AtuZi not completely removed (?)
Hello,
I found AtuZi in my program files. (I have a WindowsXP Home Version and Spybot Home Edition). AtuZi did not show in my Add/Remove folder; I deleted the folder myself. Then I removed its' keys in my registry. Rebooted. And I get my *first* problem, an endless loop when I go into Spybot and do a C:/ system scan. It stops at 4.7% (with 1371 minutes remaining) OR goes thru to 100% and starts its endless loop again.
I thought it was AtuZi/maybe it is/ but: are there parts of it remaining? I did do a few System Restores and nothing at all happened.
Thank you for your time and attention.
Katy
-------------------------------------------------
Edit
For future reference and others reading. :)
http://forums.spybot.info/showthread...nce%29-Updated
AtuZi not completely removed (?)
Hi OCD!
I saved your instructions to Notepad.
>>If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.<<
Question: Do I run Security Check first or ALL the tools you gave me at once? (Security Check; aswMBR, etc.
Many thanks,
Katy
AtuZi not completely removed (?)
Hi OCD,
Uh...my downloads are set to download from my Tools at the top of the page. I don't know how to get downloads to the desktop with Firefox. Duh.
Katy
AtuZi not completely removed (?)
Hi OCD,
I cut/pasted the logs and think (with what you may ask?) I attached the MBR.ZIP; it would not let me drag and drop. :
Results of screen317's Security Check version 0.99.95
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Java 7 Update 71
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.296
Adobe Reader XI
Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
.....................................
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-28 20:45:43
-----------------------------
20:45:43.484 OS Version: Windows 5.1.2600 Service Pack 3
20:45:43.484 Number of processors: 1 586 0x409
20:45:43.484 ComputerName: D5TBBCB1 UserName: Katy
20:45:43.859 Initialize success
20:45:43.906 VM: initialized successfully
20:45:43.921 VM: Intel CPU virtualization not supported
20:47:51.718 AVAST engine defs: 15012801
20:50:38.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:50:38.625 Disk 0 Vendor: ST3802110A 3.ADH Size: 76293MB BusType: 3
20:50:38.796 Disk 0 MBR read successfully
20:50:38.796 Disk 0 MBR scan
20:50:38.828 Disk 0 unknown MBR code
20:50:38.828 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
20:50:38.843 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 53968 MB offset 80325
20:50:38.843 Disk 0 default boot code
20:50:38.875 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 19053 MB offset 110607525
20:50:38.890 Disk 0 Partition 4 00 DB CP/M / CTOS MSDOS5.0 3223 MB offset 149629410
20:50:38.921 Disk 0 scanning sectors +156232125
20:50:39.640 Disk 0 scanning C:\WINDOWS\system32\drivers
20:50:57.984 Service scanning
20:51:44.140 Modules scanning
20:51:44.140 Disk 0 trace - called modules:
20:51:44.156 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
20:51:44.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a89aab8]
20:51:44.156 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a8dcb00]
20:51:44.437 AVAST engine scan C:\WINDOWS
20:51:58.656 AVAST engine scan C:\WINDOWS\system32
20:55:21.640 AVAST engine scan C:\WINDOWS\system32\drivers
20:55:49.265 AVAST engine scan C:\Documents and Settings\Katy
20:59:13.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Katy\Desktop\MBR.dat"
20:59:13.265 The log file has been saved successfully to "C:\Documents and Settings\Katy\Desktop\aswMBR.txt"
.................
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by Katy (administrator) on D5TBBCB1 on 28-01-2015 21:35:19
Running from C:\Documents and Settings\Katy\Desktop
Loaded Profiles: Katy (Available profiles: Katy)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe
(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
(Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe
() C:\Program Files\Dell\Media Experience\DMXLauncher.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Sonic Solutions) C:\WINDOWS\system32\DLA\DLACTRLW.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe
(AVAST Software) C:\Documents and Settings\Katy\Desktop\aswMBR.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DMXLauncher] => C:\Program Files\Dell\Media Experience\DMXLauncher.exe [98304 2006-05-03] ()
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe
HKLM\...\Run: [ISUSPM Startup] => "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2009-05-19] (Analog Devices, Inc.)
HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [122940 2005-11-07] (Sonic Solutions)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\avgrsstarter: avgrsstx.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Macrovision Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-1226216386-1621485569-1288477537-1006] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1226216386-1621485569-1288477537-1006] => localhost:21320
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name -> {e4878b45-e2c0-4307-b6e8-734922f92f5b} -> No File
Toolbar: HKLM - No Name - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {E4878B45-E2C0-4307-B6E8-734922F92F5B} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - No File
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog9 27 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll File Not found ()
Winsock: Catalog9 33 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll File Not found ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Katy\Application Data\Mozilla\Firefox\Profiles\aucqph31.default-1422302831937
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
Chrome:
=======
CHR Profile: C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-18]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files\TornTV.com\torn2_10.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 Iprip; C:\WINDOWS\System32\iprip.dll [35328 2008-04-13] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel(R) Corporation) [File not signed]
S2 NIS; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-13] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [X]
S2 Update Jotzey; "C:\Program Files\Jotzey\updateJotzey.exe" [X]
S2 Update neurowise; "C:\Program Files\neurowise\updateneurowise.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 6195; C:\WINDOWS\System32\DRIVERS\6195 [9072 2011-11-18] ()
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2004-03-24] () [File not signed]
S1 ccSet_NIS; C:\WINDOWS\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-11-07] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-31] (Symantec Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-12] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-12] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP)
S3 netrcacm; C:\WINDOWS\System32\DRIVERS\netrcacm.sys [20648 2003-04-02] (Thomson Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46080 2005-08-19] (Sonic Solutions) [File not signed]
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S3 SRTSP; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2013-12-14] (Symantec Corporation)
S1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
S1 SYMTDI; C:\WINDOWS\system32\drivers\NIS\1501000.012\SYMTDI.SYS [421592 2013-09-25] (Symantec Corporation)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 2980; System32\DRIVERS\2980 [X]
S3 Avgfwdx; system32\DRIVERS\avgfwdx.sys [X]
S3 Avgfwfd; system32\DRIVERS\avgfwdx.sys [X]
S1 BHDrvx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\Katy\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IDSxpx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140219.001\IDSxpx86.sys [X]
S3 NAVENG; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVEX15.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
U3 aswMBR; \??\C:\DOCUME~1\Katy\LOCALS~1\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\DOCUME~1\Katy\LOCALS~1\Temp\aswVmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-28 21:35 - 2015-01-28 21:35 - 00017668 _____ () C:\Documents and Settings\Katy\Desktop\FRST.txt
2015-01-28 21:34 - 2015-01-28 21:35 - 00000000 ___DC () C:\FRST
2015-01-28 21:28 - 2015-01-28 21:28 - 01121792 _____ (Farbar) C:\Documents and Settings\Katy\Desktop\FRST.exe
2015-01-28 21:14 - 2015-01-28 21:18 - 02130432 _____ (Farbar) C:\Documents and Settings\Katy\Desktop\FRST64(1).exe
2015-01-28 20:59 - 2015-01-28 20:59 - 00002134 _____ () C:\Documents and Settings\Katy\Desktop\aswMBR.txt
2015-01-28 20:59 - 2015-01-28 20:59 - 00000512 _____ () C:\Documents and Settings\Katy\Desktop\MBR.dat
2015-01-28 20:44 - 2015-01-28 20:44 - 05198336 _____ (AVAST Software) C:\Documents and Settings\Katy\Desktop\aswMBR.exe
2015-01-28 17:54 - 2015-01-28 17:54 - 00852573 _____ () C:\Documents and Settings\Katy\Desktop\SecurityCheck(3).exe
2015-01-27 20:23 - 2015-01-27 20:26 - 00005663 _____ () C:\Documents and Settings\Katy\Desktop\AtuZi re OCD 1 27 15.txt
2015-01-26 18:24 - 2015-01-26 18:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-24 09:23 - 2015-01-24 09:25 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\POT STOX
2015-01-24 08:46 - 2015-01-24 08:46 - 00000331 _____ () C:\Documents and Settings\Katy\My Documents\be careful.txt
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Hewlett-Packard
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2015-01-23 10:44 - 2015-01-23 10:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AdZe MiXXe
2015-01-23 07:19 - 2015-01-23 07:19 - 00013620 ____C () C:\Documents and Settings\Katy\My Documents\shais taub the steps we took etc.txt
2015-01-20 12:32 - 2015-01-18 20:43 - 00104194 ____C () C:\WINDOWS\hpoins04.dat.temp
2015-01-20 12:32 - 2004-06-22 10:04 - 00017176 ____C () C:\WINDOWS\hpomdl04.dat.temp
2015-01-20 12:32 - 2004-04-13 03:10 - 00581632 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpotscl.dll
2015-01-20 12:32 - 2004-04-13 03:10 - 00090112 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpovst08.dll
2015-01-20 12:32 - 2004-03-14 05:32 - 00278528 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpgwiamd.dll
2015-01-20 12:31 - 2004-04-07 09:34 - 00196608 _____ (HP) C:\WINDOWS\system32\hpzcoi10.dll
2015-01-20 12:31 - 2004-04-07 09:33 - 00344064 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\hpzcon10.dll
2015-01-20 12:31 - 2004-03-14 05:43 - 00180315 _____ (HP) C:\WINDOWS\system32\hpzsnt10.dll
2015-01-20 12:28 - 2015-01-23 10:47 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-01-20 12:28 - 2015-01-23 08:26 - 00000000 ____D () C:\Program Files\Hp
2015-01-20 09:54 - 2015-01-20 09:54 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\ProcAlyzer Dumps
2015-01-18 21:01 - 2015-01-28 21:01 - 00000302 _____ () C:\WINDOWS\Tasks\WebReg officejet 4200 series.job
2015-01-18 21:01 - 2015-01-18 21:01 - 00001053 ____C () C:\_Sid.txt
2015-01-18 20:11 - 2015-01-18 20:11 - 00000000 ____D () C:\Program Files\Common Files\HP
2015-01-18 20:09 - 2015-01-18 20:09 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2015-01-18 19:58 - 2015-01-20 12:34 - 00102032 _____ () C:\WINDOWS\hpoins04.dat
2015-01-18 19:58 - 2004-06-22 06:20 - 00017218 ____C () C:\WINDOWS\hpomdl04.dat
2015-01-16 09:32 - 2015-01-09 14:14 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150116-093242.backup
2015-01-13 20:11 - 2015-01-23 08:43 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\{7477016f-6628-718d-7477-7016f66205bd}
2015-01-12 20:52 - 2015-01-12 20:53 - 00059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2015-01-12 20:52 - 2015-01-12 20:52 - 00002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-11 10:21 - 2015-01-11 10:21 - 00074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2015-01-10 16:18 - 2015-01-10 16:18 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\Image Zone Express
2015-01-10 13:23 - 2015-01-10 13:23 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\Hewlett-Packard
2015-01-09 14:14 - 2015-01-06 11:39 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150109-141431.backup
2015-01-06 11:39 - 2015-01-03 09:12 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150106-113903.backup
2015-01-04 15:36 - 2015-01-04 15:36 - 00003060 ____C () C:\Documents and Settings\Katy\My Documents\nitely review.txt
2015-01-03 14:16 - 2015-01-23 09:31 - 00018944 ____C () C:\Documents and Settings\Katy\Desktop\JANUARY SPENDING RECORD 2015.xls
2015-01-03 09:43 - 2015-01-03 09:43 - 00000040 ____C () C:\Documents and Settings\Katy\My Documents\uncontested.txt
2015-01-03 09:12 - 2015-01-02 10:37 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150103-091215.backup
2015-01-02 10:37 - 2014-12-25 12:40 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150102-103703.backup
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-28 21:35 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Temp
2015-01-28 21:24 - 2012-04-04 07:16 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-28 20:22 - 2011-02-22 08:01 - 01361484 ____C () C:\WINDOWS\WindowsUpdate.log
2015-01-28 20:21 - 2014-04-03 12:42 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-28 20:21 - 2004-08-10 12:51 - 00002206 ____C () C:\WINDOWS\system32\wpa.dbl
2015-01-28 20:20 - 2011-02-22 08:01 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2015-01-28 20:20 - 2011-02-22 08:01 - 00000049 ____C () C:\WINDOWS\wiaservc.log
2015-01-28 20:19 - 2004-08-10 13:08 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2015-01-28 18:17 - 2012-08-27 16:05 - 00032360 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-28 18:17 - 2006-07-22 16:51 - 00000278 __SHC () C:\Documents and Settings\Katy\ntuser.ini
2015-01-28 18:13 - 2014-07-20 20:09 - 00024858 _____ () C:\WINDOWS\setupact.log
2015-01-28 15:20 - 2004-08-10 13:04 - 00000175 ____C () C:\WINDOWS\control.ini
2015-01-27 20:21 - 2011-12-10 22:39 - 00002489 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2015-01-27 20:21 - 2006-08-05 19:02 - 00059312 ____C () C:\Documents and Settings\Katy\Application Data\GDIPFONTCACHEV1.DAT
2015-01-27 09:03 - 2012-07-03 07:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-25 17:47 - 2008-04-01 07:21 - 00006212 ____C () C:\WINDOWS\wininit.ini
2015-01-24 20:25 - 2014-10-18 22:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-01-24 20:24 - 2012-04-04 07:16 - 00701616 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-24 20:24 - 2011-12-09 09:38 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-24 19:50 - 2014-03-27 10:02 - 00002565 ____C () C:\Documents and Settings\Katy\Desktop\Microsoft Calculator Plus.lnk
2015-01-24 09:33 - 2012-03-21 06:39 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\NA
2015-01-24 09:21 - 2011-12-09 20:04 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\MONEY
2015-01-24 08:06 - 2009-03-16 09:58 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF912A38-04AF-4DEA-99F3-FBFD6C3CAF34}.job
2015-01-23 10:49 - 2008-12-11 09:27 - 00243128 ____C () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-23 10:48 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy
2015-01-23 10:48 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-23 10:48 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-01-23 10:48 - 2004-08-10 13:02 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-23 10:44 - 2013-08-14 07:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-23 10:43 - 2006-07-17 19:17 - 00000000 ___DC () C:\dell
2015-01-23 10:43 - 2006-07-17 19:11 - 00000000 ____D () C:\i386
2015-01-23 08:26 - 2011-12-08 21:07 - 00000000 ___DC () C:\unzipped
2015-01-22 09:24 - 2014-10-02 10:36 - 00002027 ____C () C:\Documents and Settings\Katy\My Documents\swank critical.txt
2015-01-20 13:10 - 2011-12-18 12:21 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-01-20 13:09 - 2014-10-12 17:25 - 00171562 ____C () C:\WINDOWS\setupapi.log
2015-01-20 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\twain_32
2015-01-20 12:34 - 2008-12-03 11:55 - 00012964 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-01-20 12:30 - 2006-07-22 19:36 - 00059312 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-01-20 11:31 - 2014-07-20 18:28 - 00000724 ____C () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-01-20 11:31 - 2011-12-08 20:32 - 00000730 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-20 09:54 - 2006-07-17 19:17 - 00000254 _____ () C:\boot.ini
2015-01-18 20:14 - 2004-08-10 12:51 - 00001329 ____C () C:\WINDOWS\win.ini
2015-01-15 10:14 - 2006-07-23 08:43 - 110348472 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-14 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\pchealth
2015-01-12 21:00 - 2009-08-15 14:23 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HpUpdate
2015-01-11 11:05 - 2011-12-09 08:41 - 00000000 ____D () C:\Program Files\Savings Bond Wizard
2015-01-10 13:36 - 2008-12-03 13:12 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HP
2015-01-08 15:00 - 2014-04-03 12:42 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-01-03 14:33 - 2011-12-12 08:58 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\D A
2015-01-03 14:18 - 2011-12-10 22:39 - 00002487 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2015-01-03 11:15 - 2011-12-09 20:03 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\AA
==================== Files in the root of some directories =======
2006-08-27 16:27 - 2008-07-26 19:15 - 0004096 ____C () C:\Documents and Settings\Katy\Application Data\dvd.bmk
2015-01-12 20:52 - 2015-01-12 20:52 - 0002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-12 20:52 - 2015-01-12 20:53 - 0059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2006-07-28 06:32 - 2006-07-28 06:32 - 0012358 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JCM.{PB
2006-07-28 06:32 - 2006-07-28 06:32 - 0061678 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JPR.{PB
2015-01-11 10:21 - 2015-01-11 10:21 - 0074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2008-08-24 17:23 - 2011-01-12 10:24 - 0004608 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-23 07:45 - 2006-07-23 07:45 - 0000127 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\fusioncache.dat
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
...................................
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by Katy at 2015-01-28 21:36:30
Running from C:\Documents and Settings\Katy\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG Anti-Virus Free (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
aaquotes (HKLM\...\ST5UNST #1) (Version: - )
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1703.41614 - ABBYY Software House)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AiO_Scan (Version: 43.0.217.000 - Hewlett-Packard) Hidden
AOLIcon (Version: 1.00.0000 - Dell) Hidden
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )
Dell CinePlayer (HKLM\...\{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}) (Version: 3.0 - Dell)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Digital Content Portal (HKLM\...\{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}) (Version: 1.00.0000 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc)
DocProc (Version: 7.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Documentation & Support Launcher (HKLM\...\{B0DF58A2-40DF-4465-AA56-38623EC9938C}) (Version: 1.00.0000 - Dell Inc.)
e-AA lite (HKLM\...\e-AA lite_is1) (Version: v1.11 - The Anonymous Press)
ELIcon (Version: 1.00.0000 - Dell) Hidden
Enterprise (Version: 43.0.217.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP PSC & Officejet 4.2 Corporate Edition (HKLM\...\{AC1314E7-D28C-40A1-B322-80D2868D35CE}) (Version: - HP)
HP Support Solutions Framework (HKLM\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
Intel(R) Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel(R) PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - )
Intel(R) PROSet for Wired Connections (HKLM\...\{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}) (Version: 8.00.5000 - Dell)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Mah Jongg - The REAL Game! (HKLM\...\Mah Jongg - The REAL Game!) (Version: - )
MCU (Version: 1.00.0000 - Dell) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM\...\{90110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 2.40 - BVRP Software)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.12 - BVRP Software, Inc)
OCR Software by I.R.I.S 7.0 (HKLM\...\HPOCR) (Version: 7.0 - HP)
Professor Teaches Access 2000 (HKLM\...\Professor Teaches Access 2000) (Version: - )
Professor Teaches Access 2002 (HKLM\...\Professor Teaches Access 2002) (Version: 3.0 - Individual Software, Inc.)
Professor Teaches Excel 2000 (HKLM\...\Professor Teaches Excel 2000) (Version: - )
Professor Teaches Excel 2002 (HKLM\...\Professor Teaches Excel 2002) (Version: 3.0 - Individual Software, Inc.)
Professor Teaches FrontPage 2002 (HKLM\...\Professor Teaches FrontPage 2002) (Version: 3.0 - Individual Software, Inc.)
Professor Teaches Outlook 2000 (HKLM\...\Professor Teaches Outlook 2000) (Version: - )
Professor Teaches Outlook 2002 (HKLM\...\Professor Teaches Outlook 2002) (Version: 3.0 - Individual Software, Inc.)
Professor Teaches PowerPoint 2000 (HKLM\...\Professor Teaches PowerPoint 2000) (Version: - )
Professor Teaches PowerPoint 2002 (HKLM\...\Professor Teaches PowerPoint 2002) (Version: 3.0 - Individual Software, Inc.)
Professor Teaches Windows XP Home Edition (HKLM\...\Professor Teaches Windows XP Home Edition) (Version: 4.0 - Individual Software, Inc.)
Professor Teaches Word 2000 (HKLM\...\Professor Teaches Word 2000) (Version: - )
Professor Teaches Word 2002 (HKLM\...\Professor Teaches Word 2002) (Version: 3.0 - Individual Software, Inc.)
Roxio DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 5.2.0 - Roxio)
Roxio MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.6 - Roxio)
Roxio RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Roxio)
Roxio RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Roxio)
Roxio RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Roxio)
Savings Bond Wizard (HKLM\...\Savings Bond Wizard) (Version: - )
Scan (Version: 4.1.0.0 - Hewlett-Packard) Hidden
Scrabble (HKLM\...\Scrabble) (Version: - )
Search Assist (HKLM\...\{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}) (Version: 1.00.0000 - Dell)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
WebCyberCoach 3.2 Dell (HKLM\...\WebCyberCoach_wtrb) (Version: - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Wellness (HKLM\...\{E7DB1937-44D9-4DD7-9704-46BDCACD9DD0}) (Version: 4.5 - Zentrum Publishing)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0018.5 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20061107.210142 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinZip (HKLM\...\WinZip) (Version: 9.0 (6028) - WinZip Computing, Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Katy\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Katy\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No File
==================== Restore Points =========================
10-11-2014 22:00:19 System Checkpoint
11-11-2014 13:54:04 Software Distribution Service 3.0
12-11-2014 16:28:15 System Checkpoint
17-11-2014 11:40:28 System Checkpoint
18-11-2014 12:24:30 System Checkpoint
19-11-2014 12:54:30 System Checkpoint
21-11-2014 12:15:22 System Checkpoint
22-11-2014 14:28:39 System Checkpoint
24-11-2014 13:55:59 System Checkpoint
28-11-2014 16:52:19 System Checkpoint
29-11-2014 16:55:48 System Checkpoint
30-11-2014 17:02:35 System Checkpoint
05-12-2014 12:34:47 System Checkpoint
07-12-2014 03:01:58 System Checkpoint
09-12-2014 10:03:13 System Checkpoint
10-12-2014 09:51:25 Software Distribution Service 3.0
15-12-2014 11:19:34 System Checkpoint
17-12-2014 18:45:45 System Checkpoint
19-12-2014 10:27:10 System Checkpoint
21-12-2014 14:34:04 System Checkpoint
22-12-2014 13:51:03 Restore Operation
22-12-2014 13:58:35 Software Distribution Service 3.0
22-12-2014 15:46:26 Restore Operation
26-12-2014 18:52:22 Removed Across Lite
31-12-2014 13:27:45 System Checkpoint
03-01-2015 09:34:01 System Checkpoint
05-01-2015 08:42:34 System Checkpoint
06-01-2015 09:38:57 System Checkpoint
09-01-2015 15:00:45 System Checkpoint
10-01-2015 13:22:58 Installed HP Support Solutions Framework
10-01-2015 13:54:01 Printer Driver HP Officejet 5600 series fax Installed
11-01-2015 10:19:22 Removed HP Software Update
12-01-2015 21:00:19 Installed HP Product Assistant
13-01-2015 20:16:10 Restore Operation
13-01-2015 20:22:04 Software Distribution Service 3.0
14-01-2015 12:51:09 Removed HP Support Solutions Framework
14-01-2015 12:53:52 Removed HP Update.
15-01-2015 09:59:35 Restore Operation
15-01-2015 10:14:15 Software Distribution Service 3.0
17-01-2015 05:06:29 System Checkpoint
18-01-2015 19:42:15 Installed HP Support Solutions Framework
18-01-2015 20:14:22 Printer Driver hp officejet 4200 series fax Installed
19-01-2015 08:38:01 Restore Operation
19-01-2015 08:51:23 Restore Operation
19-01-2015 09:06:37 Software Distribution Service 3.0
19-01-2015 10:13:08 Restore Operation
20-01-2015 10:58:48 System Checkpoint
20-01-2015 12:28:41 Installed HP Support Solutions Framework
22-01-2015 07:48:36 System Checkpoint
23-01-2015 08:24:59 Restore Operation
23-01-2015 08:49:34 Software Distribution Service 3.0
23-01-2015 10:34:38 Restore Operation
25-01-2015 16:13:08 System Checkpoint
26-01-2015 18:38:05 System Checkpoint
28-01-2015 08:10:41 System Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-08-10 12:51 - 2015-01-16 09:32 - 00450775 ___RC C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 1spybot.com
127.0.0.1 www.1spybot.com
127.0.0.1 1stantivirus.com
127.0.0.1 www.1stantivirus.com
127.0.0.1 1stpagehere.com
127.0.0.1 www.1stpagehere.com
127.0.0.1 1stsearchportal.com
127.0.0.1 www.1stsearchportal.com
127.0.0.1 2-2005-search.com
127.0.0.1 www.2-2005-search.com
127.0.0.1 2.82211.net
127.0.0.1 2006ooo.com
127.0.0.1 www.2006ooo.com
127.0.0.1 2007-download.com
127.0.0.1 www.2007-download.com
127.0.0.1 2008-search-destroy.com
127.0.0.1 www.2008-search-destroy.com
127.0.0.1 2008-viewer.com
127.0.0.1 www.2008-viewer.com
127.0.0.1 2008firefox.com
127.0.0.1 www.2008firefox.com
127.0.0.1 2008search-destroy.com
127.0.0.1 www.2008search-destroy.com
127.0.0.1 2009--access.com
127.0.0.1 www.2009--access.com
127.0.0.1 2009-edition.com
127.0.0.1 www.2009-edition.com
127.0.0.1 2009-phone.com
127.0.0.1 www.2009-phone.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
Task: C:\WINDOWS\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF912A38-04AF-4DEA-99F3-FBFD6C3CAF34}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\WebReg officejet 4200 series.job => C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
==================== Loaded Modules (whitelisted) =============
2014-08-12 09:14 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-12 09:14 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-12 09:14 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-12 09:14 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-12 09:14 - 2012-04-03 16:06 - 00565640 ____C () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2005-10-05 03:12 - 2006-05-03 02:12 - 00098304 ____C () C:\Program Files\Dell\Media Experience\DMXLauncher.exe
2015-01-26 18:24 - 2015-01-26 18:25 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\WINDOWS\explorer.exe:SummaryInformation
AlternateDataStreams: C:\WINDOWS\explorer.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\wmp11Uninst.log:SummaryInformation
AlternateDataStreams: C:\WINDOWS\wmp11Uninst.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2BDCFAD6
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2D5907B8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D158BAF9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1226216386-1621485569-1288477537-500 - Administrator - Enabled)
Guest (S-1-5-21-1226216386-1621485569-1288477537-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1226216386-1621485569-1288477537-1005 - Limited - Disabled)
Katy (S-1-5-21-1226216386-1621485569-1288477537-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Katy
SUPPORT_388945a0 (S-1-5-21-1226216386-1621485569-1288477537-1002 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/28/2015 08:27:34 PM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.
Error: (01/28/2015 07:23:34 AM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.
Error: (01/27/2015 09:11:47 AM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.
Error: (01/26/2015 06:15:06 PM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.
Error: (01/26/2015 10:53:32 AM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.
Error: (01/26/2015 08:09:27 AM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.
Error: (01/25/2015 09:02:29 PM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.
Error: (01/25/2015 03:43:41 PM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.
Error: (01/25/2015 08:47:02 AM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.
Error: (01/24/2015 08:01:26 AM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.
System errors:
=============
Error: (01/28/2015 08:21:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx86
ccSet_NIS
SymIRON
SYMTDI
Error: (01/28/2015 08:21:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update neurowise service failed to start due to the following error:
%%3
Error: (01/28/2015 08:21:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Jotzey service failed to start due to the following error:
%%3
Error: (01/28/2015 08:21:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053
Error: (01/28/2015 08:21:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Error: (01/28/2015 08:21:18 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Norton Internet Security service terminated with service-specific error 4294967295 (0xFFFFFFFF).
Error: (01/28/2015 08:21:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%1053
Error: (01/28/2015 08:21:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the HP Support Solutions Framework Service service to connect.
Error: (01/28/2015 08:19:59 PM) (Source: WPDMTPDriver) (EventID: 15300) (User: )
Description: MTP WPD Driver has failed to start. Error 0x8007048f.
Error: (01/28/2015 05:19:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
Microsoft Office Sessions:
=========================
Error: (01/28/2015 08:27:34 PM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\
Error: (01/28/2015 07:23:34 AM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\
Error: (01/27/2015 09:11:47 AM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\
Error: (01/26/2015 06:15:06 PM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\
Error: (01/26/2015 10:53:32 AM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\
Error: (01/26/2015 08:09:27 AM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\
Error: (01/25/2015 09:02:29 PM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\
Error: (01/25/2015 03:43:41 PM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\
Error: (01/25/2015 08:47:02 AM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\
Error: (01/24/2015 08:01:26 AM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) CPU 2.53GHz
Percentage of memory in use: 45%
Total physical RAM: 2045.98 MB
Available physical RAM: 1124.4 MB
Total Pagefile: 3431.36 MB
Available Pagefile: 2234.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1927.52 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:52.7 GB) (Free:33.23 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Backup) (Fixed) (Total:18.61 GB) (Free:18.53 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=52.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.1 GB) - (Type=DB)
==================== End Of Log ============================
AtuZi not completely removed (?)
Hi OCD,
I got lost retrieving Fixlog.txt and got then FRST sent me to the Windows XP repair center/Mcafee with popups for media player. Many apologies.
AdwCleaner [SO] txt# AdwCleaner v4.109 - Report created 29/01/2015 at 13:57:27
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Katy - D5TBBCB1
# Running from : C:\Documents and Settings\Katy\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : AVG Security Toolbar Service
[#] Service Deleted : Update neurowise
[#] Service Deleted : Update Jotzey
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn
Folder Deleted : C:\Documents and Settings\All Users\Application Data\pastaleads
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\SearchAssist
Folder Deleted : C:\Documents and Settings\Katy\Local Settings\Application Data\globalUpdate
Folder Deleted : C:\Documents and Settings\Katy\Application Data\Viewpoint
File Deleted : C:\WINDOWS\Reimage.ini
File Deleted : C:\WINDOWS\system32\config\pastalea.evt
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\8ed8dab538ef42
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2187784
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InfoAtoms
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Reimage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:21320
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
***** [ Browsers ] *****
-\\ Internet Explorer v7.0.6000.21376
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [3892 octets] - [29/01/2015 13:51:21]
AdwCleaner[S0].txt - [3833 octets] - [29/01/2015 13:57:27]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3893 octets] ##########
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by Katy (administrator) on D5TBBCB1 on 29-01-2015 14:27:47
Running from C:\Documents and Settings\Katy\Desktop
Loaded Profiles: Katy (Available profiles: Katy)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DMXLauncher] => C:\Program Files\Dell\Media Experience\DMXLauncher.exe [98304 2006-05-03] ()
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe
HKLM\...\Run: [ISUSPM Startup] => "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2009-05-19] (Analog Devices, Inc.)
HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [122940 2005-11-07] (Sonic Solutions)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\avgrsstarter: avgrsstx.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Macrovision Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name -> {e4878b45-e2c0-4307-b6e8-734922f92f5b} -> No File
Toolbar: HKLM - No Name - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {E4878B45-E2C0-4307-B6E8-734922F92F5B} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - No File
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Katy\Application Data\Mozilla\Firefox\Profiles\aucqph31.default-1422302831937
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Advertising Cookie Opt-out - C:\Documents and Settings\Katy\Application Data\Mozilla\Firefox\Profiles\aucqph31.default-1422302831937\Extensions\optout@google.com.xpi [2015-01-29]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
Chrome:
=======
CHR Profile: C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-18]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 Iprip; C:\WINDOWS\System32\iprip.dll [35328 2008-04-13] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel(R) Corporation) [File not signed]
S2 NIS; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-13] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 6195; C:\WINDOWS\System32\DRIVERS\6195 [9072 2011-11-18] ()
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2004-03-24] () [File not signed]
S1 ccSet_NIS; C:\WINDOWS\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-11-07] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-31] (Symantec Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-12] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-12] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP)
S3 netrcacm; C:\WINDOWS\System32\DRIVERS\netrcacm.sys [20648 2003-04-02] (Thomson Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46080 2005-08-19] (Sonic Solutions) [File not signed]
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S3 SRTSP; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2013-12-14] (Symantec Corporation)
S1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
S1 SYMTDI; C:\WINDOWS\system32\drivers\NIS\1501000.012\SYMTDI.SYS [421592 2013-09-25] (Symantec Corporation)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 2980; System32\DRIVERS\2980 [X]
S3 Avgfwdx; system32\DRIVERS\avgfwdx.sys [X]
S3 Avgfwfd; system32\DRIVERS\avgfwdx.sys [X]
S1 BHDrvx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\Katy\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IDSxpx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140219.001\IDSxpx86.sys [X]
S3 NAVENG; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVEX15.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-29 14:27 - 2015-01-29 14:28 - 00015375 _____ () C:\Documents and Settings\Katy\Desktop\FRST.txt
2015-01-29 14:27 - 2015-01-29 09:14 - 01121792 _____ (Farbar) C:\Documents and Settings\Katy\Desktop\FRST.exe
2015-01-29 14:14 - 2015-01-29 14:14 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-29 14:07 - 2015-01-29 14:08 - 01707939 _____ (Thisisu) C:\Documents and Settings\Katy\Desktop\JRT.exe
2015-01-29 13:50 - 2015-01-29 14:05 - 00000000 ___DC () C:\AdwCleaner
2015-01-29 13:49 - 2015-01-29 13:49 - 02194432 _____ () C:\Documents and Settings\Katy\Desktop\AdwCleaner.exe
2015-01-29 13:46 - 2015-01-29 13:46 - 00053106 _____ () C:\Documents and Settings\Katy\Desktop\win 7 ultimate guide 1 29 15.txt
2015-01-29 13:30 - 2015-01-29 13:30 - 00002468 _____ () C:\Documents and Settings\Katy\Desktop\fixlist.txt
2015-01-29 13:26 - 2015-01-29 13:26 - 00006900 _____ () C:\Documents and Settings\Katy\Desktop\OCD Atuziinstructions Thursday 1 29 15.txt
2015-01-29 13:24 - 2015-01-29 13:25 - 00000000 ____D () C:\Documents and Settings\Katy\Desktop\OCD re ZtuZiwed 1 28
2015-01-29 13:24 - 2015-01-29 13:24 - 00000294 _____ () C:\Documents and Settings\Katy\Desktop\did you set this proxy.txt
2015-01-28 21:34 - 2015-01-29 14:27 - 00000000 ___DC () C:\FRST
2015-01-27 20:23 - 2015-01-27 20:26 - 00005663 _____ () C:\Documents and Settings\Katy\Desktop\AtuZi re OCD 1 27 15.txt
2015-01-26 18:24 - 2015-01-26 18:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-24 09:23 - 2015-01-24 09:25 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\POT STOX
2015-01-24 08:46 - 2015-01-24 08:46 - 00000331 _____ () C:\Documents and Settings\Katy\My Documents\be careful.txt
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Hewlett-Packard
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2015-01-23 10:44 - 2015-01-23 10:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AdZe MiXXe
2015-01-23 07:19 - 2015-01-23 07:19 - 00013620 ____C () C:\Documents and Settings\Katy\My Documents\shais taub the steps we took etc.txt
2015-01-20 12:32 - 2015-01-18 20:43 - 00104194 ____C () C:\WINDOWS\hpoins04.dat.temp
2015-01-20 12:32 - 2004-06-22 10:04 - 00017176 ____C () C:\WINDOWS\hpomdl04.dat.temp
2015-01-20 12:32 - 2004-04-13 03:10 - 00581632 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpotscl.dll
2015-01-20 12:32 - 2004-04-13 03:10 - 00090112 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpovst08.dll
2015-01-20 12:32 - 2004-03-14 05:32 - 00278528 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpgwiamd.dll
2015-01-20 12:31 - 2004-04-07 09:34 - 00196608 _____ (HP) C:\WINDOWS\system32\hpzcoi10.dll
2015-01-20 12:31 - 2004-04-07 09:33 - 00344064 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\hpzcon10.dll
2015-01-20 12:31 - 2004-03-14 05:43 - 00180315 _____ (HP) C:\WINDOWS\system32\hpzsnt10.dll
2015-01-20 12:28 - 2015-01-23 10:47 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-01-20 12:28 - 2015-01-23 08:26 - 00000000 ____D () C:\Program Files\Hp
2015-01-20 09:54 - 2015-01-20 09:54 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\ProcAlyzer Dumps
2015-01-18 21:01 - 2015-01-28 21:01 - 00000302 _____ () C:\WINDOWS\Tasks\WebReg officejet 4200 series.job
2015-01-18 21:01 - 2015-01-18 21:01 - 00001053 ____C () C:\_Sid.txt
2015-01-18 20:11 - 2015-01-18 20:11 - 00000000 ____D () C:\Program Files\Common Files\HP
2015-01-18 20:09 - 2015-01-18 20:09 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2015-01-18 19:58 - 2015-01-20 12:34 - 00102032 _____ () C:\WINDOWS\hpoins04.dat
2015-01-18 19:58 - 2004-06-22 06:20 - 00017218 ____C () C:\WINDOWS\hpomdl04.dat
2015-01-16 09:32 - 2015-01-09 14:14 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150116-093242.backup
2015-01-13 20:11 - 2015-01-23 08:43 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\{7477016f-6628-718d-7477-7016f66205bd}
2015-01-12 20:52 - 2015-01-12 20:53 - 00059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2015-01-12 20:52 - 2015-01-12 20:52 - 00002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-11 10:21 - 2015-01-11 10:21 - 00074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2015-01-10 16:18 - 2015-01-10 16:18 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\Image Zone Express
2015-01-10 13:23 - 2015-01-10 13:23 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\Hewlett-Packard
2015-01-09 14:14 - 2015-01-06 11:39 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150109-141431.backup
2015-01-06 11:39 - 2015-01-03 09:12 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150106-113903.backup
2015-01-04 15:36 - 2015-01-04 15:36 - 00003060 ____C () C:\Documents and Settings\Katy\My Documents\nitely review.txt
2015-01-03 14:16 - 2015-01-23 09:31 - 00018944 ____C () C:\Documents and Settings\Katy\Desktop\JANUARY SPENDING RECORD 2015.xls
2015-01-03 09:43 - 2015-01-03 09:43 - 00000040 ____C () C:\Documents and Settings\Katy\My Documents\uncontested.txt
2015-01-03 09:12 - 2015-01-02 10:37 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150103-091215.backup
2015-01-02 10:37 - 2014-12-25 12:40 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150102-103703.backup
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-29 14:28 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Temp
2015-01-29 14:25 - 2011-02-22 08:01 - 01387421 ____C () C:\WINDOWS\WindowsUpdate.log
2015-01-29 14:24 - 2012-04-04 07:16 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-29 14:24 - 2004-08-10 12:51 - 00002206 ____C () C:\WINDOWS\system32\wpa.dbl
2015-01-29 14:23 - 2014-04-03 12:42 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-29 14:23 - 2011-02-22 08:01 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2015-01-29 14:23 - 2011-02-22 08:01 - 00000049 ____C () C:\WINDOWS\wiaservc.log
2015-01-29 14:23 - 2004-08-10 13:08 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2015-01-29 14:22 - 2012-08-27 16:05 - 00032360 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-29 14:22 - 2006-07-22 16:51 - 00000278 __SHC () C:\Documents and Settings\Katy\ntuser.ini
2015-01-29 14:01 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy
2015-01-29 09:23 - 2014-07-20 20:09 - 00024978 _____ () C:\WINDOWS\setupact.log
2015-01-29 08:44 - 2004-08-10 13:04 - 00000175 ____C () C:\WINDOWS\control.ini
2015-01-27 20:21 - 2011-12-10 22:39 - 00002489 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2015-01-27 20:21 - 2006-08-05 19:02 - 00059312 ____C () C:\Documents and Settings\Katy\Application Data\GDIPFONTCACHEV1.DAT
2015-01-27 09:03 - 2012-07-03 07:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-25 17:47 - 2008-04-01 07:21 - 00006212 ____C () C:\WINDOWS\wininit.ini
2015-01-24 20:25 - 2014-10-18 22:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-01-24 20:24 - 2012-04-04 07:16 - 00701616 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-24 20:24 - 2011-12-09 09:38 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-24 19:50 - 2014-03-27 10:02 - 00002565 ____C () C:\Documents and Settings\Katy\Desktop\Microsoft Calculator Plus.lnk
2015-01-24 09:33 - 2012-03-21 06:39 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\NA
2015-01-24 09:21 - 2011-12-09 20:04 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\MONEY
2015-01-24 08:06 - 2009-03-16 09:58 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF912A38-04AF-4DEA-99F3-FBFD6C3CAF34}.job
2015-01-23 10:49 - 2008-12-11 09:27 - 00243128 ____C () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-23 10:48 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-23 10:48 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-01-23 10:48 - 2004-08-10 13:02 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-23 10:44 - 2013-08-14 07:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-23 10:43 - 2006-07-17 19:17 - 00000000 ___DC () C:\dell
2015-01-23 10:43 - 2006-07-17 19:11 - 00000000 ____D () C:\i386
2015-01-23 08:26 - 2011-12-08 21:07 - 00000000 ___DC () C:\unzipped
2015-01-22 09:24 - 2014-10-02 10:36 - 00002027 ____C () C:\Documents and Settings\Katy\My Documents\swank critical.txt
2015-01-20 13:10 - 2011-12-18 12:21 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-01-20 13:09 - 2014-10-12 17:25 - 00171562 ____C () C:\WINDOWS\setupapi.log
2015-01-20 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\twain_32
2015-01-20 12:34 - 2008-12-03 11:55 - 00012964 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-01-20 12:30 - 2006-07-22 19:36 - 00059312 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-01-20 11:31 - 2014-07-20 18:28 - 00000724 ____C () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-01-20 11:31 - 2011-12-08 20:32 - 00000730 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-20 09:54 - 2006-07-17 19:17 - 00000254 _____ () C:\boot.ini
2015-01-18 20:14 - 2004-08-10 12:51 - 00001329 ____C () C:\WINDOWS\win.ini
2015-01-15 10:14 - 2006-07-23 08:43 - 110348472 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-14 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\pchealth
2015-01-12 21:00 - 2009-08-15 14:23 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HpUpdate
2015-01-11 11:05 - 2011-12-09 08:41 - 00000000 ____D () C:\Program Files\Savings Bond Wizard
2015-01-10 13:36 - 2008-12-03 13:12 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HP
2015-01-08 15:00 - 2014-04-03 12:42 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-01-03 14:33 - 2011-12-12 08:58 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\D A
2015-01-03 14:18 - 2011-12-10 22:39 - 00002487 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2015-01-03 11:15 - 2011-12-09 20:03 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\AA
==================== Files in the root of some directories =======
2006-08-27 16:27 - 2008-07-26 19:15 - 0004096 ____C () C:\Documents and Settings\Katy\Application Data\dvd.bmk
2015-01-12 20:52 - 2015-01-12 20:52 - 0002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-12 20:52 - 2015-01-12 20:53 - 0059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2006-07-28 06:32 - 2006-07-28 06:32 - 0012358 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JCM.{PB
2006-07-28 06:32 - 2006-07-28 06:32 - 0061678 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JPR.{PB
2015-01-11 10:21 - 2015-01-11 10:21 - 0074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2008-08-24 17:23 - 2011-01-12 10:24 - 0004608 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-23 07:45 - 2006-07-23 07:45 - 0000127 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\fusioncache.dat
Some content of TEMP:
====================
C:\Documents and Settings\Katy\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Katy\Local Settings\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
http://thisisudax.org/downloads/JRT.exe
JRT.tXT stopped after a few minutes at my startup (which is empty0
Also SPYBOT wouldn't let me close itself; so antivirus was running.
Computer is running verrrrry sloooow.
Katy