Tech Support Guy banner
Status
Not open for further replies.

Avast refuse to install...

Solved 
3K views 16 replies 5 participants last post by  dvk01 
#1 ·
Hi

I am trying to install Avast on my XP machine but it stops with "Avira detected etc....." and refuses to install.

I have uninstalled Avira via Control Panel and with Avira removal tool to no avail.

Any suggestion what else I can do to remove Avira completely?

Attached find hijackthis.log

Mekan
 

Attachments

#4 ·
That is to protect you; you should never have two AV's running at the same time, as they can cancel themselves out. If you want to use Avast as opposed to Avira, you will need to remove Avira first.
 
#8 ·
After reading about Avira AntiVir Removal Tool, it is not for removing Avira!
For all those experiencing the damaging effects of a virus infection, Avira's researchers have prepared a removal tool, which can be used to eliminate major distinct threats.
======
Registry cleaners are not recommended on this forum.
However, this product is made by Avira to specifically remove its products registry files.
It will list and remove the following.
'Avira Management Console
Avira Update Manager
Avira Anti-Virus
Avira System Speedup
Avira Server Security'
http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/902
======
To save possibly adding to your problem back up the registry before running the cleaner above.
Registry Backup program.
http://www.bleepingcomputer.com/download/registry-backup/
Download to your desktop, install and run the program and click on Backup Now.
 
#9 ·
Ok - Avast still refuses to install....still reports Avira presence plus an error message - could not find selected directory to install Avast -

And

I then ran Malwarebytes which completed its scan but displayed from early on during the scan this: One of the files containing the system's Registry data had to be recovered by use of a log or alternate copy. The recovery was successful.

After restarting the pc and running Malwarebytes again the same message appeared........ anyway, windows is working normally perhaps a bit slow.
 
#10 ·
There have ben known problems over the years with Avira & several other antiviruses that when removed left behind traces in WMI interface so another antivirus that looks in WMI interface thinks it is still installed and refuses to install

I have to strongly warn you that XP is not supported and is very vulnerable and no matter what Antivirus you do install, you are seriously at risk

please do this so we can try to remove all traces of avira
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to download and run the 32 bit version

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 
#11 ·
There is a possible, but rather drastic, solution, one involving using Resplendence's Registrar Registry Manager, I believe a free version still exists. Only after making one or two full-images of your OS partition onto one or two external usb hard-drives should you try this:
Search for "Avira" and let RRM remove each and every Avira trace.
I've done something like that number of times, however, know that I have at least two backups of C on at least 2 usb ext HDs.
 
#12 ·
Hi
FRST scan results included:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-01-2016
Ran by Administrator (administrator) on ENZO (29-01-2016 07:27:09)
Running from C:\Documents and Settings\Betty\Desktop
Loaded Profiles: Betty & Administrator (Available Profiles: Kobus & Betty & Mari-Louise & Chantel & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.29.1\GoogleCrashHandler.exe
( ) C:\WINDOWS\system32\lxeecoms.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
() C:\WINDOWS\system32\PSIService.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
() C:\Program Files\Lexmark Pro700 Series\lxeemon.exe
() C:\Program Files\Lexmark Pro700 Series\ezprint.exe
(Seagate) C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
(Seagate) C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
(Seagate) C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
(Acronis) C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Rokario Software) C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Opera Software) C:\Program Files\Opera\34.0.2036.50\opera.exe
(Opera Software) C:\Program Files\Opera\34.0.2036.50\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\34.0.2036.50\opera.exe
(Opera Software) C:\Program Files\Opera\34.0.2036.50\opera.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Opera Software) C:\Program Files\Opera\34.0.2036.50\opera.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio] => RunDll32 cmicnfg.cpl,CMICtrlWnd
HKLM\...\Run: [Adobe Photo Downloader] => C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [63712 2007-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [lxeemon.exe] => C:\Program Files\Lexmark Pro700 Series\lxeemon.exe [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark Pro700 Series\ezprint.exe [139944 2009-10-01] ()
HKLM\...\Run: [Lexmark Pro700 Series Fax Server] => C:\Program Files\Lexmark Pro700 Series\fm3032.exe [316072 2009-10-01] ()
HKLM\...\Run: [DiscWizardMonitor.exe] => C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe [1325936 2009-10-16] (Seagate)
HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe [904840 2009-10-16] (Acronis)
HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe [136544 2009-10-16] (Seagate)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [QuickFinder Scheduler] => C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE [77892 2005-12-01] (Corel Corporation)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-01-27] (Apple Inc.)
HKLM\...\Run: [MobileBroadband] => C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
HKLM\...\Run: [Corel Photo Downloader] => "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
HKLM\...\Run: [Corel File Shell Monitor] => C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [16200 2007-10-30] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-1454471165-606747145-839522115-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1454471165-606747145-839522115-1004\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-1454471165-606747145-839522115-1004\...\Run: [bandmon] => C:\Program Files\Rokario\Bandwidth Monitor\bandmon.exe [1529856 2008-06-01] (Rokario Software)
HKU\S-1-5-21-1454471165-606747145-839522115-1004\...\MountPoints2: {037f5307-74f4-11e1-a939-00138f88568c} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1454471165-606747145-839522115-1004\...\MountPoints2: {38a75ea5-74f7-11e1-a93b-00138f88568c} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1454471165-606747145-839522115-1004\...\MountPoints2: {4bfd7ef3-00ae-11e2-aa5d-00138f88568c} - F:\LaunchU3.exe -a
HKU\S-1-5-21-1454471165-606747145-839522115-1004\...\MountPoints2: {6553dba7-3c4c-11e5-b0fe-00138f88568c} - F:\autorun.exe
HKU\S-1-5-21-1454471165-606747145-839522115-1004\...\MountPoints2: {83971732-78c2-11e1-a93d-00138f88568c} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1454471165-606747145-839522115-1004\...\MountPoints2: {83971733-78c2-11e1-a93d-00138f88568c} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1454471165-606747145-839522115-1004\...\MountPoints2: {83971734-78c2-11e1-a93d-00138f88568c} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1454471165-606747145-839522115-1004\...\MountPoints2: {dc1171f4-6e89-11e1-a932-00138f88568c} - G:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1454471165-606747145-839522115-1004\...\MountPoints2: {f9d0aa7a-78cd-11e1-a93f-00138f88568c} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1454471165-606747145-839522115-1004\...\MountPoints2: {f9d0aa7b-78cd-11e1-a93f-00138f88568c} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1454471165-606747145-839522115-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sstext3d.scr [679936 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_17_0_0_188_pepper.exe -update pepperplugin
Lsa: [Authentication Packages] msv1_0 relog_ap
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Startup: C:\Documents and Settings\Betty\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2012-02-17]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Kobus\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2010-05-23]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Kobus.ENZO\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-08-24]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Mari-Louise.ENZO\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2012-03-30]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.2
Tcpip\..\Interfaces\{DA97B67B-F690-4D11-B0B8-94944EA862DD}: [DhcpNameServer] 192.168.1.2

Internet Explorer:
==================
HKU\S-1-5-21-1454471165-606747145-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.za/
HKU\S-1-5-21-1454471165-606747145-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1454471165-606747145-839522115-1004\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: [S-1-5-21-1454471165-606747145-839522115-500] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-1454471165-606747145-839522115-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Lexmark Toolbar -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll [2008-05-22] ()
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-11-12] (Oracle Corporation)
BHO: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll [2008-05-22] ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-12] (Oracle Corporation)
Toolbar: HKLM - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll [2008-05-22] ()
Toolbar: HKU\S-1-5-21-1454471165-606747145-839522115-1004 -> Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll [2008-05-22] ()
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> E:\Picasa3\npPicasa3.dll [2012-02-23] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-12] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-04-03] [not signed]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S2 lxeeCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeeserv.exe [193192 2010-04-14] (Lexmark International, Inc.)
R2 lxee_device; C:\WINDOWS\system32\lxeecoms.exe [598696 2010-04-14] ( )
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [69632 2004-09-29] (HP) [File not signed]
R2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [177704 2007-06-05] ()
R2 SgtSch2Svc; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [431456 2009-10-16] (Seagate)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\WINDOWS\system32\ampa.sys [12656 2013-12-18] ()
R3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [1373120 2006-06-09] (C-Media Inc)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51120 2005-03-08] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-03-08] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2005-03-08] (HP)
R3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [220032 2004-08-04] (Conexant Systems, Inc.)
R3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [1041536 2004-08-04] (Conexant Systems, Inc.)
S3 massfilter; C:\WINDOWS\System32\DRIVERS\massfilter.sys [9216 2010-09-08] (MBB Incorporated)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15576 2013-07-01] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10200 2013-07-01] ()
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [45568 2002-06-13] (Realtek Semiconductor Corporation)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R0 tdrpman; C:\WINDOWS\System32\DRIVERS\tdrpman.sys [368480 2012-02-22] (Acronis)
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44384 2012-02-22] (Acronis)
S3 usbsnoop; C:\WINDOWS\System32\drivers\usbsnoop.sys [40896 2012-03-23] (SniffUsb/UsbSnoop Project)
R3 vodafone_K3805-z_dc_enum; C:\WINDOWS\System32\DRIVERS\vodafone_K3805-z_dc_enum.sys [80000 2010-09-01] (Vodafone)
R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [685056 2004-08-04] (Conexant Systems, Inc.)
S3 ZTEusbnet; C:\WINDOWS\System32\DRIVERS\ZTEusbnet.sys [114688 2010-09-08] (ZTE Corporation)
S3 ZTEusbvoice; C:\WINDOWS\System32\DRIVERS\ZTEusbvoice.sys [105856 2010-09-08] (ZTE Incorporated)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-29 07:27 - 2016-01-29 07:27 - 00017595 _____ C:\Documents and Settings\Betty\Desktop\FRST.txt
2016-01-29 07:25 - 2016-01-29 07:27 - 00000000 ____D C:\FRST
2016-01-29 07:20 - 2016-01-29 07:20 - 01721856 _____ (Farbar) C:\Documents and Settings\Betty\Desktop\FRST.exe
2016-01-26 20:59 - 2016-01-27 06:08 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-01-25 14:33 - 2016-01-25 14:33 - 00000649 _____ C:\Documents and Settings\Betty\Desktop\Perfect Uninstaller.lnk
2016-01-25 14:33 - 2016-01-25 14:33 - 00000042 _____ C:\WINDOWS\system32\AK083E209605E394C.lie
2016-01-25 14:33 - 2016-01-25 14:33 - 00000000 ____D C:\Program Files\Perfect Uninstaller
2016-01-25 14:33 - 2016-01-25 14:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Perfect Uninstaller
2016-01-25 13:47 - 2016-01-25 13:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2016-01-25 12:13 - 2016-01-29 07:27 - 00000000 ____D C:\Documents and Settings\Administrator.ENZO\Local Settings\Temp
2016-01-25 12:13 - 2016-01-25 12:34 - 00000178 ___SH C:\Documents and Settings\Administrator.ENZO\ntuser.ini
2016-01-25 12:13 - 2016-01-25 12:13 - 00000000 ____D C:\Documents and Settings\Administrator.ENZO
2016-01-25 12:13 - 2012-02-16 19:53 - 00000000 __SHD C:\Documents and Settings\Administrator.ENZO\IETldCache
2016-01-25 12:13 - 2012-02-16 19:53 - 00000000 ____D C:\Documents and Settings\Administrator.ENZO\Application Data\Macromedia
2016-01-25 12:13 - 2012-02-16 14:00 - 00001599 _____ C:\Documents and Settings\Administrator.ENZO\Start Menu\Programs\Remote Assistance.lnk
2016-01-25 12:13 - 2012-02-16 14:00 - 00000792 _____ C:\Documents and Settings\Administrator.ENZO\Start Menu\Programs\Windows Media Player.lnk
2016-01-25 12:13 - 2010-05-23 21:55 - 00000000 ____D C:\Documents and Settings\Administrator.ENZO\Local Settings\Application Data\Microsoft Help
2016-01-25 12:13 - 2006-06-04 07:01 - 00000000 ____D C:\Documents and Settings\Administrator.ENZO\My Documents
2016-01-24 16:40 - 2016-01-24 16:41 - 05080376 _____ (AVAST Software) C:\Documents and Settings\All Users\Desktop\avast_free_antivirus_setup_online.exe
2016-01-23 20:37 - 2016-01-23 20:37 - 00000000 ____D C:\Documents and Settings\Mari-Louise.ENZO\.oracle_jre_usage
2016-01-11 08:36 - 2016-01-21 07:27 - 00174786 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1454471165-606747145-839522115-1004-0.dat
2016-01-07 20:31 - 2016-01-24 00:10 - 00174786 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2016-01-07 17:18 - 2016-01-25 07:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2016-01-07 08:54 - 2016-01-07 08:54 - 00000552 _____ C:\WINDOWS\system32\d3d8caps.dat
2016-01-07 08:22 - 2016-01-07 08:22 - 00000000 ____D C:\WINDOWS\CSC
2016-01-07 07:54 - 2016-01-25 12:23 - 00556596 _____ C:\WINDOWS\ntbtlog.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-29 07:24 - 2006-09-03 08:15 - 00000000 ____D C:\Documents and Settings\Betty\Local Settings\Temp
2016-01-29 07:01 - 2014-02-22 18:58 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-29 06:53 - 2014-09-12 17:36 - 00000398 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1410535735.job
2016-01-29 06:53 - 2013-12-28 09:17 - 00186097 _____ C:\WINDOWS\system32\nvapps.xml
2016-01-29 06:53 - 2004-08-04 14:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2016-01-29 06:52 - 2014-03-10 19:12 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-01-29 06:52 - 2014-02-22 18:58 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-29 06:52 - 2014-01-23 23:47 - 00000300 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1454471165-606747145-839522115-1004.job
2016-01-29 06:52 - 2014-01-23 23:40 - 00000278 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1454471165-606747145-839522115-1004.job
2016-01-29 06:52 - 2012-02-16 14:03 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-28 23:02 - 2012-02-16 14:06 - 00000178 ___SH C:\Documents and Settings\Betty\ntuser.ini
2016-01-28 23:02 - 2012-02-16 14:03 - 00032508 _____ C:\WINDOWS\SchedLgU.Txt
2016-01-28 22:43 - 2012-05-02 09:41 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-28 05:05 - 2015-07-27 19:14 - 00000000 ____D C:\Documents and Settings\Betty\Desktop\DENTISTRY
2016-01-27 16:35 - 2015-07-13 18:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-01-27 05:59 - 2011-11-10 19:36 - 00000000 ____D C:\Documents and Settings\Betty\Desktop\Tools
2016-01-26 17:02 - 2012-02-17 17:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2619339$
2016-01-26 09:38 - 2014-11-13 22:22 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-26 09:38 - 2014-08-14 19:00 - 00000000 ____D C:\Program Files\Foxtab
2016-01-26 09:38 - 2012-05-02 21:36 - 00000000 ____D C:\Program Files\Conduit
2016-01-25 14:09 - 2006-09-03 08:15 - 00000000 ___RD C:\Documents and Settings\Betty\My Documents
2016-01-25 12:13 - 2006-06-04 06:59 - 00000000 ____D C:\Documents and Settings
2016-01-25 06:54 - 2006-09-03 08:15 - 00000000 ____D C:\Documents and Settings\Betty
2016-01-23 23:34 - 2012-02-19 15:05 - 00000178 ___SH C:\Documents and Settings\Mari-Louise.ENZO\ntuser.ini
2016-01-23 23:34 - 2012-02-19 15:05 - 00000000 ____D C:\Documents and Settings\Mari-Louise.ENZO
2016-01-23 23:25 - 2015-05-15 21:44 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-01-23 20:37 - 2012-02-19 15:05 - 00000000 ____D C:\Documents and Settings\Mari-Louise.ENZO\Local Settings\Temp
2016-01-23 09:13 - 2014-01-23 23:47 - 00000308 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1454471165-606747145-839522115-1004.job
2016-01-20 21:25 - 2014-09-12 17:28 - 00000000 ____D C:\Program Files\Opera
2016-01-19 23:43 - 2012-05-02 09:41 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-01-19 23:43 - 2012-02-17 06:19 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-01-19 21:44 - 2012-02-17 06:00 - 00000178 ___SH C:\Documents and Settings\Chantel.ENZO\ntuser.ini
2016-01-19 21:44 - 2012-02-17 06:00 - 00000000 ____D C:\Documents and Settings\Chantel.ENZO
2016-01-19 21:43 - 2012-02-17 06:00 - 00000000 ____D C:\Documents and Settings\Chantel.ENZO\Local Settings\Temp
2016-01-13 23:47 - 2014-01-23 23:47 - 00000326 _____ C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1454471165-606747145-839522115-1004.job
2016-01-13 07:32 - 2010-05-23 14:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2016-01-13 07:30 - 2013-08-28 00:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-13 07:21 - 2012-02-16 21:52 - 141317472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-09 07:55 - 2014-01-23 23:40 - 00000286 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1454471165-606747145-839522115-1004.job
2016-01-09 00:17 - 2012-10-13 23:09 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-01-08 21:48 - 2012-02-16 13:57 - 00000000 ____D C:\WINDOWS\Registration
2016-01-08 20:16 - 2014-03-10 19:12 - 00000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-01-07 16:32 - 2012-02-17 12:42 - 00000000 ____D C:\Program Files\UPSMON
2016-01-07 16:31 - 2006-06-04 06:59 - 00000000 ____D C:\Documents and Settings\All Users
2016-01-07 15:59 - 2012-02-16 15:37 - 00000000 ___HD C:\WINDOWS\inf
2016-01-07 08:05 - 2012-02-19 15:12 - 00000000 ____D C:\Documents and Settings\Kobus.ENZO
2016-01-07 08:05 - 2006-06-03 23:40 - 00000000 __SHD C:\Documents and Settings\LocalService
2016-01-07 08:05 - 2006-06-03 23:39 - 00000000 __SHD C:\Documents and Settings\NetworkService
2016-01-04 19:17 - 2012-02-19 15:12 - 00000000 ____D C:\Documents and Settings\Kobus.ENZO\Local Settings\Temp

==================== Files in the root of some directories =======

2010-06-27 09:24 - 2010-06-27 09:24 - 0000000 ____N () C:\Documents and Settings\All Users\cmn_upld.log
2010-06-26 13:16 - 2012-02-19 15:12 - 0002268 ____N () C:\Documents and Settings\All Users\FastPics.log
2010-06-26 13:03 - 2016-01-09 15:31 - 1604157 _____ () C:\Documents and Settings\All Users\lxee.log
2010-06-26 13:55 - 2014-11-22 23:18 - 0001663 ____N () C:\Documents and Settings\All Users\lxeeDiagnostics.log
2010-06-26 13:13 - 2012-04-17 15:23 - 0216290 ____N () C:\Documents and Settings\All Users\lxeeJSW.log
2010-06-26 12:25 - 2016-01-29 06:53 - 1174267 _____ () C:\Documents and Settings\All Users\lxeescan.log
2010-06-27 09:24 - 2010-06-27 09:24 - 0000000 ____N () C:\Documents and Settings\All Users\LxWbGwLog.log
2011-04-15 18:13 - 2011-04-15 18:13 - 0707100 ____N () C:\Documents and Settings\All Users\SPL11.tmp
2012-09-25 21:33 - 2012-09-25 21:33 - 4616759 ____N () C:\Documents and Settings\All Users\SPL12F.tmp
2012-08-14 21:27 - 2012-08-14 21:27 - 7368909 ____N () C:\Documents and Settings\All Users\SPL14.tmp
2012-11-11 19:50 - 2012-11-11 19:50 - 0049208 ____N () C:\Documents and Settings\All Users\SPL17.tmp
2013-07-30 21:38 - 2013-07-30 21:39 - 13934521 ____N () C:\Documents and Settings\All Users\SPL23.tmp
2015-01-05 17:30 - 2015-01-05 17:30 - 0180708 ____N () C:\Documents and Settings\All Users\SPL76.tmp
2011-03-02 21:09 - 2011-03-02 21:09 - 1335844 ____N () C:\Documents and Settings\All Users\SPLE6.tmp
2012-03-09 21:24 - 2012-03-09 21:25 - 2493758 ____N () C:\Documents and Settings\All Users\SPLF9.tmp
2010-06-26 12:18 - 2010-06-26 12:18 - 0000000 ____N () C:\Documents and Settings\All Users\UpdaterLog.txt
2006-11-09 05:30 - 2006-11-09 05:32 - 0000021 ____H () C:\Documents and Settings\All Users\Application Data\.24554863501262644635642126105
2012-05-06 13:43 - 2012-05-06 13:43 - 0000000 ____N () C:\Documents and Settings\All Users\Application Data\44f845e51de9e0e05ccad780aca9e45e_c
2006-08-10 07:02 - 2012-03-09 23:54 - 0003661 ____N () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2010-05-23 14:14 - 2010-05-23 14:14 - 0000000 ____N () C:\Documents and Settings\All Users\Application Data\Images
2010-05-23 14:14 - 2010-05-23 14:14 - 0000000 ____N () C:\Documents and Settings\All Users\Application Data\Internet Services
2009-04-03 22:40 - 2010-05-23 14:14 - 0000000 ____H () C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2007-01-27 17:20 - 2007-10-26 21:54 - 0001739 ____N () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2006-11-29 08:28 - 2006-11-29 08:28 - 0013030 ____N () C:\Documents and Settings\All Users\Application Data\xml91.tmp
2006-11-29 08:28 - 2006-11-29 08:28 - 0003196 ____N () C:\Documents and Settings\All Users\Application Data\xml92.tmp

Files to move or delete:
====================
C:\Documents and Settings\Betty\TempWmicBatchFile.bat

Some files in TEMP:
====================
C:\Documents and Settings\Betty\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\Betty\Local Settings\Temp\AutoRunGUI.dll
C:\Documents and Settings\Betty\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Betty\Local Settings\Temp\borlndlm.dll
C:\Documents and Settings\Betty\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5ytdf3.dll
C:\Documents and Settings\Betty\Local Settings\Temp\EAD3.exe
C:\Documents and Settings\Betty\Local Settings\Temp\EAD4.exe
C:\Documents and Settings\Betty\Local Settings\Temp\EAD5.exe
C:\Documents and Settings\Betty\Local Settings\Temp\EAD6.exe
C:\Documents and Settings\Betty\Local Settings\Temp\EADC.exe
C:\Documents and Settings\Betty\Local Settings\Temp\First15.exe
C:\Documents and Settings\Betty\Local Settings\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Documents and Settings\Betty\Local Settings\Temp\jre-7u13-windows-i586-iftw.exe
C:\Documents and Settings\Betty\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\Betty\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\Betty\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\Betty\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\Betty\Local Settings\Temp\jre-7u71-windows-i586-iftw.exe
C:\Documents and Settings\Betty\Local Settings\Temp\jre-8u40-windows-au.exe
C:\Documents and Settings\Betty\Local Settings\Temp\jre-8u51-windows-au.exe
C:\Documents and Settings\Betty\Local Settings\Temp\jre-8u65-windows-au.exe
C:\Documents and Settings\Betty\Local Settings\Temp\lowproc.exe
C:\Documents and Settings\Betty\Local Settings\Temp\ose00000.exe
C:\Documents and Settings\Betty\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\Betty\Local Settings\Temp\sfamcc00001.dll
C:\Documents and Settings\Betty\Local Settings\Temp\sfextra.dll
C:\Documents and Settings\Betty\Local Settings\Temp\stubhelper.dll
C:\Documents and Settings\Betty\Local Settings\Temp\UninstallEADM.dll
C:\Documents and Settings\Betty\Local Settings\Temp\VP6Install.exe
C:\Documents and Settings\Betty\Local Settings\Temp\VP6VFW.dll
C:\Documents and Settings\Chantel.ENZO\Local Settings\Temp\AutoRun.exe
C:\Documents and Settings\Chantel.ENZO\Local Settings\Temp\AutoRunGUI.dll
C:\Documents and Settings\Chantel.ENZO\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Chantel.ENZO\Local Settings\Temp\fp_pl_pfs_installer.exe
C:\Documents and Settings\Chantel.ENZO\Local Settings\Temp\jre-7u60-windows-i586-iftw.exe
C:\Documents and Settings\Chantel.ENZO\Local Settings\Temp\jre-8u31-windows-au.exe
C:\Documents and Settings\Chantel.ENZO\Local Settings\Temp\jre-8u45-windows-au.exe
C:\Documents and Settings\Kobus\Local Settings\Temp\sfamcc00001.dll
C:\Documents and Settings\Kobus\Local Settings\Temp\sfextra.dll
C:\Documents and Settings\Mari-Louise.ENZO\Local Settings\Temp\avgnt.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version:27-01-2016
Ran by Administrator (2016-01-29 07:28:38)
Running from C:\Documents and Settings\Betty\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2012-02-16 12:02:12)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1454471165-606747145-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.ENZO
ASPNET (S-1-5-21-1454471165-606747145-839522115-1007 - Limited - Enabled)
Betty (S-1-5-21-1454471165-606747145-839522115-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Betty
Chantel (S-1-5-21-1454471165-606747145-839522115-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Chantel.ENZO
Guest (S-1-5-21-1454471165-606747145-839522115-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1454471165-606747145-839522115-1000 - Limited - Disabled)
Kobus (S-1-5-21-1454471165-606747145-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Kobus.ENZO
Mari-Louise (S-1-5-21-1454471165-606747145-839522115-1005 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Mari-Louise.ENZO
SUPPORT_388945a0 (S-1-5-21-1454471165-606747145-839522115-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe® Photoshop® Album Starter Edition 3.2 (HKLM\...\Adobe® Photoshop® Album Starter Edition 3.2) (Version: 3.2.0 - hxxp://www.adobe.com)
Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
AiO_Scan (Version: 50.0.227.000 - Hewlett-Packard) Hidden
AOMEI Partition Assistant Standard Edition 5.8 (HKLM\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.)
Apple Application Support (32-bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Blackboard Collaborate Launcher (HKLM\...\{7D82D616-8BD8-4BE3-B19C-C4BC772E8426}) (Version: 1.2.0.0 - Blackboard)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bundled software uninstaller (HKLM\...\bi_uninstaller) (Version: - ) <==== ATTENTION
C-Media 3D Audio (HKLM\...\C-Media Audio) (Version: - )
C-Media WDM Audio Driver (HKLM\...\C-Media Audio Driver) (Version: - )
Corel Paint Shop Pro Photo X2 (HKLM\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.010.0000 - Corel Corporation)
DolbyFiles (Version: 0.1 - Nero AG) Hidden
doPDF 6.2 printer (HKLM\...\doPDF 6 printer_is1) (Version: - Softland)
Dropbox (HKU\S-1-5-21-1454471165-606747145-839522115-1004\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
HP PSC & OfficeJet 5.3.B (HKLM\...\{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}) (Version: - HP)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
Lexmark Printable Web (HKLM\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
Lexmark Pro700 Series (HKLM\...\Lexmark Pro700 Series) (Version: - Lexmark International, Inc.)
Lexmark Toolbar (HKLM\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version: 4.3.37.0 - )
Lexmark Tools for Office (HKLM\...\{10812DE7-2E57-4740-B226-6B3BE34AF9D7}) (Version: 1.29.0.0 - )
LightScribe System Software (HKLM\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Menu Templates - Starter Kit (Version: 9.4.2.0 - Nero AG) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM\...\Age of Empires 2.0) (Version: - )
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MiniTool Partition Wizard Home Edition 8.0 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Movie Templates - Starter Kit (Version: 9.4.2.0 - Nero AG) Hidden
Mozilla Firefox 44.0 (x86 en-US) (HKLM\...\Mozilla Firefox 44.0 (x86 en-US)) (Version: 44.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 44.0.0.5866 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{C3FFB7B4-F56A-4C85-8FB1-FAEC9D557732}) (Version: 6.10.1072.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM\...\{a695b664-d7de-447a-9c59-7a5f7a3ed9af}) (Version: - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )
Opera Stable 34.0.2036.50 (HKLM\...\Opera 34.0.2036.50) (Version: 34.0.2036.50 - Opera Software)
Origin (HKLM\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Perfect Uninstaller v6.3.4.0 (HKLM\...\Perfect Uninstaller_is1) (Version: - www.PerfectUninstaller.com)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
Python 2.6.5 (HKLM\...\{4723f199-fa64-4233-8e6e-9fccc95a18ee}) (Version: 2.6.5150 - Python Software Foundation)
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RTLSetup for Realtek RTL8139/810x Family NIC 3.00 (HKLM\...\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}) (Version: - )
Scan (Version: 5.2.0.0 - Hewlett-Packard) Hidden
Seagate DiscWizard (HKLM\...\{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}) (Version: 11.0.8326 - Seagate)
SeaTools for Windows (HKLM\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.6 - Seagate Technology)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
The Sims 2 (HKLM\...\{8AB8D458-939E-403F-0097-9BA1C1F013D5}) (Version: - )
The Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Manager (Version: 4.60 - Corel Corporation) Hidden
VarieDrop 1.1.5.0 (HKLM\...\VarieDrop_is1) (Version: - Hiroshi Inagaki)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 1.0.0.0 - Microsoft Corporation)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WordPerfect Office X3 (HKLM\...\{83FBD495-DDF6-4C8D-92D6-10261DD6F6A3}) (Version: 13.0 - Corel Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Betty\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{037FB476-15E0-4ED1-B11A-E420B750B1A8}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{2837E0FE-686B-4CB0-BE53-0EA097EAF71B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{5AFAFE48-7107-4FE5-B21A-86A4254541DD}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{5B7524C8-2446-40E9-9474-94A779DBA224}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{621D3650-F1D3-414C-97F9-03A02B211261}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{623E415A-22EF-4DAA-A2FF-E68E77A673C9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{885BB46A-3F1E-44C3-A01B-A7D9260CC98B}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\dwusplay.dll (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{915C2CEB-216B-4B7C-89E4-9ED3512D58D9}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{92C5E738-7372-4CD6-BE57-15833624EBF3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{9CAAD2EA-177B-4D07-871F-47255B5D30F3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{B391A1DB-28C8-4506-A43C-5BD6051F16BA}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{E42CE23D-69F9-480A-A15F-BFF5E4D170C3}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{E50C953D-311A-481B-8F8D-C55E65AF7417}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Betty\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{E9880553-B8A7-4960-A668-95C68BED571E}\InprocServer32 -> C:\WINDOWS\Downloaded Program Files\isusweb.dll (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{E9A93328-79D4-4AED-A778-146E7191F8BC}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\ISDM.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Betty\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{F1522EC1-F84F-4CE2-A38C-F9384B0DFD41}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)
CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Betty\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Betty\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Betty\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Betty\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Betty\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Betty\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Betty\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Betty\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1454471165-606747145-839522115-1004_Classes\CLSID\{FFF2D28F-E4EE-44D9-8104-8E71556757F6}\localserver32 -> C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (Macrovision Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_20_0_0_286_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1410535735.job => C:\Program Files\Opera\launcher.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1454471165-606747145-839522115-1004.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1454471165-606747145-839522115-1004.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1454471165-606747145-839522115-1004.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1454471165-606747145-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1454471165-606747145-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-02-17 19:15 - 2009-05-18 14:39 - 00049152 ____N () C:\WINDOWS\system32\LXEEPMON.DLL
2012-02-17 19:15 - 2009-01-13 15:15 - 04485120 ____N () C:\WINDOWS\system32\LXEEOEM.DLL
2012-02-17 19:14 - 2009-05-18 14:38 - 00032768 ____N () C:\Program Files\Lexmark Pro700 Series\ipcmt.dll
2012-02-17 19:17 - 2009-11-04 08:14 - 00157696 ____N () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxeedrpp.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-01-25 14:33 - 2011-11-02 17:21 - 00411024 _____ () C:\Program Files\Perfect Uninstaller\Contextmenu.dll
2007-06-05 13:20 - 2007-06-05 13:20 - 00177704 ____N () C:\WINDOWS\system32\PSIService.exe
2012-02-17 19:13 - 2011-01-23 19:37 - 00770728 ____N () C:\Program Files\Lexmark Pro700 Series\lxeemon.exe
2012-02-17 19:13 - 2010-04-01 12:23 - 00389120 ____N () C:\Program Files\Lexmark Pro700 Series\lxeescw.dll
2012-02-17 19:16 - 2009-05-27 14:16 - 00192512 ____N () C:\WINDOWS\system32\spool\drivers\w32x86\3\lxeedatr.dll
2012-02-17 19:13 - 2010-04-01 12:24 - 01159168 ____N () C:\Program Files\Lexmark Pro700 Series\lxeeDRS.dll
2012-02-17 19:12 - 2009-03-10 07:43 - 00155648 ____N () C:\Program Files\Lexmark Pro700 Series\lxeecaps.dll
2012-02-17 19:10 - 2009-02-20 10:48 - 00299008 ____N () C:\WINDOWS\system32\lxeesm.dll
2012-02-17 19:10 - 2009-02-20 10:48 - 00023552 ____N () C:\WINDOWS\system32\lxeesmr.dll
2012-02-17 19:12 - 2009-10-01 17:41 - 00139944 ____N () C:\Program Files\Lexmark Pro700 Series\ezprint.exe
2012-02-17 19:12 - 2009-03-30 14:37 - 00708608 ____N () C:\Program Files\Lexmark Pro700 Series\Epwizard.DLL
2012-02-17 19:12 - 2009-03-30 14:35 - 00159744 ____N () C:\Program Files\Lexmark Pro700 Series\customui.dll
2012-02-17 19:12 - 2009-03-30 14:35 - 00118784 ____N () C:\Program Files\Lexmark Pro700 Series\Eputil.DLL
2012-02-17 19:12 - 2009-03-30 14:35 - 00139264 ____N () C:\Program Files\Lexmark Pro700 Series\Imagutil.DLL
2012-02-17 19:12 - 2009-03-30 14:35 - 00061440 ____N () C:\Program Files\Lexmark Pro700 Series\Epfunct.DLL
2012-02-17 19:12 - 2010-04-05 05:56 - 02203803 ____N () C:\Program Files\Lexmark Pro700 Series\EPWizRes.dll
2012-02-17 19:12 - 2009-03-30 14:37 - 00045056 ____N () C:\Program Files\Lexmark Pro700 Series\epstring.dll
2012-02-17 19:12 - 2009-03-30 14:37 - 00094208 ____N () C:\Program Files\Lexmark Pro700 Series\EPOEMDll.dll
2012-02-17 19:12 - 2009-04-07 21:25 - 00409600 ____N () C:\Program Files\Lexmark Pro700 Series\iptk.dll
2012-02-17 19:13 - 2009-03-02 16:25 - 00151552 ____N () C:\Program Files\Lexmark Pro700 Series\lxeeptp.dll
2009-10-16 17:59 - 2009-10-16 17:59 - 01328480 ____N () C:\Program Files\Seagate\DiscWizard\fox.dll
2007-10-30 19:52 - 2007-10-30 19:52 - 00016200 ____N () C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
2016-01-20 21:24 - 2016-01-20 21:24 - 61568120 _____ () C:\Program Files\Opera\34.0.2036.50\opera.dll
2004-08-04 14:00 - 2008-04-14 05:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 14:00 - 2008-04-14 05:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 14:00 - 2004-08-04 14:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1454471165-606747145-839522115-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Betty\Application Data\Mozilla\Firefox\Desktop Background.bmp
HKU\S-1-5-21-1454471165-606747145-839522115-500\Control Panel\Desktop\\Wallpaper -> (None)
DNS Servers: 192.168.1.2
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\lxeecoms.exe] => Enabled:pro700 Series Server
StandardProfile\AuthorizedApplications: [C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe] => Enabled:ABBYY FineReader
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe] => Enabled:hpqscnvw.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Electronic Arts\EADM\Core.exe] => Enabled:EA Download Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD] => Enabled:Age of Empires II
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dplaysvr.exe] => Enabled:Microsoft DirectPlay Helper
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Betty\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Chantel.ENZO\Local Settings\Application Data\Blackboard\Blackboard Collaborate Launcher\embedded\Java\jre1.7.0_40\bin\javaw.exe] => Enabled:Java(TM) Platform SE binary
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:mad:xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:mad:xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:mad:xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:mad:xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

==================== Restore Points =========================

08-01-2016 22:38:19 System Checkpoint
09-01-2016 07:33:00 System Checkpoint
10-01-2016 07:52:01 System Checkpoint
11-01-2016 19:40:39 System Checkpoint
12-01-2016 19:49:40 System Checkpoint
13-01-2016 07:20:49 Software Distribution Service 3.0
14-01-2016 21:55:15 System Checkpoint
15-01-2016 22:06:02 System Checkpoint
17-01-2016 15:46:44 System Checkpoint
18-01-2016 20:51:24 System Checkpoint
19-01-2016 22:25:42 System Checkpoint
21-01-2016 16:08:03 System Checkpoint
23-01-2016 09:11:09 System Checkpoint
24-01-2016 17:13:08 System Checkpoint
25-01-2016 17:36:04 System Checkpoint
26-01-2016 18:08:40 System Checkpoint
27-01-2016 18:40:31 System Checkpoint
28-01-2016 20:12:39 System Checkpoint

==================== Faulty Device Manager Devices =============

Name: Video Controller
Description: Video Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/29/2016 06:52:23 AM) (Source: Userenv) (EventID: 1500) (User: NT AUTHORITY)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.

DETAIL - The configuration registry database is corrupt.

Error: (01/29/2016 06:52:23 AM) (Source: Userenv) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights.

DETAIL - The configuration registry database is corrupt. for C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\\UsrClass.dat

Error: (01/29/2016 06:52:21 AM) (Source: Userenv) (EventID: 1500) (User: NT AUTHORITY)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.

DETAIL - The configuration registry database is corrupt.

Error: (01/29/2016 06:52:21 AM) (Source: Userenv) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights.

DETAIL - The configuration registry database is corrupt. for C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\\UsrClass.dat

Error: (01/28/2016 01:31:56 PM) (Source: Userenv) (EventID: 1500) (User: NT AUTHORITY)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.

DETAIL - The configuration registry database is corrupt.

Error: (01/28/2016 01:31:56 PM) (Source: Userenv) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights.

DETAIL - The configuration registry database is corrupt. for C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\\UsrClass.dat

Error: (01/28/2016 01:31:54 PM) (Source: Userenv) (EventID: 1500) (User: NT AUTHORITY)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.

DETAIL - The configuration registry database is corrupt.

Error: (01/28/2016 01:31:54 PM) (Source: Userenv) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights.

DETAIL - The configuration registry database is corrupt. for C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\\UsrClass.dat

Error: (01/28/2016 03:37:13 AM) (Source: Userenv) (EventID: 1500) (User: NT AUTHORITY)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.

DETAIL - The configuration registry database is corrupt.

Error: (01/28/2016 03:37:13 AM) (Source: Userenv) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This is often caused by insufficient memory or insufficient security rights.

DETAIL - The configuration registry database is corrupt. for C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\\UsrClass.dat

System errors:
=============
Error: (01/29/2016 06:53:15 AM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error:
%%1009

Error: (01/29/2016 06:52:33 AM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk0\D

Error: (01/29/2016 06:52:33 AM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk0\D

Error: (01/29/2016 06:52:32 AM) (Source: 0) (EventID: 5) (User: )
Description: \Device\Ide\IdePort2

Error: (01/29/2016 06:52:32 AM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk0\D

Error: (01/29/2016 06:52:32 AM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk0\D

Error: (01/29/2016 06:52:32 AM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk0\D

Error: (01/29/2016 06:52:32 AM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk0\D

Error: (01/29/2016 06:52:32 AM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk0\D

Error: (01/27/2016 05:45:15 AM) (Source: 0) (EventID: 11) (User: )
Description: \Device\Harddisk0\D

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of memory in use: 59%
Total physical RAM: 1022.79 MB
Available physical RAM: 415.84 MB
Total Virtual: 2463.59 MB
Available Virtual: 1934.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:164.45 GB) (Free:8.9 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: (New Volume) (Fixed) (Total:301.31 GB) (Free:95.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: BB05BB05)
Partition 1: (Active) - (Size=164.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=301.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt
 
#13 ·
Download attached fixlist.txt file and save it to your desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

then you should be able to install Avast OK
 

Attachments

#14 ·
Hi
Pse find attached Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x86) Version:27-01-2016
Ran by Betty (2016-01-29 22:20:51) Run:1
Running from C:\Documents and Settings\Betty\Desktop
Loaded Profiles: Betty (Available Profiles: Kobus & Betty & Mari-Louise & Chantel & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
AV: Avira Antivirus (Enabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
emptytemp:

*****************

AV: Avira Antivirus (Enabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7} => removed successfully.
AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D} => removed successfully.
AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} => removed successfully.
EmptyTemp: => 6.2 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 22:32:32
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top