomorrow.

[Broni]

No problem

[Broni]

Still with me?

[Broni]

This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.