View Full Version : AtuZi not completely removed (?)
Hello,
I found AtuZi in my program files. (I have a WindowsXP Home Version and Spybot Home Edition). AtuZi did not show in my Add/Remove folder; I deleted the folder myself. Then I removed its' keys in my registry. Rebooted. And I get my *first* problem, an endless loop when I go into Spybot and do a C:/ system scan. It stops at 4.7% (with 1371 minutes remaining) OR goes thru to 100% and starts its endless loop again.
I thought it was AtuZi/maybe it is/ but: are there parts of it remaining? I did do a few System Restores and nothing at all happened.
Thank you for your time and attention.
Katy
-------------------------------------------------
Edit
For future reference and others reading. :)
http://forums.spybot.info/showthread.php?288-quot-BEFORE-You-POST-quot-%28Please-read-this-Procedure-Before-Requesting-Assistance%29-Updated
Hi Katy1,
My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Please stay with this topic until I let you know that your system appears to be "All Clear"
Important: All tools MUST be run from the Desktop.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Security Check
Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) aswMBR
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) and save it to your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply
=========================
In your next post please provide the following:
checkup.txt
aswMBR.txt
attach MBR.zip
FRST.txt
Addition.txt
Hi OCD!
I saved your instructions to Notepad.
>>If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.<<
Question: Do I run Security Check first or ALL the tools you gave me at once? (Security Check; aswMBR, etc.
Many thanks,
Katy
Hi Katy1,
You run one tool at a time and be sure to save the log/s that are generated. Just follow the list in the order they are presented.
If you run into a problem, skip that step and proceed to the next tool. :bigthumb:
Hi OCD,
Uh...my downloads are set to download from my Tools at the top of the page. I don't know how to get downloads to the desktop with Firefox. Duh.
Katy
Hi Katy,
Your files should be going to your Downloads folder. Locate the Downloads folder, then just drag the program to your Desktop.
If you cannot find the Downloads folder, (or wherever the downloads are being stored) click on the download arrow in your Firefox browser, then right click on the file you want to open and select "Open Containing Folder". This should open the folder where your downloads are saved to.
Hi OCD,
I cut/pasted the logs and think (with what you may ask?) I attached the MBR.ZIP; it would not let me drag and drop. :
Results of screen317's Security Check version 0.99.95
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Java 7 Update 71
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.296
Adobe Reader XI
Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
.....................................
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-28 20:45:43
-----------------------------
20:45:43.484 OS Version: Windows 5.1.2600 Service Pack 3
20:45:43.484 Number of processors: 1 586 0x409
20:45:43.484 ComputerName: D5TBBCB1 UserName: Katy
20:45:43.859 Initialize success
20:45:43.906 VM: initialized successfully
20:45:43.921 VM: Intel CPU virtualization not supported
20:47:51.718 AVAST engine defs: 15012801
20:50:38.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:50:38.625 Disk 0 Vendor: ST3802110A 3.ADH Size: 76293MB BusType: 3
20:50:38.796 Disk 0 MBR read successfully
20:50:38.796 Disk 0 MBR scan
20:50:38.828 Disk 0 unknown MBR code
20:50:38.828 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
20:50:38.843 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 53968 MB offset 80325
20:50:38.843 Disk 0 default boot code
20:50:38.875 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 19053 MB offset 110607525
20:50:38.890 Disk 0 Partition 4 00 DB CP/M / CTOS MSDOS5.0 3223 MB offset 149629410
20:50:38.921 Disk 0 scanning sectors +156232125
20:50:39.640 Disk 0 scanning C:\WINDOWS\system32\drivers
20:50:57.984 Service scanning
20:51:44.140 Modules scanning
20:51:44.140 Disk 0 trace - called modules:
20:51:44.156 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
20:51:44.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a89aab8]
20:51:44.156 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a8dcb00]
20:51:44.437 AVAST engine scan C:\WINDOWS
20:51:58.656 AVAST engine scan C:\WINDOWS\system32
20:55:21.640 AVAST engine scan C:\WINDOWS\system32\drivers
20:55:49.265 AVAST engine scan C:\Documents and Settings\Katy
20:59:13.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Katy\Desktop\MBR.dat"
20:59:13.265 The log file has been saved successfully to "C:\Documents and Settings\Katy\Desktop\aswMBR.txt"
.................
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by Katy (administrator) on D5TBBCB1 on 28-01-2015 21:35:19
Running from C:\Documents and Settings\Katy\Desktop
Loaded Profiles: Katy (Available profiles: Katy)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe
(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
(Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe
() C:\Program Files\Dell\Media Experience\DMXLauncher.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Sonic Solutions) C:\WINDOWS\system32\DLA\DLACTRLW.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe
(AVAST Software) C:\Documents and Settings\Katy\Desktop\aswMBR.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DMXLauncher] => C:\Program Files\Dell\Media Experience\DMXLauncher.exe [98304 2006-05-03] ()
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe
HKLM\...\Run: [ISUSPM Startup] => "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2009-05-19] (Analog Devices, Inc.)
HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [122940 2005-11-07] (Sonic Solutions)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\avgrsstarter: avgrsstx.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Macrovision Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-1226216386-1621485569-1288477537-1006] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1226216386-1621485569-1288477537-1006] => localhost:21320
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name -> {e4878b45-e2c0-4307-b6e8-734922f92f5b} -> No File
Toolbar: HKLM - No Name - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {E4878B45-E2C0-4307-B6E8-734922F92F5B} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - No File
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog9 27 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll File Not found ()
Winsock: Catalog9 33 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll File Not found ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Katy\Application Data\Mozilla\Firefox\Profiles\aucqph31.default-1422302831937
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
Chrome:
=======
CHR Profile: C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-18]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files\TornTV.com\torn2_10.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 Iprip; C:\WINDOWS\System32\iprip.dll [35328 2008-04-13] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel(R) Corporation) [File not signed]
S2 NIS; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-13] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [X]
S2 Update Jotzey; "C:\Program Files\Jotzey\updateJotzey.exe" [X]
S2 Update neurowise; "C:\Program Files\neurowise\updateneurowise.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 6195; C:\WINDOWS\System32\DRIVERS\6195 [9072 2011-11-18] ()
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2004-03-24] () [File not signed]
S1 ccSet_NIS; C:\WINDOWS\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-11-07] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-31] (Symantec Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-12] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-12] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP)
S3 netrcacm; C:\WINDOWS\System32\DRIVERS\netrcacm.sys [20648 2003-04-02] (Thomson Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46080 2005-08-19] (Sonic Solutions) [File not signed]
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S3 SRTSP; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2013-12-14] (Symantec Corporation)
S1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
S1 SYMTDI; C:\WINDOWS\system32\drivers\NIS\1501000.012\SYMTDI.SYS [421592 2013-09-25] (Symantec Corporation)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 2980; System32\DRIVERS\2980 [X]
S3 Avgfwdx; system32\DRIVERS\avgfwdx.sys [X]
S3 Avgfwfd; system32\DRIVERS\avgfwdx.sys [X]
S1 BHDrvx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\Katy\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IDSxpx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140219.001\IDSxpx86.sys [X]
S3 NAVENG; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVEX15.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
U3 aswMBR; \??\C:\DOCUME~1\Katy\LOCALS~1\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\DOCUME~1\Katy\LOCALS~1\Temp\aswVmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-28 21:35 - 2015-01-28 21:35 - 00017668 _____ () C:\Documents and Settings\Katy\Desktop\FRST.txt
2015-01-28 21:34 - 2015-01-28 21:35 - 00000000 ___DC () C:\FRST
2015-01-28 21:28 - 2015-01-28 21:28 - 01121792 _____ (Farbar) C:\Documents and Settings\Katy\Desktop\FRST.exe
2015-01-28 21:14 - 2015-01-28 21:18 - 02130432 _____ (Farbar) C:\Documents and Settings\Katy\Desktop\FRST64(1).exe
2015-01-28 20:59 - 2015-01-28 20:59 - 00002134 _____ () C:\Documents and Settings\Katy\Desktop\aswMBR.txt
2015-01-28 20:59 - 2015-01-28 20:59 - 00000512 _____ () C:\Documents and Settings\Katy\Desktop\MBR.dat
2015-01-28 20:44 - 2015-01-28 20:44 - 05198336 _____ (AVAST Software) C:\Documents and Settings\Katy\Desktop\aswMBR.exe
2015-01-28 17:54 - 2015-01-28 17:54 - 00852573 _____ () C:\Documents and Settings\Katy\Desktop\SecurityCheck(3).exe
2015-01-27 20:23 - 2015-01-27 20:26 - 00005663 _____ () C:\Documents and Settings\Katy\Desktop\AtuZi re OCD 1 27 15.txt
2015-01-26 18:24 - 2015-01-26 18:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-24 09:23 - 2015-01-24 09:25 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\POT STOX
2015-01-24 08:46 - 2015-01-24 08:46 - 00000331 _____ () C:\Documents and Settings\Katy\My Documents\be careful.txt
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Hewlett-Packard
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2015-01-23 10:44 - 2015-01-23 10:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AdZe MiXXe
2015-01-23 07:19 - 2015-01-23 07:19 - 00013620 ____C () C:\Documents and Settings\Katy\My Documents\shais taub the steps we took etc.txt
2015-01-20 12:32 - 2015-01-18 20:43 - 00104194 ____C () C:\WINDOWS\hpoins04.dat.temp
2015-01-20 12:32 - 2004-06-22 10:04 - 00017176 ____C () C:\WINDOWS\hpomdl04.dat.temp
2015-01-20 12:32 - 2004-04-13 03:10 - 00581632 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpotscl.dll
2015-01-20 12:32 - 2004-04-13 03:10 - 00090112 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpovst08.dll
2015-01-20 12:32 - 2004-03-14 05:32 - 00278528 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpgwiamd.dll
2015-01-20 12:31 - 2004-04-07 09:34 - 00196608 _____ (HP) C:\WINDOWS\system32\hpzcoi10.dll
2015-01-20 12:31 - 2004-04-07 09:33 - 00344064 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\hpzcon10.dll
2015-01-20 12:31 - 2004-03-14 05:43 - 00180315 _____ (HP) C:\WINDOWS\system32\hpzsnt10.dll
2015-01-20 12:28 - 2015-01-23 10:47 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-01-20 12:28 - 2015-01-23 08:26 - 00000000 ____D () C:\Program Files\Hp
2015-01-20 09:54 - 2015-01-20 09:54 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\ProcAlyzer Dumps
2015-01-18 21:01 - 2015-01-28 21:01 - 00000302 _____ () C:\WINDOWS\Tasks\WebReg officejet 4200 series.job
2015-01-18 21:01 - 2015-01-18 21:01 - 00001053 ____C () C:\_Sid.txt
2015-01-18 20:11 - 2015-01-18 20:11 - 00000000 ____D () C:\Program Files\Common Files\HP
2015-01-18 20:09 - 2015-01-18 20:09 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2015-01-18 19:58 - 2015-01-20 12:34 - 00102032 _____ () C:\WINDOWS\hpoins04.dat
2015-01-18 19:58 - 2004-06-22 06:20 - 00017218 ____C () C:\WINDOWS\hpomdl04.dat
2015-01-16 09:32 - 2015-01-09 14:14 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150116-093242.backup
2015-01-13 20:11 - 2015-01-23 08:43 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\{7477016f-6628-718d-7477-7016f66205bd}
2015-01-12 20:52 - 2015-01-12 20:53 - 00059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2015-01-12 20:52 - 2015-01-12 20:52 - 00002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-11 10:21 - 2015-01-11 10:21 - 00074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2015-01-10 16:18 - 2015-01-10 16:18 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\Image Zone Express
2015-01-10 13:23 - 2015-01-10 13:23 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\Hewlett-Packard
2015-01-09 14:14 - 2015-01-06 11:39 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150109-141431.backup
2015-01-06 11:39 - 2015-01-03 09:12 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150106-113903.backup
2015-01-04 15:36 - 2015-01-04 15:36 - 00003060 ____C () C:\Documents and Settings\Katy\My Documents\nitely review.txt
2015-01-03 14:16 - 2015-01-23 09:31 - 00018944 ____C () C:\Documents and Settings\Katy\Desktop\JANUARY SPENDING RECORD 2015.xls
2015-01-03 09:43 - 2015-01-03 09:43 - 00000040 ____C () C:\Documents and Settings\Katy\My Documents\uncontested.txt
2015-01-03 09:12 - 2015-01-02 10:37 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150103-091215.backup
2015-01-02 10:37 - 2014-12-25 12:40 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150102-103703.backup
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-28 21:35 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Temp
2015-01-28 21:24 - 2012-04-04 07:16 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-28 20:22 - 2011-02-22 08:01 - 01361484 ____C () C:\WINDOWS\WindowsUpdate.log
2015-01-28 20:21 - 2014-04-03 12:42 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-28 20:21 - 2004-08-10 12:51 - 00002206 ____C () C:\WINDOWS\system32\wpa.dbl
2015-01-28 20:20 - 2011-02-22 08:01 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2015-01-28 20:20 - 2011-02-22 08:01 - 00000049 ____C () C:\WINDOWS\wiaservc.log
2015-01-28 20:19 - 2004-08-10 13:08 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2015-01-28 18:17 - 2012-08-27 16:05 - 00032360 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-28 18:17 - 2006-07-22 16:51 - 00000278 __SHC () C:\Documents and Settings\Katy\ntuser.ini
2015-01-28 18:13 - 2014-07-20 20:09 - 00024858 _____ () C:\WINDOWS\setupact.log
2015-01-28 15:20 - 2004-08-10 13:04 - 00000175 ____C () C:\WINDOWS\control.ini
2015-01-27 20:21 - 2011-12-10 22:39 - 00002489 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2015-01-27 20:21 - 2006-08-05 19:02 - 00059312 ____C () C:\Documents and Settings\Katy\Application Data\GDIPFONTCACHEV1.DAT
2015-01-27 09:03 - 2012-07-03 07:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-25 17:47 - 2008-04-01 07:21 - 00006212 ____C () C:\WINDOWS\wininit.ini
2015-01-24 20:25 - 2014-10-18 22:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-01-24 20:24 - 2012-04-04 07:16 - 00701616 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-24 20:24 - 2011-12-09 09:38 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-24 19:50 - 2014-03-27 10:02 - 00002565 ____C () C:\Documents and Settings\Katy\Desktop\Microsoft Calculator Plus.lnk
2015-01-24 09:33 - 2012-03-21 06:39 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\NA
2015-01-24 09:21 - 2011-12-09 20:04 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\MONEY
2015-01-24 08:06 - 2009-03-16 09:58 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF912A38-04AF-4DEA-99F3-FBFD6C3CAF34}.job
2015-01-23 10:49 - 2008-12-11 09:27 - 00243128 ____C () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-23 10:48 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy
2015-01-23 10:48 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-23 10:48 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-01-23 10:48 - 2004-08-10 13:02 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-23 10:44 - 2013-08-14 07:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-23 10:43 - 2006-07-17 19:17 - 00000000 ___DC () C:\dell
2015-01-23 10:43 - 2006-07-17 19:11 - 00000000 ____D () C:\i386
2015-01-23 08:26 - 2011-12-08 21:07 - 00000000 ___DC () C:\unzipped
2015-01-22 09:24 - 2014-10-02 10:36 - 00002027 ____C () C:\Documents and Settings\Katy\My Documents\swank critical.txt
2015-01-20 13:10 - 2011-12-18 12:21 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-01-20 13:09 - 2014-10-12 17:25 - 00171562 ____C () C:\WINDOWS\setupapi.log
2015-01-20 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\twain_32
2015-01-20 12:34 - 2008-12-03 11:55 - 00012964 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-01-20 12:30 - 2006-07-22 19:36 - 00059312 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-01-20 11:31 - 2014-07-20 18:28 - 00000724 ____C () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-01-20 11:31 - 2011-12-08 20:32 - 00000730 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-20 09:54 - 2006-07-17 19:17 - 00000254 _____ () C:\boot.ini
2015-01-18 20:14 - 2004-08-10 12:51 - 00001329 ____C () C:\WINDOWS\win.ini
2015-01-15 10:14 - 2006-07-23 08:43 - 110348472 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-14 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\pchealth
2015-01-12 21:00 - 2009-08-15 14:23 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HpUpdate
2015-01-11 11:05 - 2011-12-09 08:41 - 00000000 ____D () C:\Program Files\Savings Bond Wizard
2015-01-10 13:36 - 2008-12-03 13:12 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HP
2015-01-08 15:00 - 2014-04-03 12:42 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-01-03 14:33 - 2011-12-12 08:58 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\D A
2015-01-03 14:18 - 2011-12-10 22:39 - 00002487 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2015-01-03 11:15 - 2011-12-09 20:03 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\AA
==================== Files in the root of some directories =======
2006-08-27 16:27 - 2008-07-26 19:15 - 0004096 ____C () C:\Documents and Settings\Katy\Application Data\dvd.bmk
2015-01-12 20:52 - 2015-01-12 20:52 - 0002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-12 20:52 - 2015-01-12 20:53 - 0059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2006-07-28 06:32 - 2006-07-28 06:32 - 0012358 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JCM.{PB
2006-07-28 06:32 - 2006-07-28 06:32 - 0061678 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JPR.{PB
2015-01-11 10:21 - 2015-01-11 10:21 - 0074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2008-08-24 17:23 - 2011-01-12 10:24 - 0004608 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-23 07:45 - 2006-07-23 07:45 - 0000127 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\fusioncache.dat
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
...................................
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by Katy at 2015-01-28 21:36:30
Running from C:\Documents and Settings\Katy\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG Anti-Virus Free (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
aaquotes (HKLM\...\ST5UNST #1) (Version: - )
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1703.41614 - ABBYY Software House)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AiO_Scan (Version: 43.0.217.000 - Hewlett-Packard) Hidden
AOLIcon (Version: 1.00.0000 - Dell) Hidden
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )
Dell CinePlayer (HKLM\...\{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}) (Version: 3.0 - Dell)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Digital Content Portal (HKLM\...\{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}) (Version: 1.00.0000 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc)
DocProc (Version: 7.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Documentation & Support Launcher (HKLM\...\{B0DF58A2-40DF-4465-AA56-38623EC9938C}) (Version: 1.00.0000 - Dell Inc.)
e-AA lite (HKLM\...\e-AA lite_is1) (Version: v1.11 - The Anonymous Press)
ELIcon (Version: 1.00.0000 - Dell) Hidden
Enterprise (Version: 43.0.217.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP PSC & Officejet 4.2 Corporate Edition (HKLM\...\{AC1314E7-D28C-40A1-B322-80D2868D35CE}) (Version: - HP)
HP Support Solutions Framework (HKLM\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
Intel(R) Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel(R) PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - )
Intel(R) PROSet for Wired Connections (HKLM\...\{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}) (Version: 8.00.5000 - Dell)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Mah Jongg - The REAL Game! (HKLM\...\Mah Jongg - The REAL Game!) (Version: - )
MCU (Version: 1.00.0000 - Dell) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM\...\{90110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 2.40 - BVRP Software)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.12 - BVRP Software, Inc)
OCR Software by I.R.I.S 7.0 (HKLM\...\HPOCR) (Version: 7.0 - HP)
Professor Teaches Access 2000 (HKLM\...\Professor Teaches Access 2000) (Version: - )
Professor Teaches Access 2002 (HKLM\...\Professor Teaches Access 2002) (Version: 3.0 - Individual Software, Inc.)
Professor Teaches Excel 2000 (HKLM\...\Professor Teaches Excel 2000) (Version: - )
Professor Teaches Excel 2002 (HKLM\...\Professor Teaches Excel 2002) (Version: 3.0 - Individual Software, Inc.)
Professor Teaches FrontPage 2002 (HKLM\...\Professor Teaches FrontPage 2002) (Version: 3.0 - Individual Software, Inc.)
Professor Teaches Outlook 2000 (HKLM\...\Professor Teaches Outlook 2000) (Version: - )
Professor Teaches Outlook 2002 (HKLM\...\Professor Teaches Outlook 2002) (Version: 3.0 - Individual Software, Inc.)
Professor Teaches PowerPoint 2000 (HKLM\...\Professor Teaches PowerPoint 2000) (Version: - )
Professor Teaches PowerPoint 2002 (HKLM\...\Professor Teaches PowerPoint 2002) (Version: 3.0 - Individual Software, Inc.)
Professor Teaches Windows XP Home Edition (HKLM\...\Professor Teaches Windows XP Home Edition) (Version: 4.0 - Individual Software, Inc.)
Professor Teaches Word 2000 (HKLM\...\Professor Teaches Word 2000) (Version: - )
Professor Teaches Word 2002 (HKLM\...\Professor Teaches Word 2002) (Version: 3.0 - Individual Software, Inc.)
Roxio DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 5.2.0 - Roxio)
Roxio MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.6 - Roxio)
Roxio RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Roxio)
Roxio RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Roxio)
Roxio RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Roxio)
Savings Bond Wizard (HKLM\...\Savings Bond Wizard) (Version: - )
Scan (Version: 4.1.0.0 - Hewlett-Packard) Hidden
Scrabble (HKLM\...\Scrabble) (Version: - )
Search Assist (HKLM\...\{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}) (Version: 1.00.0000 - Dell)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
WebCyberCoach 3.2 Dell (HKLM\...\WebCyberCoach_wtrb) (Version: - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Wellness (HKLM\...\{E7DB1937-44D9-4DD7-9704-46BDCACD9DD0}) (Version: 4.5 - Zentrum Publishing)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0018.5 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20061107.210142 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinZip (HKLM\...\WinZip) (Version: 9.0 (6028) - WinZip Computing, Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Katy\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Katy\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No File
==================== Restore Points =========================
10-11-2014 22:00:19 System Checkpoint
11-11-2014 13:54:04 Software Distribution Service 3.0
12-11-2014 16:28:15 System Checkpoint
17-11-2014 11:40:28 System Checkpoint
18-11-2014 12:24:30 System Checkpoint
19-11-2014 12:54:30 System Checkpoint
21-11-2014 12:15:22 System Checkpoint
22-11-2014 14:28:39 System Checkpoint
24-11-2014 13:55:59 System Checkpoint
28-11-2014 16:52:19 System Checkpoint
29-11-2014 16:55:48 System Checkpoint
30-11-2014 17:02:35 System Checkpoint
05-12-2014 12:34:47 System Checkpoint
07-12-2014 03:01:58 System Checkpoint
09-12-2014 10:03:13 System Checkpoint
10-12-2014 09:51:25 Software Distribution Service 3.0
15-12-2014 11:19:34 System Checkpoint
17-12-2014 18:45:45 System Checkpoint
19-12-2014 10:27:10 System Checkpoint
21-12-2014 14:34:04 System Checkpoint
22-12-2014 13:51:03 Restore Operation
22-12-2014 13:58:35 Software Distribution Service 3.0
22-12-2014 15:46:26 Restore Operation
26-12-2014 18:52:22 Removed Across Lite
31-12-2014 13:27:45 System Checkpoint
03-01-2015 09:34:01 System Checkpoint
05-01-2015 08:42:34 System Checkpoint
06-01-2015 09:38:57 System Checkpoint
09-01-2015 15:00:45 System Checkpoint
10-01-2015 13:22:58 Installed HP Support Solutions Framework
10-01-2015 13:54:01 Printer Driver HP Officejet 5600 series fax Installed
11-01-2015 10:19:22 Removed HP Software Update
12-01-2015 21:00:19 Installed HP Product Assistant
13-01-2015 20:16:10 Restore Operation
13-01-2015 20:22:04 Software Distribution Service 3.0
14-01-2015 12:51:09 Removed HP Support Solutions Framework
14-01-2015 12:53:52 Removed HP Update.
15-01-2015 09:59:35 Restore Operation
15-01-2015 10:14:15 Software Distribution Service 3.0
17-01-2015 05:06:29 System Checkpoint
18-01-2015 19:42:15 Installed HP Support Solutions Framework
18-01-2015 20:14:22 Printer Driver hp officejet 4200 series fax Installed
19-01-2015 08:38:01 Restore Operation
19-01-2015 08:51:23 Restore Operation
19-01-2015 09:06:37 Software Distribution Service 3.0
19-01-2015 10:13:08 Restore Operation
20-01-2015 10:58:48 System Checkpoint
20-01-2015 12:28:41 Installed HP Support Solutions Framework
22-01-2015 07:48:36 System Checkpoint
23-01-2015 08:24:59 Restore Operation
23-01-2015 08:49:34 Software Distribution Service 3.0
23-01-2015 10:34:38 Restore Operation
25-01-2015 16:13:08 System Checkpoint
26-01-2015 18:38:05 System Checkpoint
28-01-2015 08:10:41 System Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-08-10 12:51 - 2015-01-16 09:32 - 00450775 ___RC C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 1spybot.com
127.0.0.1 www.1spybot.com
127.0.0.1 1stantivirus.com
127.0.0.1 www.1stantivirus.com
127.0.0.1 1stpagehere.com
127.0.0.1 www.1stpagehere.com
127.0.0.1 1stsearchportal.com
127.0.0.1 www.1stsearchportal.com
127.0.0.1 2-2005-search.com
127.0.0.1 www.2-2005-search.com
127.0.0.1 2.82211.net
127.0.0.1 2006ooo.com
127.0.0.1 www.2006ooo.com
127.0.0.1 2007-download.com
127.0.0.1 www.2007-download.com
127.0.0.1 2008-search-destroy.com
127.0.0.1 www.2008-search-destroy.com
127.0.0.1 2008-viewer.com
127.0.0.1 www.2008-viewer.com
127.0.0.1 2008firefox.com
127.0.0.1 www.2008firefox.com
127.0.0.1 2008search-destroy.com
127.0.0.1 www.2008search-destroy.com
127.0.0.1 2009--access.com
127.0.0.1 www.2009--access.com
127.0.0.1 2009-edition.com
127.0.0.1 www.2009-edition.com
127.0.0.1 2009-phone.com
127.0.0.1 www.2009-phone.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\DriverNavigator Scheduled Scan.job => C:\Program Files\Easeware\DriverNavigator\DriverNavigator.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
Task: C:\WINDOWS\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF912A38-04AF-4DEA-99F3-FBFD6C3CAF34}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\WebReg officejet 4200 series.job => C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
==================== Loaded Modules (whitelisted) =============
2014-08-12 09:14 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-12 09:14 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-12 09:14 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-12 09:14 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-12 09:14 - 2012-04-03 16:06 - 00565640 ____C () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2005-10-05 03:12 - 2006-05-03 02:12 - 00098304 ____C () C:\Program Files\Dell\Media Experience\DMXLauncher.exe
2015-01-26 18:24 - 2015-01-26 18:25 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\WINDOWS\explorer.exe:�SummaryInformation
AlternateDataStreams: C:\WINDOWS\explorer.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\wmp11Uninst.log:�SummaryInformation
AlternateDataStreams: C:\WINDOWS\wmp11Uninst.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2BDCFAD6
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2D5907B8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D158BAF9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1226216386-1621485569-1288477537-500 - Administrator - Enabled)
Guest (S-1-5-21-1226216386-1621485569-1288477537-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1226216386-1621485569-1288477537-1005 - Limited - Disabled)
Katy (S-1-5-21-1226216386-1621485569-1288477537-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Katy
SUPPORT_388945a0 (S-1-5-21-1226216386-1621485569-1288477537-1002 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/28/2015 08:27:34 PM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.
Error: (01/28/2015 07:23:34 AM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.
Error: (01/27/2015 09:11:47 AM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.
Error: (01/26/2015 06:15:06 PM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.
Error: (01/26/2015 10:53:32 AM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.
Error: (01/26/2015 08:09:27 AM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.
Error: (01/25/2015 09:02:29 PM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.
Error: (01/25/2015 03:43:41 PM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.
Error: (01/25/2015 08:47:02 AM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.
Error: (01/24/2015 08:01:26 AM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.
System errors:
=============
Error: (01/28/2015 08:21:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx86
ccSet_NIS
SymIRON
SYMTDI
Error: (01/28/2015 08:21:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update neurowise service failed to start due to the following error:
%%3
Error: (01/28/2015 08:21:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Jotzey service failed to start due to the following error:
%%3
Error: (01/28/2015 08:21:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053
Error: (01/28/2015 08:21:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Error: (01/28/2015 08:21:18 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Norton Internet Security service terminated with service-specific error 4294967295 (0xFFFFFFFF).
Error: (01/28/2015 08:21:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%1053
Error: (01/28/2015 08:21:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the HP Support Solutions Framework Service service to connect.
Error: (01/28/2015 08:19:59 PM) (Source: WPDMTPDriver) (EventID: 15300) (User: )
Description: MTP WPD Driver has failed to start. Error 0x8007048f.
Error: (01/28/2015 05:19:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
Microsoft Office Sessions:
=========================
Error: (01/28/2015 08:27:34 PM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\
Error: (01/28/2015 07:23:34 AM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\
Error: (01/27/2015 09:11:47 AM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\
Error: (01/26/2015 06:15:06 PM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\
Error: (01/26/2015 10:53:32 AM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\
Error: (01/26/2015 08:09:27 AM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\
Error: (01/25/2015 09:02:29 PM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\
Error: (01/25/2015 03:43:41 PM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\
Error: (01/25/2015 08:47:02 AM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\
Error: (01/24/2015 08:01:26 AM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) CPU 2.53GHz
Percentage of memory in use: 45%
Total physical RAM: 2045.98 MB
Available physical RAM: 1124.4 MB
Total Pagefile: 3431.36 MB
Available Pagefile: 2234.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1927.52 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:52.7 GB) (Free:33.23 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Backup) (Fixed) (Total:18.61 GB) (Free:18.53 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=52.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.1 GB) - (Type=DB)
==================== End Of Log ============================
Hi Katy1,
You're doing just fine with posting the logs. :)
Important information regarding Windows XP
Microsoft will no longer offer support for Windows XP beginning on April 8, 2014
If you are running Windows XP, please take the time to read the information provided at these links.
Windows XP - The Elephant In The Room (http://www.malwareremoval.com/forum/viewtopic.php?p=630064#p630064)
Windows XP - The end of the road (http://techpageone.dell.com/technology/windows-xp-end-road/?dgc=BA&cid=272099&lid=5049884&acd=12309189674467600#.UxUoP4W9Is3)
= = = = = = = = = = = = = = = = = = = =
Did you set this proxy?
ProxyEnable: [S-1-5-21-1226216386-1621485569-1288477537-1006] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1226216386-1621485569-1288477537-1006] => localhost:21320
= = = = = = = = = = = = = = = = = = = =
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) FRST Fix Script
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869
BHO: No Name -> {e4878b45-e2c0-4307-b6e8-734922f92f5b} -> No File
Toolbar: HKLM - No Name - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {E4878B45-E2C0-4307-B6E8-734922F92F5B} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Winsock: Catalog9 27 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll File Not found ()
Winsock: Catalog9 33 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll File Not found ()
S2 Update Jotzey; "C:\Program Files\Jotzey\updateJotzey.exe" [X]
S2 Update neurowise; "C:\Program Files\neurowise\updateneurowise.exe" [X]
EmptyTemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) AdwCleaner v3: Scan & Clean (http://www.bleepingcomputer.com/download/adwcleaner/)
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
Click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Junkware Removal Tool
Download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Shut down your protection software now to avoid potential conflicts.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Reboot
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Farbar Recovery Scan Tool it should be on your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================
In your next post please provide the following:
Fixlog.txt
AdwCleaner[S0].txt
JRT.txt
new FRST.txt
How is the computer running?
Hi OCD,
I got lost retrieving Fixlog.txt and got then FRST sent me to the Windows XP repair center/Mcafee with popups for media player. Many apologies.
AdwCleaner [SO] txt# AdwCleaner v4.109 - Report created 29/01/2015 at 13:57:27
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Katy - D5TBBCB1
# Running from : C:\Documents and Settings\Katy\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : AVG Security Toolbar Service
[#] Service Deleted : Update neurowise
[#] Service Deleted : Update Jotzey
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn
Folder Deleted : C:\Documents and Settings\All Users\Application Data\pastaleads
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\SearchAssist
Folder Deleted : C:\Documents and Settings\Katy\Local Settings\Application Data\globalUpdate
Folder Deleted : C:\Documents and Settings\Katy\Application Data\Viewpoint
File Deleted : C:\WINDOWS\Reimage.ini
File Deleted : C:\WINDOWS\system32\config\pastalea.evt
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\8ed8dab538ef42
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2187784
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InfoAtoms
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Reimage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:21320
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
***** [ Browsers ] *****
-\\ Internet Explorer v7.0.6000.21376
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [3892 octets] - [29/01/2015 13:51:21]
AdwCleaner[S0].txt - [3833 octets] - [29/01/2015 13:57:27]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3893 octets] ##########
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by Katy (administrator) on D5TBBCB1 on 29-01-2015 14:27:47
Running from C:\Documents and Settings\Katy\Desktop
Loaded Profiles: Katy (Available profiles: Katy)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DMXLauncher] => C:\Program Files\Dell\Media Experience\DMXLauncher.exe [98304 2006-05-03] ()
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe
HKLM\...\Run: [ISUSPM Startup] => "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2009-05-19] (Analog Devices, Inc.)
HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [122940 2005-11-07] (Sonic Solutions)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\avgrsstarter: avgrsstx.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Macrovision Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name -> {e4878b45-e2c0-4307-b6e8-734922f92f5b} -> No File
Toolbar: HKLM - No Name - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {E4878B45-E2C0-4307-B6E8-734922F92F5B} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - No File
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Katy\Application Data\Mozilla\Firefox\Profiles\aucqph31.default-1422302831937
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Advertising Cookie Opt-out - C:\Documents and Settings\Katy\Application Data\Mozilla\Firefox\Profiles\aucqph31.default-1422302831937\Extensions\optout@google.com.xpi [2015-01-29]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
Chrome:
=======
CHR Profile: C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-18]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 Iprip; C:\WINDOWS\System32\iprip.dll [35328 2008-04-13] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel(R) Corporation) [File not signed]
S2 NIS; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-13] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 6195; C:\WINDOWS\System32\DRIVERS\6195 [9072 2011-11-18] ()
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2004-03-24] () [File not signed]
S1 ccSet_NIS; C:\WINDOWS\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-11-07] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-31] (Symantec Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-12] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-12] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP)
S3 netrcacm; C:\WINDOWS\System32\DRIVERS\netrcacm.sys [20648 2003-04-02] (Thomson Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46080 2005-08-19] (Sonic Solutions) [File not signed]
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S3 SRTSP; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2013-12-14] (Symantec Corporation)
S1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
S1 SYMTDI; C:\WINDOWS\system32\drivers\NIS\1501000.012\SYMTDI.SYS [421592 2013-09-25] (Symantec Corporation)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 2980; System32\DRIVERS\2980 [X]
S3 Avgfwdx; system32\DRIVERS\avgfwdx.sys [X]
S3 Avgfwfd; system32\DRIVERS\avgfwdx.sys [X]
S1 BHDrvx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\Katy\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IDSxpx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140219.001\IDSxpx86.sys [X]
S3 NAVENG; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVEX15.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-29 14:27 - 2015-01-29 14:28 - 00015375 _____ () C:\Documents and Settings\Katy\Desktop\FRST.txt
2015-01-29 14:27 - 2015-01-29 09:14 - 01121792 _____ (Farbar) C:\Documents and Settings\Katy\Desktop\FRST.exe
2015-01-29 14:14 - 2015-01-29 14:14 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-29 14:07 - 2015-01-29 14:08 - 01707939 _____ (Thisisu) C:\Documents and Settings\Katy\Desktop\JRT.exe
2015-01-29 13:50 - 2015-01-29 14:05 - 00000000 ___DC () C:\AdwCleaner
2015-01-29 13:49 - 2015-01-29 13:49 - 02194432 _____ () C:\Documents and Settings\Katy\Desktop\AdwCleaner.exe
2015-01-29 13:46 - 2015-01-29 13:46 - 00053106 _____ () C:\Documents and Settings\Katy\Desktop\win 7 ultimate guide 1 29 15.txt
2015-01-29 13:30 - 2015-01-29 13:30 - 00002468 _____ () C:\Documents and Settings\Katy\Desktop\fixlist.txt
2015-01-29 13:26 - 2015-01-29 13:26 - 00006900 _____ () C:\Documents and Settings\Katy\Desktop\OCD Atuziinstructions Thursday 1 29 15.txt
2015-01-29 13:24 - 2015-01-29 13:25 - 00000000 ____D () C:\Documents and Settings\Katy\Desktop\OCD re ZtuZiwed 1 28
2015-01-29 13:24 - 2015-01-29 13:24 - 00000294 _____ () C:\Documents and Settings\Katy\Desktop\did you set this proxy.txt
2015-01-28 21:34 - 2015-01-29 14:27 - 00000000 ___DC () C:\FRST
2015-01-27 20:23 - 2015-01-27 20:26 - 00005663 _____ () C:\Documents and Settings\Katy\Desktop\AtuZi re OCD 1 27 15.txt
2015-01-26 18:24 - 2015-01-26 18:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-24 09:23 - 2015-01-24 09:25 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\POT STOX
2015-01-24 08:46 - 2015-01-24 08:46 - 00000331 _____ () C:\Documents and Settings\Katy\My Documents\be careful.txt
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Hewlett-Packard
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2015-01-23 10:44 - 2015-01-23 10:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AdZe MiXXe
2015-01-23 07:19 - 2015-01-23 07:19 - 00013620 ____C () C:\Documents and Settings\Katy\My Documents\shais taub the steps we took etc.txt
2015-01-20 12:32 - 2015-01-18 20:43 - 00104194 ____C () C:\WINDOWS\hpoins04.dat.temp
2015-01-20 12:32 - 2004-06-22 10:04 - 00017176 ____C () C:\WINDOWS\hpomdl04.dat.temp
2015-01-20 12:32 - 2004-04-13 03:10 - 00581632 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpotscl.dll
2015-01-20 12:32 - 2004-04-13 03:10 - 00090112 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpovst08.dll
2015-01-20 12:32 - 2004-03-14 05:32 - 00278528 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpgwiamd.dll
2015-01-20 12:31 - 2004-04-07 09:34 - 00196608 _____ (HP) C:\WINDOWS\system32\hpzcoi10.dll
2015-01-20 12:31 - 2004-04-07 09:33 - 00344064 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\hpzcon10.dll
2015-01-20 12:31 - 2004-03-14 05:43 - 00180315 _____ (HP) C:\WINDOWS\system32\hpzsnt10.dll
2015-01-20 12:28 - 2015-01-23 10:47 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-01-20 12:28 - 2015-01-23 08:26 - 00000000 ____D () C:\Program Files\Hp
2015-01-20 09:54 - 2015-01-20 09:54 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\ProcAlyzer Dumps
2015-01-18 21:01 - 2015-01-28 21:01 - 00000302 _____ () C:\WINDOWS\Tasks\WebReg officejet 4200 series.job
2015-01-18 21:01 - 2015-01-18 21:01 - 00001053 ____C () C:\_Sid.txt
2015-01-18 20:11 - 2015-01-18 20:11 - 00000000 ____D () C:\Program Files\Common Files\HP
2015-01-18 20:09 - 2015-01-18 20:09 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2015-01-18 19:58 - 2015-01-20 12:34 - 00102032 _____ () C:\WINDOWS\hpoins04.dat
2015-01-18 19:58 - 2004-06-22 06:20 - 00017218 ____C () C:\WINDOWS\hpomdl04.dat
2015-01-16 09:32 - 2015-01-09 14:14 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150116-093242.backup
2015-01-13 20:11 - 2015-01-23 08:43 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\{7477016f-6628-718d-7477-7016f66205bd}
2015-01-12 20:52 - 2015-01-12 20:53 - 00059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2015-01-12 20:52 - 2015-01-12 20:52 - 00002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-11 10:21 - 2015-01-11 10:21 - 00074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2015-01-10 16:18 - 2015-01-10 16:18 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\Image Zone Express
2015-01-10 13:23 - 2015-01-10 13:23 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\Hewlett-Packard
2015-01-09 14:14 - 2015-01-06 11:39 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150109-141431.backup
2015-01-06 11:39 - 2015-01-03 09:12 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150106-113903.backup
2015-01-04 15:36 - 2015-01-04 15:36 - 00003060 ____C () C:\Documents and Settings\Katy\My Documents\nitely review.txt
2015-01-03 14:16 - 2015-01-23 09:31 - 00018944 ____C () C:\Documents and Settings\Katy\Desktop\JANUARY SPENDING RECORD 2015.xls
2015-01-03 09:43 - 2015-01-03 09:43 - 00000040 ____C () C:\Documents and Settings\Katy\My Documents\uncontested.txt
2015-01-03 09:12 - 2015-01-02 10:37 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150103-091215.backup
2015-01-02 10:37 - 2014-12-25 12:40 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150102-103703.backup
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-29 14:28 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Temp
2015-01-29 14:25 - 2011-02-22 08:01 - 01387421 ____C () C:\WINDOWS\WindowsUpdate.log
2015-01-29 14:24 - 2012-04-04 07:16 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-29 14:24 - 2004-08-10 12:51 - 00002206 ____C () C:\WINDOWS\system32\wpa.dbl
2015-01-29 14:23 - 2014-04-03 12:42 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-29 14:23 - 2011-02-22 08:01 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2015-01-29 14:23 - 2011-02-22 08:01 - 00000049 ____C () C:\WINDOWS\wiaservc.log
2015-01-29 14:23 - 2004-08-10 13:08 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2015-01-29 14:22 - 2012-08-27 16:05 - 00032360 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-29 14:22 - 2006-07-22 16:51 - 00000278 __SHC () C:\Documents and Settings\Katy\ntuser.ini
2015-01-29 14:01 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy
2015-01-29 09:23 - 2014-07-20 20:09 - 00024978 _____ () C:\WINDOWS\setupact.log
2015-01-29 08:44 - 2004-08-10 13:04 - 00000175 ____C () C:\WINDOWS\control.ini
2015-01-27 20:21 - 2011-12-10 22:39 - 00002489 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2015-01-27 20:21 - 2006-08-05 19:02 - 00059312 ____C () C:\Documents and Settings\Katy\Application Data\GDIPFONTCACHEV1.DAT
2015-01-27 09:03 - 2012-07-03 07:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-25 17:47 - 2008-04-01 07:21 - 00006212 ____C () C:\WINDOWS\wininit.ini
2015-01-24 20:25 - 2014-10-18 22:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-01-24 20:24 - 2012-04-04 07:16 - 00701616 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-24 20:24 - 2011-12-09 09:38 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-24 19:50 - 2014-03-27 10:02 - 00002565 ____C () C:\Documents and Settings\Katy\Desktop\Microsoft Calculator Plus.lnk
2015-01-24 09:33 - 2012-03-21 06:39 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\NA
2015-01-24 09:21 - 2011-12-09 20:04 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\MONEY
2015-01-24 08:06 - 2009-03-16 09:58 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF912A38-04AF-4DEA-99F3-FBFD6C3CAF34}.job
2015-01-23 10:49 - 2008-12-11 09:27 - 00243128 ____C () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-23 10:48 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-23 10:48 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-01-23 10:48 - 2004-08-10 13:02 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-23 10:44 - 2013-08-14 07:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-23 10:43 - 2006-07-17 19:17 - 00000000 ___DC () C:\dell
2015-01-23 10:43 - 2006-07-17 19:11 - 00000000 ____D () C:\i386
2015-01-23 08:26 - 2011-12-08 21:07 - 00000000 ___DC () C:\unzipped
2015-01-22 09:24 - 2014-10-02 10:36 - 00002027 ____C () C:\Documents and Settings\Katy\My Documents\swank critical.txt
2015-01-20 13:10 - 2011-12-18 12:21 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-01-20 13:09 - 2014-10-12 17:25 - 00171562 ____C () C:\WINDOWS\setupapi.log
2015-01-20 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\twain_32
2015-01-20 12:34 - 2008-12-03 11:55 - 00012964 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-01-20 12:30 - 2006-07-22 19:36 - 00059312 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-01-20 11:31 - 2014-07-20 18:28 - 00000724 ____C () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-01-20 11:31 - 2011-12-08 20:32 - 00000730 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-20 09:54 - 2006-07-17 19:17 - 00000254 _____ () C:\boot.ini
2015-01-18 20:14 - 2004-08-10 12:51 - 00001329 ____C () C:\WINDOWS\win.ini
2015-01-15 10:14 - 2006-07-23 08:43 - 110348472 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-14 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\pchealth
2015-01-12 21:00 - 2009-08-15 14:23 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HpUpdate
2015-01-11 11:05 - 2011-12-09 08:41 - 00000000 ____D () C:\Program Files\Savings Bond Wizard
2015-01-10 13:36 - 2008-12-03 13:12 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HP
2015-01-08 15:00 - 2014-04-03 12:42 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-01-03 14:33 - 2011-12-12 08:58 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\D A
2015-01-03 14:18 - 2011-12-10 22:39 - 00002487 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2015-01-03 11:15 - 2011-12-09 20:03 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\AA
==================== Files in the root of some directories =======
2006-08-27 16:27 - 2008-07-26 19:15 - 0004096 ____C () C:\Documents and Settings\Katy\Application Data\dvd.bmk
2015-01-12 20:52 - 2015-01-12 20:52 - 0002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-12 20:52 - 2015-01-12 20:53 - 0059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2006-07-28 06:32 - 2006-07-28 06:32 - 0012358 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JCM.{PB
2006-07-28 06:32 - 2006-07-28 06:32 - 0061678 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JPR.{PB
2015-01-11 10:21 - 2015-01-11 10:21 - 0074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2008-08-24 17:23 - 2011-01-12 10:24 - 0004608 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-23 07:45 - 2006-07-23 07:45 - 0000127 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\fusioncache.dat
Some content of TEMP:
====================
C:\Documents and Settings\Katy\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Katy\Local Settings\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
http://thisisudax.org/downloads/JRT.exe
JRT.tXT stopped after a few minutes at my startup (which is empty0
Also SPYBOT wouldn't let me close itself; so antivirus was running.
Computer is running verrrrry sloooow.
Katy
Hi Katy1,
You seem to have overlooked the FRST script from my previous post. Please run the script again as outlined above (or if you can, locate the log), then run a new FRST scan.
In your next post provide:
Fixlog.txt
FRST.txt
Hi OCD,
Thank you! Here are FRST.txt and Fixlog.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2015 01
Ran by Katy (administrator) on D5TBBCB1 on 29-01-2015 14:27:47
Running from C:\Documents and Settings\Katy\Desktop
Loaded Profiles: Katy (Available profiles: Katy)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DMXLauncher] => C:\Program Files\Dell\Media Experience\DMXLauncher.exe [98304 2006-05-03] ()
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe
HKLM\...\Run: [ISUSPM Startup] => "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2009-05-19] (Analog Devices, Inc.)
HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [122940 2005-11-07] (Sonic Solutions)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\avgrsstarter: avgrsstx.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Macrovision Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name -> {e4878b45-e2c0-4307-b6e8-734922f92f5b} -> No File
Toolbar: HKLM - No Name - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {E4878B45-E2C0-4307-B6E8-734922F92F5B} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - No File
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Katy\Application Data\Mozilla\Firefox\Profiles\aucqph31.default-1422302831937
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Advertising Cookie Opt-out - C:\Documents and Settings\Katy\Application Data\Mozilla\Firefox\Profiles\aucqph31.default-1422302831937\Extensions\optout@google.com.xpi [2015-01-29]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
Chrome:
=======
CHR Profile: C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-18]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 Iprip; C:\WINDOWS\System32\iprip.dll [35328 2008-04-13] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel(R) Corporation) [File not signed]
S2 NIS; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-13] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 6195; C:\WINDOWS\System32\DRIVERS\6195 [9072 2011-11-18] ()
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2004-03-24] () [File not signed]
S1 ccSet_NIS; C:\WINDOWS\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-11-07] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-31] (Symantec Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-12] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-12] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP)
S3 netrcacm; C:\WINDOWS\System32\DRIVERS\netrcacm.sys [20648 2003-04-02] (Thomson Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46080 2005-08-19] (Sonic Solutions) [File not signed]
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S3 SRTSP; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2013-12-14] (Symantec Corporation)
S1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
S1 SYMTDI; C:\WINDOWS\system32\drivers\NIS\1501000.012\SYMTDI.SYS [421592 2013-09-25] (Symantec Corporation)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 2980; System32\DRIVERS\2980 [X]
S3 Avgfwdx; system32\DRIVERS\avgfwdx.sys [X]
S3 Avgfwfd; system32\DRIVERS\avgfwdx.sys [X]
S1 BHDrvx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\Katy\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IDSxpx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140219.001\IDSxpx86.sys [X]
S3 NAVENG; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVEX15.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-29 14:27 - 2015-01-29 14:28 - 00015375 _____ () C:\Documents and Settings\Katy\Desktop\FRST.txt
2015-01-29 14:27 - 2015-01-29 09:14 - 01121792 _____ (Farbar) C:\Documents and Settings\Katy\Desktop\FRST.exe
2015-01-29 14:14 - 2015-01-29 14:14 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-29 14:07 - 2015-01-29 14:08 - 01707939 _____ (Thisisu) C:\Documents and Settings\Katy\Desktop\JRT.exe
2015-01-29 13:50 - 2015-01-29 14:05 - 00000000 ___DC () C:\AdwCleaner
2015-01-29 13:49 - 2015-01-29 13:49 - 02194432 _____ () C:\Documents and Settings\Katy\Desktop\AdwCleaner.exe
2015-01-29 13:46 - 2015-01-29 13:46 - 00053106 _____ () C:\Documents and Settings\Katy\Desktop\win 7 ultimate guide 1 29 15.txt
2015-01-29 13:30 - 2015-01-29 13:30 - 00002468 _____ () C:\Documents and Settings\Katy\Desktop\fixlist.txt
2015-01-29 13:26 - 2015-01-29 13:26 - 00006900 _____ () C:\Documents and Settings\Katy\Desktop\OCD Atuziinstructions Thursday 1 29 15.txt
2015-01-29 13:24 - 2015-01-29 13:25 - 00000000 ____D () C:\Documents and Settings\Katy\Desktop\OCD re ZtuZiwed 1 28
2015-01-29 13:24 - 2015-01-29 13:24 - 00000294 _____ () C:\Documents and Settings\Katy\Desktop\did you set this proxy.txt
2015-01-28 21:34 - 2015-01-29 14:27 - 00000000 ___DC () C:\FRST
2015-01-27 20:23 - 2015-01-27 20:26 - 00005663 _____ () C:\Documents and Settings\Katy\Desktop\AtuZi re OCD 1 27 15.txt
2015-01-26 18:24 - 2015-01-26 18:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-24 09:23 - 2015-01-24 09:25 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\POT STOX
2015-01-24 08:46 - 2015-01-24 08:46 - 00000331 _____ () C:\Documents and Settings\Katy\My Documents\be careful.txt
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Hewlett-Packard
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2015-01-23 10:44 - 2015-01-23 10:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AdZe MiXXe
2015-01-23 07:19 - 2015-01-23 07:19 - 00013620 ____C () C:\Documents and Settings\Katy\My Documents\shais taub the steps we took etc.txt
2015-01-20 12:32 - 2015-01-18 20:43 - 00104194 ____C () C:\WINDOWS\hpoins04.dat.temp
2015-01-20 12:32 - 2004-06-22 10:04 - 00017176 ____C () C:\WINDOWS\hpomdl04.dat.temp
2015-01-20 12:32 - 2004-04-13 03:10 - 00581632 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpotscl.dll
2015-01-20 12:32 - 2004-04-13 03:10 - 00090112 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpovst08.dll
2015-01-20 12:32 - 2004-03-14 05:32 - 00278528 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpgwiamd.dll
2015-01-20 12:31 - 2004-04-07 09:34 - 00196608 _____ (HP) C:\WINDOWS\system32\hpzcoi10.dll
2015-01-20 12:31 - 2004-04-07 09:33 - 00344064 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\hpzcon10.dll
2015-01-20 12:31 - 2004-03-14 05:43 - 00180315 _____ (HP) C:\WINDOWS\system32\hpzsnt10.dll
2015-01-20 12:28 - 2015-01-23 10:47 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-01-20 12:28 - 2015-01-23 08:26 - 00000000 ____D () C:\Program Files\Hp
2015-01-20 09:54 - 2015-01-20 09:54 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\ProcAlyzer Dumps
2015-01-18 21:01 - 2015-01-28 21:01 - 00000302 _____ () C:\WINDOWS\Tasks\WebReg officejet 4200 series.job
2015-01-18 21:01 - 2015-01-18 21:01 - 00001053 ____C () C:\_Sid.txt
2015-01-18 20:11 - 2015-01-18 20:11 - 00000000 ____D () C:\Program Files\Common Files\HP
2015-01-18 20:09 - 2015-01-18 20:09 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2015-01-18 19:58 - 2015-01-20 12:34 - 00102032 _____ () C:\WINDOWS\hpoins04.dat
2015-01-18 19:58 - 2004-06-22 06:20 - 00017218 ____C () C:\WINDOWS\hpomdl04.dat
2015-01-16 09:32 - 2015-01-09 14:14 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150116-093242.backup
2015-01-13 20:11 - 2015-01-23 08:43 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\{7477016f-6628-718d-7477-7016f66205bd}
2015-01-12 20:52 - 2015-01-12 20:53 - 00059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2015-01-12 20:52 - 2015-01-12 20:52 - 00002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-11 10:21 - 2015-01-11 10:21 - 00074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2015-01-10 16:18 - 2015-01-10 16:18 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\Image Zone Express
2015-01-10 13:23 - 2015-01-10 13:23 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\Hewlett-Packard
2015-01-09 14:14 - 2015-01-06 11:39 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150109-141431.backup
2015-01-06 11:39 - 2015-01-03 09:12 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150106-113903.backup
2015-01-04 15:36 - 2015-01-04 15:36 - 00003060 ____C () C:\Documents and Settings\Katy\My Documents\nitely review.txt
2015-01-03 14:16 - 2015-01-23 09:31 - 00018944 ____C () C:\Documents and Settings\Katy\Desktop\JANUARY SPENDING RECORD 2015.xls
2015-01-03 09:43 - 2015-01-03 09:43 - 00000040 ____C () C:\Documents and Settings\Katy\My Documents\uncontested.txt
2015-01-03 09:12 - 2015-01-02 10:37 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150103-091215.backup
2015-01-02 10:37 - 2014-12-25 12:40 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150102-103703.backup
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-29 14:28 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Temp
2015-01-29 14:25 - 2011-02-22 08:01 - 01387421 ____C () C:\WINDOWS\WindowsUpdate.log
2015-01-29 14:24 - 2012-04-04 07:16 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-29 14:24 - 2004-08-10 12:51 - 00002206 ____C () C:\WINDOWS\system32\wpa.dbl
2015-01-29 14:23 - 2014-04-03 12:42 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-29 14:23 - 2011-02-22 08:01 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2015-01-29 14:23 - 2011-02-22 08:01 - 00000049 ____C () C:\WINDOWS\wiaservc.log
2015-01-29 14:23 - 2004-08-10 13:08 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2015-01-29 14:22 - 2012-08-27 16:05 - 00032360 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-29 14:22 - 2006-07-22 16:51 - 00000278 __SHC () C:\Documents and Settings\Katy\ntuser.ini
2015-01-29 14:01 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy
2015-01-29 09:23 - 2014-07-20 20:09 - 00024978 _____ () C:\WINDOWS\setupact.log
2015-01-29 08:44 - 2004-08-10 13:04 - 00000175 ____C () C:\WINDOWS\control.ini
2015-01-27 20:21 - 2011-12-10 22:39 - 00002489 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2015-01-27 20:21 - 2006-08-05 19:02 - 00059312 ____C () C:\Documents and Settings\Katy\Application Data\GDIPFONTCACHEV1.DAT
2015-01-27 09:03 - 2012-07-03 07:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-25 17:47 - 2008-04-01 07:21 - 00006212 ____C () C:\WINDOWS\wininit.ini
2015-01-24 20:25 - 2014-10-18 22:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-01-24 20:24 - 2012-04-04 07:16 - 00701616 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-24 20:24 - 2011-12-09 09:38 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-24 19:50 - 2014-03-27 10:02 - 00002565 ____C () C:\Documents and Settings\Katy\Desktop\Microsoft Calculator Plus.lnk
2015-01-24 09:33 - 2012-03-21 06:39 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\NA
2015-01-24 09:21 - 2011-12-09 20:04 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\MONEY
2015-01-24 08:06 - 2009-03-16 09:58 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF912A38-04AF-4DEA-99F3-FBFD6C3CAF34}.job
2015-01-23 10:49 - 2008-12-11 09:27 - 00243128 ____C () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-23 10:48 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-23 10:48 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-01-23 10:48 - 2004-08-10 13:02 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-23 10:44 - 2013-08-14 07:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-23 10:43 - 2006-07-17 19:17 - 00000000 ___DC () C:\dell
2015-01-23 10:43 - 2006-07-17 19:11 - 00000000 ____D () C:\i386
2015-01-23 08:26 - 2011-12-08 21:07 - 00000000 ___DC () C:\unzipped
2015-01-22 09:24 - 2014-10-02 10:36 - 00002027 ____C () C:\Documents and Settings\Katy\My Documents\swank critical.txt
2015-01-20 13:10 - 2011-12-18 12:21 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-01-20 13:09 - 2014-10-12 17:25 - 00171562 ____C () C:\WINDOWS\setupapi.log
2015-01-20 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\twain_32
2015-01-20 12:34 - 2008-12-03 11:55 - 00012964 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-01-20 12:30 - 2006-07-22 19:36 - 00059312 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-01-20 11:31 - 2014-07-20 18:28 - 00000724 ____C () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-01-20 11:31 - 2011-12-08 20:32 - 00000730 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-20 09:54 - 2006-07-17 19:17 - 00000254 _____ () C:\boot.ini
2015-01-18 20:14 - 2004-08-10 12:51 - 00001329 ____C () C:\WINDOWS\win.ini
2015-01-15 10:14 - 2006-07-23 08:43 - 110348472 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-14 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\pchealth
2015-01-12 21:00 - 2009-08-15 14:23 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HpUpdate
2015-01-11 11:05 - 2011-12-09 08:41 - 00000000 ____D () C:\Program Files\Savings Bond Wizard
2015-01-10 13:36 - 2008-12-03 13:12 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HP
2015-01-08 15:00 - 2014-04-03 12:42 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-01-03 14:33 - 2011-12-12 08:58 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\D A
2015-01-03 14:18 - 2011-12-10 22:39 - 00002487 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2015-01-03 11:15 - 2011-12-09 20:03 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\AA
==================== Files in the root of some directories =======
2006-08-27 16:27 - 2008-07-26 19:15 - 0004096 ____C () C:\Documents and Settings\Katy\Application Data\dvd.bmk
2015-01-12 20:52 - 2015-01-12 20:52 - 0002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-12 20:52 - 2015-01-12 20:53 - 0059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2006-07-28 06:32 - 2006-07-28 06:32 - 0012358 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JCM.{PB
2006-07-28 06:32 - 2006-07-28 06:32 - 0061678 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JPR.{PB
2015-01-11 10:21 - 2015-01-11 10:21 - 0074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2008-08-24 17:23 - 2011-01-12 10:24 - 0004608 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-23 07:45 - 2006-07-23 07:45 - 0000127 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\fusioncache.dat
Some content of TEMP:
====================
C:\Documents and Settings\Katy\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Katy\Local Settings\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869
BHO: No Name -> {e4878b45-e2c0-4307-b6e8-734922f92f5b} -> No File
Toolbar: HKLM - No Name - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {E4878B45-E2C0-4307-B6E8-734922F92F5B} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Winsock: Catalog9 27 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll File Not found ()
Winsock: Catalog9 33 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll File Not found ()
S2 Update Jotzey; "C:\Program Files\Jotzey\updateJotzey.exe" [X]
S2 Update neurowise; "C:\Program Files\neurowise\updateneurowise.exe" [X]
EmptyTemp:
Hi Katy1,
You're welcome. :bigthumb:
Some items from the previous FRST script did not remove the items targeted, so let's run this new script.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) FRST Fix Script
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
Start
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms
BHO: No Name -> {e4878b45-e2c0-4307-b6e8-734922f92f5b} -> No File
Toolbar: HKLM - No Name - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {E4878B45-E2C0-4307-B6E8-734922F92F5B} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - No File
C:\Documents and Settings\Katy\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Katy\Local Settings\Temp\sqlite3.dll
EmptyTemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.
=========================
In your next post please provide the following:
Fixlog.txt
Hi OCD,
Thank you....:)
......................Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2015 01
Ran by Katy at 2015-01-30 11:25:00 Run:1
Running from C:\Documents and Settings\Katy\Desktop
Loaded Profiles: Katy (Available profiles: Katy)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms
BHO: No Name -> {e4878b45-e2c0-4307-b6e8-734922f92f5b} -> No File
Toolbar: HKLM - No Name - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {E4878B45-E2C0-4307-B6E8-734922F92F5B} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - No File
C:\Documents and Settings\Katy\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Katy\Local Settings\Temp\sqlite3.dll
EmptyTemp:
End
*****************
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4878b45-e2c0-4307-b6e8-734922f92f5b}" => Key deleted successfully.
HKCR\CLSID\{e4878b45-e2c0-4307-b6e8-734922f92f5b} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{e4878b45-e2c0-4307-b6e8-734922f92f5b} => value deleted successfully.
HKCR\CLSID\{e4878b45-e2c0-4307-b6e8-734922f92f5b} => Key not found.
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} => value deleted successfully.
HKCR\CLSID\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} => Key not found.
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => value deleted successfully.
HKCR\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => Key not found.
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E4878B45-E2C0-4307-B6E8-734922F92F5B} => value deleted successfully.
HKCR\CLSID\{E4878B45-E2C0-4307-B6E8-734922F92F5B} => Key not found.
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => value deleted successfully.
HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => Key not found.
"HKCR\PROTOCOLS\Handler\junomsg" => Key deleted successfully.
HKCR\CLSID\{C4D10830-379D-11d4-9B2D-00C04F1579A5} => Key not found.
C:\Documents and Settings\Katy\Local Settings\Temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\Katy\Local Settings\Temp\sqlite3.dll => Moved successfully.
EmptyTemp: => Removed 1 GB temporary data.
The system needed a reboot.
==== End of Fixlog 11:27:36 ====
Hi Katy1,
That looks better! :bigthumb:
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re- run AdwCleaner
It should be on your desktop
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S1].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Farbar Recovery Scan Tool it should be on your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================
In your next post please provide the following:
AdwCleaner[S1].txt
FRST.txt
Any change in performance?
Hi OCD,
Here are the logs:
..........# AdwCleaner v4.109 - Report created 31/01/2015 at 12:02:37
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Katy - D5TBBCB1
# Running from : C:\Documents and Settings\Katy\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v7.0.6000.21376
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [3892 octets] - [29/01/2015 13:51:21]
AdwCleaner[R1].txt - [909 octets] - [31/01/2015 11:57:55]
AdwCleaner[S0].txt - [3973 octets] - [29/01/2015 13:57:27]
AdwCleaner[S1].txt - [831 octets] - [31/01/2015 12:02:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [890 octets] ##########
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-01-2015 01
Ran by Katy (administrator) on D5TBBCB1 on 31-01-2015 12:07:02
Running from C:\Documents and Settings\Katy\Desktop\OCD re ZtuZiwed 1 28
Loaded Profiles: Katy (Available profiles: Katy)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
() C:\Program Files\Dell\Media Experience\DMXLauncher.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Sonic Solutions) C:\WINDOWS\system32\DLA\DLACTRLW.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe
(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
(Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DMXLauncher] => C:\Program Files\Dell\Media Experience\DMXLauncher.exe [98304 2006-05-03] ()
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe
HKLM\...\Run: [ISUSPM Startup] => "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2009-05-19] (Analog Devices, Inc.)
HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [122940 2005-11-07] (Sonic Solutions)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\avgrsstarter: avgrsstx.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Macrovision Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Katy\Application Data\Mozilla\Firefox\Profiles\aucqph31.default-1422302831937
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Advertising Cookie Opt-out - C:\Documents and Settings\Katy\Application Data\Mozilla\Firefox\Profiles\aucqph31.default-1422302831937\Extensions\optout@google.com.xpi [2015-01-29]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
Chrome:
=======
CHR Profile: C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-18]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 Iprip; C:\WINDOWS\System32\iprip.dll [35328 2008-04-13] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel(R) Corporation) [File not signed]
S2 NIS; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-13] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 6195; C:\WINDOWS\System32\DRIVERS\6195 [9072 2011-11-18] ()
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2004-03-24] () [File not signed]
S1 ccSet_NIS; C:\WINDOWS\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-11-07] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-31] (Symantec Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-12] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-12] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP)
S3 netrcacm; C:\WINDOWS\System32\DRIVERS\netrcacm.sys [20648 2003-04-02] (Thomson Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46080 2005-08-19] (Sonic Solutions) [File not signed]
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S3 SRTSP; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2013-12-14] (Symantec Corporation)
S1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
S1 SYMTDI; C:\WINDOWS\system32\drivers\NIS\1501000.012\SYMTDI.SYS [421592 2013-09-25] (Symantec Corporation)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 2980; System32\DRIVERS\2980 [X]
S3 Avgfwdx; system32\DRIVERS\avgfwdx.sys [X]
S3 Avgfwfd; system32\DRIVERS\avgfwdx.sys [X]
S1 BHDrvx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\Katy\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IDSxpx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140219.001\IDSxpx86.sys [X]
S3 NAVENG; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVEX15.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-31 11:57 - 2015-01-29 13:49 - 02194432 _____ () C:\Documents and Settings\Katy\Desktop\AdwCleaner.exe
2015-01-31 11:52 - 2015-01-31 11:52 - 00001911 _____ () C:\Documents and Settings\Katy\Desktop\ocd 1 31 15.txt
2015-01-30 11:17 - 2015-01-30 11:17 - 00003848 _____ () C:\Documents and Settings\Katy\Desktop\ocd fri 1 30 15.txt
2015-01-30 07:21 - 2015-01-30 07:22 - 00000000 ____D () C:\Documents and Settings\Katy\Desktop\OCD re Atuzi Thur 1 29 15
2015-01-29 14:14 - 2015-01-29 14:14 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-29 13:50 - 2015-01-31 12:02 - 00000000 ___DC () C:\AdwCleaner
2015-01-29 13:46 - 2015-01-29 13:46 - 00053106 _____ () C:\Documents and Settings\Katy\Desktop\win 7 ultimate guide 1 29 15.txt
2015-01-29 13:24 - 2015-01-31 12:07 - 00000000 ____D () C:\Documents and Settings\Katy\Desktop\OCD re ZtuZiwed 1 28
2015-01-28 21:34 - 2015-01-31 12:07 - 00000000 ___DC () C:\FRST
2015-01-27 20:23 - 2015-01-27 20:26 - 00005663 _____ () C:\Documents and Settings\Katy\Desktop\AtuZi re OCD 1 27 15.txt
2015-01-26 18:24 - 2015-01-26 18:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-24 09:23 - 2015-01-24 09:25 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\POT STOX
2015-01-24 08:46 - 2015-01-24 08:46 - 00000331 _____ () C:\Documents and Settings\Katy\My Documents\be careful.txt
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Hewlett-Packard
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2015-01-23 10:44 - 2015-01-23 10:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AdZe MiXXe
2015-01-23 07:19 - 2015-01-23 07:19 - 00013620 ____C () C:\Documents and Settings\Katy\My Documents\shais taub the steps we took etc.txt
2015-01-20 12:32 - 2015-01-18 20:43 - 00104194 ____C () C:\WINDOWS\hpoins04.dat.temp
2015-01-20 12:32 - 2004-06-22 10:04 - 00017176 ____C () C:\WINDOWS\hpomdl04.dat.temp
2015-01-20 12:32 - 2004-04-13 03:10 - 00581632 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpotscl.dll
2015-01-20 12:32 - 2004-04-13 03:10 - 00090112 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpovst08.dll
2015-01-20 12:32 - 2004-03-14 05:32 - 00278528 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpgwiamd.dll
2015-01-20 12:31 - 2004-04-07 09:34 - 00196608 _____ (HP) C:\WINDOWS\system32\hpzcoi10.dll
2015-01-20 12:31 - 2004-04-07 09:33 - 00344064 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\hpzcon10.dll
2015-01-20 12:31 - 2004-03-14 05:43 - 00180315 _____ (HP) C:\WINDOWS\system32\hpzsnt10.dll
2015-01-20 12:28 - 2015-01-23 10:47 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-01-20 12:28 - 2015-01-23 08:26 - 00000000 ____D () C:\Program Files\Hp
2015-01-20 09:54 - 2015-01-20 09:54 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\ProcAlyzer Dumps
2015-01-18 21:01 - 2015-01-28 21:01 - 00000302 _____ () C:\WINDOWS\Tasks\WebReg officejet 4200 series.job
2015-01-18 21:01 - 2015-01-18 21:01 - 00001053 ____C () C:\_Sid.txt
2015-01-18 20:11 - 2015-01-18 20:11 - 00000000 ____D () C:\Program Files\Common Files\HP
2015-01-18 20:09 - 2015-01-18 20:09 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2015-01-18 19:58 - 2015-01-20 12:34 - 00102032 _____ () C:\WINDOWS\hpoins04.dat
2015-01-18 19:58 - 2004-06-22 06:20 - 00017218 ____C () C:\WINDOWS\hpomdl04.dat
2015-01-16 09:32 - 2015-01-09 14:14 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150116-093242.backup
2015-01-13 20:11 - 2015-01-23 08:43 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\{7477016f-6628-718d-7477-7016f66205bd}
2015-01-12 20:52 - 2015-01-12 20:53 - 00059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2015-01-12 20:52 - 2015-01-12 20:52 - 00002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-11 10:21 - 2015-01-11 10:21 - 00074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2015-01-10 16:18 - 2015-01-10 16:18 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\Image Zone Express
2015-01-10 13:23 - 2015-01-10 13:23 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\Hewlett-Packard
2015-01-09 14:14 - 2015-01-06 11:39 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150109-141431.backup
2015-01-06 11:39 - 2015-01-03 09:12 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150106-113903.backup
2015-01-04 15:36 - 2015-01-04 15:36 - 00003060 ____C () C:\Documents and Settings\Katy\My Documents\nitely review.txt
2015-01-03 14:16 - 2015-01-23 09:31 - 00018944 ____C () C:\Documents and Settings\Katy\Desktop\JANUARY SPENDING RECORD 2015.xls
2015-01-03 09:43 - 2015-01-03 09:43 - 00000040 ____C () C:\Documents and Settings\Katy\My Documents\uncontested.txt
2015-01-03 09:12 - 2015-01-02 10:37 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150103-091215.backup
2015-01-02 10:37 - 2014-12-25 12:40 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150102-103703.backup
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-31 12:07 - 2011-02-22 08:01 - 01428669 ____C () C:\WINDOWS\WindowsUpdate.log
2015-01-31 12:07 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Temp
2015-01-31 12:06 - 2004-08-10 12:51 - 00002206 ____C () C:\WINDOWS\system32\wpa.dbl
2015-01-31 12:05 - 2014-04-03 12:42 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-31 12:05 - 2012-08-27 16:05 - 00032464 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-31 12:05 - 2011-02-22 08:01 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2015-01-31 12:05 - 2011-02-22 08:01 - 00000049 ____C () C:\WINDOWS\wiaservc.log
2015-01-31 12:04 - 2006-07-22 16:51 - 00000278 __SHC () C:\Documents and Settings\Katy\ntuser.ini
2015-01-31 12:04 - 2004-08-10 13:08 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2015-01-31 12:03 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy
2015-01-31 11:24 - 2012-04-04 07:16 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-31 11:14 - 2014-07-20 20:09 - 00025218 _____ () C:\WINDOWS\setupact.log
2015-01-31 09:02 - 2009-03-16 09:58 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF912A38-04AF-4DEA-99F3-FBFD6C3CAF34}.job
2015-01-30 11:25 - 2004-08-10 13:08 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2015-01-30 07:40 - 2011-12-10 22:39 - 00002489 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2015-01-29 08:44 - 2004-08-10 13:04 - 00000175 ____C () C:\WINDOWS\control.ini
2015-01-27 20:21 - 2006-08-05 19:02 - 00059312 ____C () C:\Documents and Settings\Katy\Application Data\GDIPFONTCACHEV1.DAT
2015-01-27 09:03 - 2012-07-03 07:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-25 17:47 - 2008-04-01 07:21 - 00006212 ____C () C:\WINDOWS\wininit.ini
2015-01-24 20:25 - 2014-10-18 22:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-01-24 20:24 - 2012-04-04 07:16 - 00701616 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-24 20:24 - 2011-12-09 09:38 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-24 19:50 - 2014-03-27 10:02 - 00002565 ____C () C:\Documents and Settings\Katy\Desktop\Microsoft Calculator Plus.lnk
2015-01-24 09:33 - 2012-03-21 06:39 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\NA
2015-01-24 09:21 - 2011-12-09 20:04 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\MONEY
2015-01-23 10:49 - 2008-12-11 09:27 - 00243128 ____C () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-23 10:48 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-23 10:48 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-01-23 10:48 - 2004-08-10 13:02 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-23 10:44 - 2013-08-14 07:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-23 10:43 - 2006-07-17 19:17 - 00000000 ___DC () C:\dell
2015-01-23 10:43 - 2006-07-17 19:11 - 00000000 ____D () C:\i386
2015-01-23 08:26 - 2011-12-08 21:07 - 00000000 ___DC () C:\unzipped
2015-01-22 09:24 - 2014-10-02 10:36 - 00002027 ____C () C:\Documents and Settings\Katy\My Documents\swank critical.txt
2015-01-20 13:10 - 2011-12-18 12:21 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-01-20 13:09 - 2014-10-12 17:25 - 00171562 ____C () C:\WINDOWS\setupapi.log
2015-01-20 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\twain_32
2015-01-20 12:34 - 2008-12-03 11:55 - 00012964 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-01-20 12:30 - 2006-07-22 19:36 - 00059312 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-01-20 11:31 - 2014-07-20 18:28 - 00000724 ____C () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-01-20 11:31 - 2011-12-08 20:32 - 00000730 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-20 09:54 - 2006-07-17 19:17 - 00000254 _____ () C:\boot.ini
2015-01-18 20:14 - 2004-08-10 12:51 - 00001329 ____C () C:\WINDOWS\win.ini
2015-01-15 10:14 - 2006-07-23 08:43 - 110348472 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-14 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\pchealth
2015-01-12 21:00 - 2009-08-15 14:23 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HpUpdate
2015-01-11 11:05 - 2011-12-09 08:41 - 00000000 ____D () C:\Program Files\Savings Bond Wizard
2015-01-10 13:36 - 2008-12-03 13:12 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HP
2015-01-08 15:00 - 2014-04-03 12:42 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-01-03 14:33 - 2011-12-12 08:58 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\D A
2015-01-03 14:18 - 2011-12-10 22:39 - 00002487 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2015-01-03 11:15 - 2011-12-09 20:03 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\AA
==================== Files in the root of some directories =======
2006-08-27 16:27 - 2008-07-26 19:15 - 0004096 ____C () C:\Documents and Settings\Katy\Application Data\dvd.bmk
2015-01-12 20:52 - 2015-01-12 20:52 - 0002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-12 20:52 - 2015-01-12 20:53 - 0059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2006-07-28 06:32 - 2006-07-28 06:32 - 0012358 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JCM.{PB
2006-07-28 06:32 - 2006-07-28 06:32 - 0061678 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JPR.{PB
2015-01-11 10:21 - 2015-01-11 10:21 - 0074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2008-08-24 17:23 - 2011-01-12 10:24 - 0004608 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-23 07:45 - 2006-07-23 07:45 - 0000127 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\fusioncache.dat
Some content of TEMP:
====================
C:\Documents and Settings\Katy\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Katy\Local Settings\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
OCD,
Forgot to say computer is running faster. :)
Next step?
Katy
Hi OCD,
Sorry I'm so confused. My fault.
.......Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2015 01
Ran by Katy at 2015-01-30 11:25:00 Run:1
Running from C:\Documents and Settings\Katy\Desktop
Loaded Profiles: Katy (Available profiles: Katy)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms
BHO: No Name -> {e4878b45-e2c0-4307-b6e8-734922f92f5b} -> No File
Toolbar: HKLM - No Name - {e4878b45-e2c0-4307-b6e8-734922f92f5b} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {E4878B45-E2C0-4307-B6E8-734922F92F5B} - No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - No File
C:\Documents and Settings\Katy\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Katy\Local Settings\Temp\sqlite3.dll
EmptyTemp:
End
*****************
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}" => Key deleted successfully.
HKCR\CLSID\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4878b45-e2c0-4307-b6e8-734922f92f5b}" => Key deleted successfully.
HKCR\CLSID\{e4878b45-e2c0-4307-b6e8-734922f92f5b} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{e4878b45-e2c0-4307-b6e8-734922f92f5b} => value deleted successfully.
HKCR\CLSID\{e4878b45-e2c0-4307-b6e8-734922f92f5b} => Key not found.
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} => value deleted successfully.
HKCR\CLSID\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} => Key not found.
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => value deleted successfully.
HKCR\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => Key not found.
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E4878B45-E2C0-4307-B6E8-734922F92F5B} => value deleted successfully.
HKCR\CLSID\{E4878B45-E2C0-4307-B6E8-734922F92F5B} => Key not found.
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => value deleted successfully.
HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => Key not found.
"HKCR\PROTOCOLS\Handler\junomsg" => Key deleted successfully.
HKCR\CLSID\{C4D10830-379D-11d4-9B2D-00C04F1579A5} => Key not found.
C:\Documents and Settings\Katy\Local Settings\Temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\Katy\Local Settings\Temp\sqlite3.dll => Moved successfully.
EmptyTemp: => Removed 1 GB temporary data.
The system needed a reboot.
==== End of Fixlog 11:27:36 ====
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015
Ran by Katy (administrator) on D5TBBCB1 on 31-01-2015 21:37:05
Running from C:\Documents and Settings\Katy\My Documents\Downloads
Loaded Profiles: Katy (Available profiles: Katy)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe
(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
(Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe
() C:\Program Files\Dell\Media Experience\DMXLauncher.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Sonic Solutions) C:\WINDOWS\system32\DLA\DLACTRLW.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DMXLauncher] => C:\Program Files\Dell\Media Experience\DMXLauncher.exe [98304 2006-05-03] ()
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe
HKLM\...\Run: [ISUSPM Startup] => "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2009-05-19] (Analog Devices, Inc.)
HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [122940 2005-11-07] (Sonic Solutions)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\avgrsstarter: avgrsstx.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Macrovision Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Katy\Application Data\Mozilla\Firefox\Profiles\aucqph31.default-1422302831937
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Advertising Cookie Opt-out - C:\Documents and Settings\Katy\Application Data\Mozilla\Firefox\Profiles\aucqph31.default-1422302831937\Extensions\optout@google.com.xpi [2015-01-29]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
Chrome:
=======
CHR Profile: C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-18]
CHR Extension: (No Name) - C:\Documents and Settings\Katy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-18]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 Iprip; C:\WINDOWS\System32\iprip.dll [35328 2008-04-13] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel(R) Corporation) [File not signed]
S2 NIS; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-13] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 6195; C:\WINDOWS\System32\DRIVERS\6195 [9072 2011-11-18] ()
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2004-03-24] () [File not signed]
S1 ccSet_NIS; C:\WINDOWS\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-11-07] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-31] (Symantec Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-12] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-12] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP)
S3 netrcacm; C:\WINDOWS\System32\DRIVERS\netrcacm.sys [20648 2003-04-02] (Thomson Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46080 2005-08-19] (Sonic Solutions) [File not signed]
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S3 SRTSP; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2013-12-14] (Symantec Corporation)
S1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
S1 SYMTDI; C:\WINDOWS\system32\drivers\NIS\1501000.012\SYMTDI.SYS [421592 2013-09-25] (Symantec Corporation)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 2980; System32\DRIVERS\2980 [X]
S3 Avgfwdx; system32\DRIVERS\avgfwdx.sys [X]
S3 Avgfwfd; system32\DRIVERS\avgfwdx.sys [X]
S1 BHDrvx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\Katy\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IDSxpx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140219.001\IDSxpx86.sys [X]
S3 NAVENG; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVEX15.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-31 11:57 - 2015-01-29 13:49 - 02194432 _____ () C:\Documents and Settings\Katy\Desktop\AdwCleaner.exe
2015-01-29 14:14 - 2015-01-29 14:14 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-29 14:07 - 2015-01-29 14:08 - 01707939 _____ (Thisisu) C:\Documents and Settings\Katy\Desktop\JRT.exe
2015-01-29 13:50 - 2015-01-31 12:02 - 00000000 ___DC () C:\AdwCleaner
2015-01-29 13:46 - 2015-01-29 13:46 - 00053106 _____ () C:\Documents and Settings\Katy\Desktop\win 7 ultimate guide 1 29 15.txt
2015-01-28 21:34 - 2015-01-31 21:37 - 00000000 ___DC () C:\FRST
2015-01-28 20:44 - 2015-01-28 20:44 - 05198336 _____ (AVAST Software) C:\Documents and Settings\Katy\Desktop\aswMBR.exe
2015-01-28 17:54 - 2015-01-28 17:54 - 00852573 _____ () C:\Documents and Settings\Katy\Desktop\SecurityCheck(3).exe
2015-01-26 18:24 - 2015-01-26 18:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-24 09:23 - 2015-01-24 09:25 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\POT STOX
2015-01-24 08:46 - 2015-01-24 08:46 - 00000331 _____ () C:\Documents and Settings\Katy\My Documents\be careful.txt
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Hewlett-Packard
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2015-01-23 10:44 - 2015-01-23 10:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AdZe MiXXe
2015-01-23 07:19 - 2015-01-23 07:19 - 00013620 ____C () C:\Documents and Settings\Katy\My Documents\shais taub the steps we took etc.txt
2015-01-20 12:32 - 2015-01-18 20:43 - 00104194 ____C () C:\WINDOWS\hpoins04.dat.temp
2015-01-20 12:32 - 2004-06-22 10:04 - 00017176 ____C () C:\WINDOWS\hpomdl04.dat.temp
2015-01-20 12:32 - 2004-04-13 03:10 - 00581632 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpotscl.dll
2015-01-20 12:32 - 2004-04-13 03:10 - 00090112 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpovst08.dll
2015-01-20 12:32 - 2004-03-14 05:32 - 00278528 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpgwiamd.dll
2015-01-20 12:31 - 2004-04-07 09:34 - 00196608 _____ (HP) C:\WINDOWS\system32\hpzcoi10.dll
2015-01-20 12:31 - 2004-04-07 09:33 - 00344064 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\hpzcon10.dll
2015-01-20 12:31 - 2004-03-14 05:43 - 00180315 _____ (HP) C:\WINDOWS\system32\hpzsnt10.dll
2015-01-20 12:28 - 2015-01-23 10:47 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-01-20 12:28 - 2015-01-23 08:26 - 00000000 ____D () C:\Program Files\Hp
2015-01-20 09:54 - 2015-01-20 09:54 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\ProcAlyzer Dumps
2015-01-18 21:01 - 2015-01-31 21:01 - 00000302 _____ () C:\WINDOWS\Tasks\WebReg officejet 4200 series.job
2015-01-18 21:01 - 2015-01-18 21:01 - 00001053 ____C () C:\_Sid.txt
2015-01-18 20:11 - 2015-01-18 20:11 - 00000000 ____D () C:\Program Files\Common Files\HP
2015-01-18 20:09 - 2015-01-18 20:09 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2015-01-18 19:58 - 2015-01-20 12:34 - 00102032 _____ () C:\WINDOWS\hpoins04.dat
2015-01-18 19:58 - 2004-06-22 06:20 - 00017218 ____C () C:\WINDOWS\hpomdl04.dat
2015-01-16 09:32 - 2015-01-09 14:14 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150116-093242.backup
2015-01-13 20:11 - 2015-01-23 08:43 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\{7477016f-6628-718d-7477-7016f66205bd}
2015-01-12 20:52 - 2015-01-12 20:53 - 00059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2015-01-12 20:52 - 2015-01-12 20:52 - 00002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-11 10:21 - 2015-01-11 10:21 - 00074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2015-01-10 16:18 - 2015-01-10 16:18 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\Image Zone Express
2015-01-10 13:23 - 2015-01-10 13:23 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\Hewlett-Packard
2015-01-09 14:14 - 2015-01-06 11:39 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150109-141431.backup
2015-01-06 11:39 - 2015-01-03 09:12 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150106-113903.backup
2015-01-04 15:36 - 2015-01-04 15:36 - 00003060 ____C () C:\Documents and Settings\Katy\My Documents\nitely review.txt
2015-01-03 14:16 - 2015-01-23 09:31 - 00018944 ____C () C:\Documents and Settings\Katy\Desktop\JANUARY SPENDING RECORD 2015.xls
2015-01-03 09:43 - 2015-01-03 09:43 - 00000040 ____C () C:\Documents and Settings\Katy\My Documents\uncontested.txt
2015-01-03 09:12 - 2015-01-02 10:37 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150103-091215.backup
2015-01-02 10:37 - 2014-12-25 12:40 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150102-103703.backup
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-31 21:37 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Temp
2015-01-31 21:24 - 2012-04-04 07:16 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-31 20:52 - 2014-07-20 20:09 - 00025278 _____ () C:\WINDOWS\setupact.log
2015-01-31 20:50 - 2011-02-22 08:01 - 01433747 ____C () C:\WINDOWS\WindowsUpdate.log
2015-01-31 20:49 - 2014-04-03 12:42 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-01-31 20:49 - 2011-02-22 08:01 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2015-01-31 20:49 - 2011-02-22 08:01 - 00000049 ____C () C:\WINDOWS\wiaservc.log
2015-01-31 20:49 - 2004-08-10 12:51 - 00002206 ____C () C:\WINDOWS\system32\wpa.dbl
2015-01-31 20:48 - 2004-08-10 13:08 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2015-01-31 18:35 - 2012-08-27 16:05 - 00032464 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-31 18:35 - 2006-07-22 16:51 - 00000278 __SHC () C:\Documents and Settings\Katy\ntuser.ini
2015-01-31 17:34 - 2011-12-10 22:39 - 00002489 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2015-01-31 12:03 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy
2015-01-31 09:02 - 2009-03-16 09:58 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF912A38-04AF-4DEA-99F3-FBFD6C3CAF34}.job
2015-01-30 11:25 - 2004-08-10 13:08 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2015-01-29 08:44 - 2004-08-10 13:04 - 00000175 ____C () C:\WINDOWS\control.ini
2015-01-27 20:21 - 2006-08-05 19:02 - 00059312 ____C () C:\Documents and Settings\Katy\Application Data\GDIPFONTCACHEV1.DAT
2015-01-27 09:03 - 2012-07-03 07:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-25 17:47 - 2008-04-01 07:21 - 00006212 ____C () C:\WINDOWS\wininit.ini
2015-01-24 20:25 - 2014-10-18 22:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-01-24 20:24 - 2012-04-04 07:16 - 00701616 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-01-24 20:24 - 2011-12-09 09:38 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-24 19:50 - 2014-03-27 10:02 - 00002565 ____C () C:\Documents and Settings\Katy\Desktop\Microsoft Calculator Plus.lnk
2015-01-24 09:33 - 2012-03-21 06:39 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\NA
2015-01-24 09:21 - 2011-12-09 20:04 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\MONEY
2015-01-23 10:49 - 2008-12-11 09:27 - 00243128 ____C () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-23 10:48 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-01-23 10:48 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-01-23 10:48 - 2004-08-10 13:02 - 00000000 ____D () C:\WINDOWS\Registration
2015-01-23 10:44 - 2013-08-14 07:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-23 10:43 - 2006-07-17 19:17 - 00000000 ___DC () C:\dell
2015-01-23 10:43 - 2006-07-17 19:11 - 00000000 ____D () C:\i386
2015-01-23 08:26 - 2011-12-08 21:07 - 00000000 ___DC () C:\unzipped
2015-01-22 09:24 - 2014-10-02 10:36 - 00002027 ____C () C:\Documents and Settings\Katy\My Documents\swank critical.txt
2015-01-20 13:10 - 2011-12-18 12:21 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-01-20 13:09 - 2014-10-12 17:25 - 00171562 ____C () C:\WINDOWS\setupapi.log
2015-01-20 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\twain_32
2015-01-20 12:34 - 2008-12-03 11:55 - 00012964 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-01-20 12:30 - 2006-07-22 19:36 - 00059312 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-01-20 11:31 - 2014-07-20 18:28 - 00000724 ____C () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-01-20 11:31 - 2011-12-08 20:32 - 00000730 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-20 09:54 - 2006-07-17 19:17 - 00000254 _____ () C:\boot.ini
2015-01-18 20:14 - 2004-08-10 12:51 - 00001329 ____C () C:\WINDOWS\win.ini
2015-01-15 10:14 - 2006-07-23 08:43 - 110348472 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-14 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\pchealth
2015-01-12 21:00 - 2009-08-15 14:23 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HpUpdate
2015-01-11 11:05 - 2011-12-09 08:41 - 00000000 ____D () C:\Program Files\Savings Bond Wizard
2015-01-10 13:36 - 2008-12-03 13:12 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HP
2015-01-08 15:00 - 2014-04-03 12:42 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-01-03 14:33 - 2011-12-12 08:58 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\D A
2015-01-03 14:18 - 2011-12-10 22:39 - 00002487 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2015-01-03 11:15 - 2011-12-09 20:03 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\AA
==================== Files in the root of some directories =======
2006-08-27 16:27 - 2008-07-26 19:15 - 0004096 ____C () C:\Documents and Settings\Katy\Application Data\dvd.bmk
2015-01-12 20:52 - 2015-01-12 20:52 - 0002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-12 20:52 - 2015-01-12 20:53 - 0059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2006-07-28 06:32 - 2006-07-28 06:32 - 0012358 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JCM.{PB
2006-07-28 06:32 - 2006-07-28 06:32 - 0061678 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JPR.{PB
2015-01-11 10:21 - 2015-01-11 10:21 - 0074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2008-08-24 17:23 - 2011-01-12 10:24 - 0004608 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-23 07:45 - 2006-07-23 07:45 - 0000127 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\fusioncache.dat
Some content of TEMP:
====================
C:\Documents and Settings\Katy\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Katy\Local Settings\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Hi Katy1,
You seem to be running FRST from multiple locations. In order for FRST to work as designed the program (FRST) and the FRST scripts must be located in the same directory. That is why I asked you to save both the tools and the scripts to your Desktop.
Your last FRST script fix:
Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2015 01
Ran by Katy at 2015-01-30 11:25:00 Run:1
Running from C:\Documents and Settings\Katy\Desktop
Your last FRST scan:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015
Ran by Katy (administrator) on D5TBBCB1 on 31-01-2015 21:37:05
Running from C:\Documents and Settings\Katy\My Documents\Downloads
=========================
You have several Chrome browser extensions that have no name. Do you know what they are? Do you use Chrome?
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) (save it to your desktop).
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Select Scan tab.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)
Select type of scan to perform:
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMScanTab_zps2c5e74bd.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMScanTab_zps2c5e74bd.gif.html)
Threat Scan < --- Select this type of scan
Custom Scan
Hyper Scan
Next click the Scan button.
When the scan is complete, if no malicious items are found you can close the program.
If malicious items are found be sure that everything is checked, and click Quarantine .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) ESET Online Scanner
*Note:
It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".
= = = = = = = = = = = = = = = = = = = =
Go here to run ESET Online Scanner (http://www.eset.eu/online-scanner)
(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
Click Start
Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is Checked.
Click Scan.
Wait for the scan to finish.
When the scan completes, click List of found threats
click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply
Note - when ESET doesn't find any threats, no report will be created.
Push the back button.
Push Finish
Re-enable your Antivirus software.
=========================
In your next post please provide the following:
MBAM log
ESET's log.txt
Answers about Chrome.
Hi OCD,
>>You seem to be running FRST from multiple locations. In order for FRST to work as designed the program (FRST) and the FRST scripts must be located in the same directory. That is why I asked you to save both the tools and the scripts to your Desktop.<<
I have been saving each days message in it's own dated file with your instructions on my desktop, then go back into the tools in different files. I thought I was saving time and I'm mucking it up! Not on purpose, please believe me.
Katy1
Hi Katy1 ,
You are doing just fine. :bigthumb: Remember to save any tools I ask you to run directly to your Desktop. If I provide you with a script, it too must be saved to your Desktop. This is the way the tools are designed, so that the program and the script are in the same directory. We request that you use the Desktop because it is easier to locate the programs and the scripts.
Run the scans previously requested when you can, and post the corresponding logs they generate.
If you have any questions about any of the steps I ask you to run don't hesitate to ask.
Hi OCD,
Oh boy.
-Ran malwarbites from desktop. Found 6 quarantined items. Did not find any log, searched for MBAM.log in notepad, in computer. nothing.
- Ran ESET smart installer from desktop. Would not let me run; error messages about 'symantec corporation, Norton antivirus 2014': could not find in my add/remove programs.
-Could not disable Spybot for scans.
-Could not run programs in administrative mode; right clicked; didn't work.
-Never used Chrome browser. only Firefox
Katy
Hi Katy1,
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Uninstall via Programs and Features
Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
Chrome
=========================
Could not run programs in administrative mode; right clicked; didn't work.
Can you explain in more detail?
What options (if any) were you presented with when you right clicked?
Do you have Administrator Privileges on the computer?
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Reboot
=========================
Could not disable Spybot for scans
Try these steps:
Disable Spybot Search & Destroy (temporarily)
Launch Spybot S & D
Select Mode it the top menu bar, select Advanced
Select the Tools sub menu on the left
Select the Resident from the left hand menu
Remove the check marks from both options in the right hand menu under "Resident Protection Status"
Exit Spybot
=========================
Try this other online scanner.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) TrendMicro HouseCall Online Scanner
Go to http://housecall.trendmicro.com/
Download HouseCall - Free Online Scanner
Select get HouseCall Now, save the file to your computer.
Double-click to launch HouseCall
Click Yes for the UAC
Click the Scan Now button
Fix any problems found
Copy and paste the results in your next reply
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Reboot
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Farbar Recovery Scan Tool it should be on your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the tool opens click Yes to disclaimer.
Select the Addition box
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
It will also make (Addition.txt). Please attach it to your reply
=========================
In your next post please provide the following:
Housecall results
FRST.txt
Addition.txt
How is the computer running?
Hi OCD,
Not sure if you got my last post so I'll repeat.
-could not delete Chrome from from Control Panel or Add/Remove programs so deleted it thru registry.
-could not right click on programs. They just 'hung' there. I do have administrators privileges.
- Opened Spybot Search and Destroy and clicked Advanced mode, went to Tools, and there is no 'Resident' option. I have Home version.
-I will go to Trend Micro House Calls then to Farber....
You are a saint to stick with me all this time and I thank you very much. :)
Katy
Hi OCD,
-Ran Trend Micro House Call; 'No Threats found'.
-rebooted
- tried to rerun Farber and was sent to OCD-WTT Bucket;
got a blank screen with a little bullseye in the middle and a popup to run Media Player;
then a screen for Windows PC Repair.
Computer running slooooow.
Katy
Hi Katy1,
could not delete Chrome from from Control Panel or Add/Remove programs so deleted it thru registry.
It is very important that during the malware removal process you do not take any cleaning steps unless I specifically ask you to do so. I can't stress strongly enough that you do not edit the Registry in any manner. Doing so can render your computer un-bootable, and may be the cause of some of the issues you are experiencing.
could not right click on programs. They just 'hung' there. I do have administrators privileges.
When you right click on the executable file, do you get an expanded menu of options?
If so, what are the menu options?
Opened Spybot Search and Destroy and clicked Advanced mode, went to Tools, and there is no 'Resident' option. I have Home version.
Try the instructions provided here >> http://www.safer-networking.org/faq/how-to-disable-spybot-sd-temporarily/
- tried to rerun Farber and was sent to OCD-WTT Bucket;
got a blank screen with a little bullseye in the middle and a popup to run Media Player;
then a screen for Windows PC Repair.
I'm a bit confused as to why you are experiencing these issues.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) System File Checker (SFC)
Click on the Start button and in the Search programs and files box type the following:
command
Don't press Enter, just let the search results populate above.
In the search results, locate the Programs section.
Locate the Command Prompt shortcut and right-click on it.
Select Run as administrator.
Click Yes on the User Account Control window that appears.
Important: If you see a User Account Control window but also a message that says To continue, type an administrator password, and then click Yes, then your user account must be a standard account, not an administrator account. Before you can click Yes and open an elevated command prompt, you'll need to type the password of another user on your Windows 7 computer that has administrator level privileges.
Note: You will not see this window at all if your User Account Control settings are turned all the way down. See How To Disable User Account Control in Windows 7 (http://pcsupport.about.com/gi/o.htm?zi=1/XJ&zTi=1&sdn=pcsupport&cdn=compute&tm=8&f=11&su=p284.13.342.ip_p504.6.342.ip_&tt=2&bt=0&bts=0&zu=http%3A//windows.microsoft.com/en-us/windows7/turn-user-account-control-on-or-off) for more information.
An elevated Command Prompt window will appear.
Type: sfc /scannow (There's a space between sfc and /scannow.) , then hit Enter
Let the check run to completion. DO NOT reboot the PC or close the cmd window.
Copy & Paste the following command at the Command Prompt and press Enter:
findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt
This will place a file on your desktop called sfcdetails.txt which contains the results of the scan.
Copy and Paste the contents of the file into your next post.
After the scan runs type exit to close the command prompt window
=========================
In your next post please provide the following:
sfcdetails.txt
Hi OCD,
-followed instruction you provided on Spybot; would did not show a 'resident' listing in Advanced mode, tools.
- when I right clicked on executable files I got nothing; no listings, nada.
- System file checker sent me to bullseye_zpsect36, where I got OCD-WTT bucket list, media player popup, etc. :(
Thank you,
katy
Hi Katy,
Please read the instructions all the way through before beginning so you are familiar with the steps you are about to take. You can even print them out for easier reference.
System file checker sent me to bullseye_zpsect36, where I got OCD-WTT bucket list, media player popup, etc. :(
If I am not mistaken, I think you are clicking on this image http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) and trying to proceed from there. That little "bulls-eye" is just a marker for each new step, not a click-able link for that step.
when I right clicked on executable files I got nothing; no listings, nada.
When you right click on an executable file you should see a menu similar to this?
http://i1269.photobucket.com/albums/jj590/OCD-WTT/RightClickMenuOptions_zps420423d4.gif (http://s1269.photobucket.com/user/OCD-WTT/media/RightClickMenuOptions_zps420423d4.gif.html)
Pick any desktop icon and try it. Your menu may be different, but does it include Run as Administrator?
Please also retry the System File Checker from my previous post again. Don't worry about disabling Spybot for now.
Hi OCD,
you're right, I was clicking on the 'bullseye'.
I do read all the instructions all the way thru but i didn't want/don't want to make mistakes so I was copying ever message each day. oh boy. doh!
I right clicked on icons on my desktop and never get run as administrator or the menu you provided as an example.
I will reload system file checker. thanks.
Katy
Hi OCD,
you're right, I was clicking on the 'bullseye'.
I do read all the instructions all the way thru but i didn't want/don't want to make mistakes so I was copying ever message each day. oh boy. doh!
I right clicked on icons on my desktop and never get run as administrator or the menu you provided as an example.
I will reload system file checker. thanks.
Katy
can't get back to where I was to down load system file checker. I googled it and got microsoft sites for techies. (?)
Hi Katy1,
Let's try a different approach to System File Checker.
Download Tweaking.com Windows Repair from here (http://www.bleepingcomputer.com/download/windows-repair-all-in-one/) or here (http://www.tweaking.com/files/setups/tweaking.com_windows_repair_aio_setup.exe) and save it to your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
=========================
Click on Step 4 Optional
http://i1269.photobucket.com/albums/jj590/OCD-WTT/Tweeking/TweekingcomStep4SFC_zpsb22b559a.gif (http://s1269.photobucket.com/user/OCD-WTT/media/Tweeking/TweekingcomStep4SFC_zpsb22b559a.gif.html)
Locate the Do It button as indicated in the image.
Let the scan complete and post the results after the scan has finished
In your next post please provide the following:
SFC Scan results
Hi OCD,
Having terrible problems. Again I right clicked on Tweaking.com, run as, and there were no options. I ran DOIT and could not find the SFC Scan results file. I am trying again now.
Yesterday I got all sorts of malware, which I finally deleted from add/remove programs:GAMESDESKTOP, VOPackage, Techgile, windows registry cleaner (?)BetterDeals, CinemaP.19cVO4oa, /ContentExplorer,ConvertAd,IGSmugscm /renite/desjtio/access(VuuPC)SmartWeb,SoftwareWatcher,WebCompanion/AdAware (ad awares good!!!), WinCheck,WordProsprl.m.0.6,....I'm grateful and surprised i got back here. I deleted and reinstalled spybot also.
On to Tweaking again
Best,
Katy
OCD,
Yes, I forgot. I don't have a windows CD but ran Tweaking anyway; I have MicrosoftOffice CDs that I reinstalled and they weren't helpful. And all the aforementioned malmare got in. ahh...what now (besides hanging myself!) lol
Katy
AtuZi be damned ;(
Hi Katy1,
Please refer back to my instructions in post #2, and repeated again in post #25
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
It is very important that you stop removing any software on your own. If you contract additional malware, let me know. Making changes to your system without my supervision will only delay the cleaning process. Also, if it happens it will be reflected in a subsequent scan.
=========================
Did the Tweaking SFC scan run to completion? If so, don't worry about the log.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Farbar Recovery Scan Tool it should be on your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the tool opens click Yes to disclaimer.
Select the Addition box
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
It will also make (Addition.txt). Please attach it to your reply
=========================
In your next post please provide the following:
FRST.txt
Addition.txt
Hi OCD! :)
Yes, Tweaking SFC did run thru.
ran Farber. Attaching FRST.txt and Addition.txt
Thankkkkkk you.
Katy
............Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-02-2015 01
Ran by Katy (administrator) on D5TBBCB1 on 05-02-2015 13:31:28
Running from C:\Documents and Settings\Katy\Desktop
Loaded Profiles: Katy (Available profiles: Katy)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DMXLauncher] => C:\Program Files\Dell\Media Experience\DMXLauncher.exe [98304 2006-05-03] ()
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe
HKLM\...\Run: [ISUSPM Startup] => "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2009-05-19] (Analog Devices, Inc.)
HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [122940 2005-11-07] (Sonic Solutions)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [gmsd_us_178] => [X]
HKLM\...\Run: [upgmsd_us_178.exe] => C:\Documents and Settings\Katy\Local Settings\Application Data\gmsd_us_178\upgmsd_us_178.exe -runhelper
Winlogon\Notify\avgrsstarter: avgrsstx.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Macrovision Corporation)
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\...\RunOnce: [Adobe Speed Launcher] => 1423159303
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=COSP&ptag=D020515-AC44713A88D0B45FFA7F&form=CONMHP&conlogo=CT3331981
SearchScopes: HKLM -> DefaultScope URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> DefaultScope {7ad9fd96-42e6-497b-8495-a40df0cc61e2} URL = http://www.bing.com/search?pc=COSP&ptag=D020515-AC44713A88D0B45FFA7F&form=CONBDF&conlogo=CT3331981&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {7ad9fd96-42e6-497b-8495-a40df0cc61e2} URL = http://www.bing.com/search?pc=COSP&ptag=D020515-AC44713A88D0B45FFA7F&form=CONBDF&conlogo=CT3331981&q={searchTerms}
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Katy\Application Data\Mozilla\Firefox\Profiles\rwde3gyy.default-1423158602250
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 Iprip; C:\WINDOWS\System32\iprip.dll [35328 2008-04-13] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel(R) Corporation) [File not signed]
S2 NIS; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-13] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]
S2 serverjo; C:\Documents and Settings\Katy\Application Data\VOPackage\JOSrv.exe [X]
S2 womufoji; C:\Documents and Settings\Katy\Application Data\VOPackage\nsx96.tmpfs [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 6195; C:\WINDOWS\System32\DRIVERS\6195 [9072 2011-11-18] ()
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2004-03-24] () [File not signed]
S1 ccSet_NIS; C:\WINDOWS\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-11-07] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-31] (Symantec Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-12] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-12] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP)
S3 netrcacm; C:\WINDOWS\System32\DRIVERS\netrcacm.sys [20648 2003-04-02] (Thomson Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46080 2005-08-19] (Sonic Solutions) [File not signed]
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46248 2013-10-10] ()
S3 SRTSP; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2013-12-14] (Symantec Corporation)
S1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
S1 SYMTDI; C:\WINDOWS\system32\drivers\NIS\1501000.012\SYMTDI.SYS [421592 2013-09-25] (Symantec Corporation)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 2980; System32\DRIVERS\2980 [X]
S3 Avgfwdx; system32\DRIVERS\avgfwdx.sys [X]
S3 Avgfwfd; system32\DRIVERS\avgfwdx.sys [X]
S1 BHDrvx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\Katy\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IDSxpx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140219.001\IDSxpx86.sys [X]
S3 NAVENG; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVEX15.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
S1 wpnfd_1_10_0_6; system32\drivers\wpnfd_1_10_0_6.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 13:31 - 2015-02-05 13:31 - 00014240 _____ () C:\Documents and Settings\Katy\Desktop\FRST.txt
2015-02-05 13:31 - 2015-02-05 13:31 - 00000000 ____D () C:\Documents and Settings\Katy\Desktop\FRST-OlderVersion
2015-02-05 12:38 - 2015-02-05 12:38 - 00000000 ____D () C:\Documents and Settings\Katy\Desktop\Old Firefox Data
2015-02-05 08:39 - 2015-02-05 08:39 - 00001812 _____ () C:\Documents and Settings\Katy\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2015-02-05 08:29 - 2015-02-05 08:29 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-02-05 08:29 - 2015-02-05 08:29 - 00000000 ____D () C:\Documents and Settings\Katy\Desktop\Program Files\Programs\Tweaking.com
2015-02-05 08:28 - 2015-02-05 08:28 - 10318832 _____ () C:\Documents and Settings\Katy\Desktop\tweaking.com_windows_repair_aio_setup.exe
2015-02-04 19:42 - 2015-02-05 13:09 - 00001370 _____ () C:\WINDOWS\Tasks\PHRDQX.job
2015-02-04 19:42 - 2015-02-04 19:42 - 01513432 _____ (Cinema PlusV04.02) C:\Documents and Settings\Katy\Application Data\PHRDQX.exe
2015-02-04 19:41 - 2015-02-05 13:09 - 00001718 _____ () C:\WINDOWS\Tasks\SHGGIKJF.job
2015-02-04 19:41 - 2015-02-05 13:01 - 00000956 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-02-04 19:41 - 2015-02-05 07:46 - 00000960 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-02-04 19:41 - 2015-02-04 19:41 - 02002392 _____ (Cinema PlusV04.02) C:\Documents and Settings\Katy\Application Data\SHGGIKJF.exe
2015-02-04 19:41 - 2015-02-04 19:41 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\globalUpdate
2015-02-04 19:37 - 2015-02-04 20:22 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\gmsd_us_178
2015-02-04 19:29 - 2015-02-04 19:29 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
2015-02-04 19:29 - 2015-02-04 19:29 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Mozilla
2015-02-04 19:20 - 2015-02-05 13:09 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-02-04 19:20 - 2015-02-04 19:20 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-02-04 19:20 - 2015-02-04 19:20 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-02-04 19:19 - 2015-02-04 19:19 - 00001842 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-04 19:19 - 2015-02-04 19:19 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2015-02-04 19:19 - 2015-02-04 19:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-04 19:19 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2015-02-04 19:16 - 2015-02-04 19:16 - 00004512 _____ () C:\WINDOWS\system32\LavasoftTcpService.ini
2015-02-04 19:16 - 2015-02-04 19:16 - 00002400 _____ () C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-02-04 19:16 - 2015-01-23 06:39 - 00332216 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService.dll
2015-02-04 18:58 - 2015-02-05 13:30 - 00000000 ____D () C:\Documents and Settings\Katy\Desktop\ocd atuzi tools
2015-02-04 12:48 - 2015-02-05 13:31 - 00000000 ____D () C:\FRST
2015-02-04 12:48 - 2015-02-04 12:48 - 00000000 ____D () C:\AdwCleaner
2015-02-04 12:29 - 2015-02-04 12:29 - 00000415 _____ () C:\WINDOWS\WINNT32.LOG
2015-02-04 12:17 - 2010-07-12 07:55 - 00218112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD62D.tmp
2015-02-04 12:17 - 2004-08-04 05:00 - 00041029 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD647.tmp
2015-02-04 12:17 - 2004-08-04 05:00 - 00036937 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD644.tmp
2015-02-04 12:17 - 2004-08-04 05:00 - 00029760 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD64D.tmp
2015-02-04 12:17 - 2004-08-04 05:00 - 00028288 _____ () C:\WINDOWS\system32\dllcache\xjis.nls
2015-02-04 12:17 - 2004-08-04 05:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD630.tmp
2015-02-04 12:17 - 2004-08-04 05:00 - 00004677 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD64A.tmp
2015-02-04 12:16 - 2004-08-04 05:00 - 00119808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD623.tmp
2015-02-04 12:15 - 2013-07-16 19:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD5E5.tmp
2015-02-04 12:15 - 2004-08-04 05:00 - 00032339 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD5DF.tmp
2015-02-04 12:11 - 2008-04-13 19:12 - 00538624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD573.tmp
2015-02-04 12:11 - 2004-08-04 05:00 - 00056832 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD561.tmp
2015-02-04 12:09 - 2004-08-04 05:00 - 02178131 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD519.tmp
2015-02-04 12:09 - 2004-08-04 05:00 - 00066113 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD516.tmp
2015-02-04 12:09 - 2004-08-04 05:00 - 00042573 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD51C.tmp
2015-02-04 12:07 - 2004-08-04 05:00 - 00753236 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD4CC.tmp
2015-02-04 12:07 - 2004-08-04 05:00 - 00048706 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD4C9.tmp
2015-02-04 12:07 - 2004-08-04 05:00 - 00042574 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD4CF.tmp
2015-02-04 12:06 - 2008-04-13 19:12 - 00281088 ____C (Cinematronics) C:\WINDOWS\system32\dllcache\OLD486.tmp
2015-02-04 12:06 - 2004-08-04 05:00 - 00083748 _____ () C:\WINDOWS\system32\dllcache\prcp.nls
2015-02-04 12:06 - 2004-08-04 05:00 - 00083748 _____ () C:\WINDOWS\system32\dllcache\prc.nls
2015-02-04 12:04 - 2013-07-03 21:08 - 02028544 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD43B.tmp
2015-02-04 12:02 - 2009-12-16 13:43 - 00343040 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD3FC.tmp
2015-02-04 12:02 - 2004-08-04 05:00 - 00126976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD3F3.tmp
2015-02-04 12:00 - 2004-08-04 05:00 - 00047066 _____ () C:\WINDOWS\system32\dllcache\ksc.nls
2015-02-04 11:57 - 2004-08-04 05:00 - 01175635 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD30C.tmp
2015-02-04 11:57 - 2004-08-04 05:00 - 00057409 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD309.tmp
2015-02-04 11:57 - 2004-08-04 05:00 - 00042573 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD30F.tmp
2015-02-04 11:56 - 2004-08-04 05:00 - 00605696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD2D8.tmp
2015-02-04 11:56 - 2004-08-04 05:00 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD2C3.tmp
2015-02-04 11:56 - 2001-08-17 12:10 - 00022090 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\OLD2B2.tmp
2015-02-04 11:56 - 2001-08-17 12:10 - 00022090 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\OLD2AF.tmp
2015-02-04 11:54 - 2001-08-17 12:10 - 00019996 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\OLD26B.tmp
2015-02-04 11:54 - 2001-08-17 12:10 - 00019996 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\OLD268.tmp
2015-02-04 11:52 - 2008-04-13 19:12 - 00102912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD1A2.tmp
2015-02-04 11:52 - 2004-08-04 05:00 - 01039955 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD1AB.tmp
2015-02-04 11:52 - 2004-08-04 05:00 - 00780885 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD186.tmp
2015-02-04 11:52 - 2004-08-04 05:00 - 00217160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD1A8.tmp
2015-02-04 11:52 - 2004-08-04 05:00 - 00080384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD17D.tmp
2015-02-04 11:52 - 2004-08-04 05:00 - 00042575 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD189.tmp
2015-02-04 11:52 - 2004-08-04 05:00 - 00040515 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD183.tmp
2015-02-04 11:51 - 2004-08-04 05:00 - 01817687 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLDD7.tmp
2015-02-04 11:51 - 2004-08-04 05:00 - 00195618 _____ () C:\WINDOWS\system32\dllcache\c_10002.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00189986 _____ () C:\WINDOWS\system32\dllcache\c_1361.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00187938 _____ () C:\WINDOWS\system32\dllcache\c_20005.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00186402 _____ () C:\WINDOWS\system32\dllcache\c_20001.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00185378 _____ () C:\WINDOWS\system32\dllcache\c_20003.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00180770 _____ () C:\WINDOWS\system32\dllcache\c_20932.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00180258 _____ () C:\WINDOWS\system32\dllcache\c_20004.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00180258 _____ () C:\WINDOWS\system32\dllcache\c_20000.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00177698 _____ () C:\WINDOWS\system32\dllcache\c_20949.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00177698 _____ () C:\WINDOWS\system32\dllcache\c_10003.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00173602 _____ () C:\WINDOWS\system32\dllcache\c_20936.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00173602 _____ () C:\WINDOWS\system32\dllcache\c_20002.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00173602 _____ () C:\WINDOWS\system32\dllcache\c_10008.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00162850 _____ () C:\WINDOWS\system32\dllcache\c_10001.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00114688 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD14E.tmp
2015-02-04 11:51 - 2004-08-04 05:00 - 00082501 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLDD4.tmp
2015-02-04 11:51 - 2004-08-04 05:00 - 00082172 _____ () C:\WINDOWS\system32\dllcache\bopomofo.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066728 _____ () C:\WINDOWS\system32\dllcache\big5.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066594 _____ () C:\WINDOWS\system32\dllcache\c_864.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066594 _____ () C:\WINDOWS\system32\dllcache\c_862.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066594 _____ () C:\WINDOWS\system32\dllcache\c_858.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066594 _____ () C:\WINDOWS\system32\dllcache\c_720.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_870.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_708.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_28596.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_21027.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_21025.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20924.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20880.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20871.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20838.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20833.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20424.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20423.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20420.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20297.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20290.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20285.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20284.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20280.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20278.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20277.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20273.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20269.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20108.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20107.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20106.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20105.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1149.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1148.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1147.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1146.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1145.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1144.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1143.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1142.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1141.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1140.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1047.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_10005.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_10004.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00042577 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLDDA.tmp
2015-02-04 11:49 - 2013-07-03 22:03 - 02149888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD51.tmp
2015-02-03 11:24 - 2015-02-03 11:24 - 00017025 _____ () C:\Documents and Settings\Katy\Desktop\stoicism nyt 2 2 15.txt
2015-02-03 11:15 - 2015-02-03 11:20 - 00000092 _____ () C:\Documents and Settings\Katy\Desktop\stoic.txt
2015-02-02 14:32 - 2015-02-02 14:32 - 00170998 _____ () C:\Documents and Settings\Katy\Local Settings\Application Data\ars.cache
2015-02-02 14:32 - 2015-02-02 14:32 - 00150328 _____ () C:\Documents and Settings\Katy\Local Settings\Application Data\census.cache
2015-02-02 13:56 - 2015-02-02 13:56 - 00000036 _____ () C:\Documents and Settings\Katy\Local Settings\Application Data\housecall.guid.cache
2015-02-02 10:44 - 2015-02-02 10:44 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-02-01 20:09 - 2015-02-03 09:09 - 00018944 _____ () C:\Documents and Settings\Katy\Desktop\FEBRUARY SPENDING RECORD 2015.xls
2015-02-01 15:38 - 2015-01-16 09:32 - 00450775 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20150201-153831.backup
2015-01-29 14:14 - 2015-01-29 14:14 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-29 13:46 - 2015-01-29 13:46 - 00053106 _____ () C:\Documents and Settings\Katy\Desktop\win 7 ultimate guide 1 29 15.txt
2015-01-28 21:28 - 2015-02-05 13:31 - 01123328 _____ (Farbar) C:\Documents and Settings\Katy\Desktop\FRST.exe
2015-01-26 18:24 - 2015-02-04 12:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 11:12 - 2015-01-25 11:12 - 00002086 _____ () C:\Documents and Settings\Katy\Application Data\PHRDQX
2015-01-25 11:12 - 2015-01-25 11:12 - 00001248 _____ () C:\Documents and Settings\Katy\Application Data\SHGGIKJF
2015-01-24 09:23 - 2015-01-24 09:25 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\POT STOX
2015-01-24 08:46 - 2015-01-24 08:46 - 00000331 _____ () C:\Documents and Settings\Katy\My Documents\be careful.txt
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Hewlett-Packard
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2015-01-23 10:44 - 2015-01-23 10:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AdZe MiXXe
2015-01-23 07:19 - 2015-01-23 07:19 - 00013620 ____C () C:\Documents and Settings\Katy\My Documents\shais taub the steps we took etc.txt
2015-01-20 12:32 - 2015-01-18 20:43 - 00104194 ____C () C:\WINDOWS\hpoins04.dat.temp
2015-01-20 12:32 - 2004-06-22 10:04 - 00017176 ____C () C:\WINDOWS\hpomdl04.dat.temp
2015-01-20 12:32 - 2004-04-13 03:10 - 00581632 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpotscl.dll
2015-01-20 12:32 - 2004-04-13 03:10 - 00090112 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpovst08.dll
2015-01-20 12:32 - 2004-03-14 05:32 - 00278528 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpgwiamd.dll
2015-01-20 12:31 - 2004-04-07 09:34 - 00196608 _____ (HP) C:\WINDOWS\system32\hpzcoi10.dll
2015-01-20 12:31 - 2004-04-07 09:33 - 00344064 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\hpzcon10.dll
2015-01-20 12:31 - 2004-03-14 05:43 - 00180315 _____ (HP) C:\WINDOWS\system32\hpzsnt10.dll
2015-01-20 12:28 - 2015-01-23 10:47 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-01-20 12:28 - 2015-01-23 08:26 - 00000000 ____D () C:\Program Files\Hp
2015-01-20 09:54 - 2015-01-20 09:54 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\ProcAlyzer Dumps
2015-01-18 21:01 - 2015-02-02 21:01 - 00000302 _____ () C:\WINDOWS\Tasks\WebReg officejet 4200 series.job
2015-01-18 21:01 - 2015-01-18 21:01 - 00001053 ____C () C:\_Sid.txt
2015-01-18 20:11 - 2015-01-18 20:11 - 00000000 ____D () C:\Program Files\Common Files\HP
2015-01-18 20:09 - 2015-01-18 20:09 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2015-01-18 19:58 - 2015-01-20 12:34 - 00102032 _____ () C:\WINDOWS\hpoins04.dat
2015-01-18 19:58 - 2004-06-22 06:20 - 00017218 ____C () C:\WINDOWS\hpomdl04.dat
2015-01-16 09:32 - 2015-01-09 14:14 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150116-093242.backup
2015-01-13 20:11 - 2015-01-23 08:43 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\{7477016f-6628-718d-7477-7016f66205bd}
2015-01-12 20:52 - 2015-01-12 20:53 - 00059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2015-01-12 20:52 - 2015-01-12 20:52 - 00002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-11 10:21 - 2015-01-11 10:21 - 00074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2015-01-10 16:18 - 2015-01-10 16:18 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\Image Zone Express
2015-01-10 13:23 - 2015-01-10 13:23 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\Hewlett-Packard
2015-01-09 14:14 - 2015-01-06 11:39 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150109-141431.backup
2015-01-06 11:39 - 2015-01-03 09:12 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150106-113903.backup
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 13:31 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Temp
2015-02-05 13:24 - 2012-04-04 07:16 - 00701616 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-05 13:24 - 2012-04-04 07:16 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-05 13:24 - 2011-12-09 09:38 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-05 13:08 - 2011-02-22 08:01 - 01611824 ____C () C:\WINDOWS\WindowsUpdate.log
2015-02-05 13:04 - 2011-02-22 08:01 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2015-02-05 13:04 - 2011-02-22 08:01 - 00000048 ____C () C:\WINDOWS\wiaservc.log
2015-02-05 13:01 - 2014-04-03 12:42 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-02-05 13:01 - 2004-08-10 13:08 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2015-02-05 13:00 - 2014-08-13 18:38 - 00065536 ____C () C:\WINDOWS\system32\config\SpybotSD.evt
2015-02-05 13:00 - 2012-08-27 16:05 - 00032622 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-05 13:00 - 2011-11-18 19:18 - 00196608 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-02-05 13:00 - 2006-07-22 16:51 - 00000278 __SHC () C:\Documents and Settings\Katy\ntuser.ini
2015-02-05 12:56 - 2011-01-13 16:15 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-02-05 12:56 - 2006-07-17 19:17 - 00000254 _____ () C:\boot.ini
2015-02-05 10:00 - 2014-07-20 20:09 - 00026583 _____ () C:\WINDOWS\setupact.log
2015-02-05 08:59 - 2012-03-21 06:39 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\NA
2015-02-05 08:59 - 2012-01-11 21:34 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\FUN
2015-02-05 08:59 - 2011-12-09 20:03 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\AA
2015-02-05 07:18 - 2004-08-10 12:51 - 00002206 ____C () C:\WINDOWS\system32\wpa.dbl
2015-02-04 20:50 - 2008-04-01 07:21 - 00006848 ____C () C:\WINDOWS\wininit.ini
2015-02-04 20:34 - 2014-02-21 15:08 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Lavasoft
2015-02-04 19:45 - 2014-08-12 09:15 - 00131072 ____C () C:\WINDOWS\system32\config\Spybot -.evt
2015-02-04 19:43 - 2014-07-30 18:48 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\Adobe
2015-02-04 19:41 - 2014-07-30 18:43 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2015-02-04 19:40 - 2006-08-01 20:48 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-02-04 19:28 - 2014-08-12 09:14 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-02-04 18:59 - 2014-02-24 10:33 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-02-04 18:58 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\Google
2015-02-04 12:57 - 2011-12-10 22:39 - 00002487 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2015-02-04 12:49 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy
2015-02-04 12:49 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-02-04 12:49 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-02-04 12:49 - 2004-08-10 13:02 - 00000000 ____D () C:\WINDOWS\Registration
2015-02-04 12:45 - 2011-12-10 22:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
2015-02-04 12:39 - 2014-10-12 17:25 - 00173971 ____C () C:\WINDOWS\setupapi.log
2015-02-04 12:37 - 2004-08-10 12:51 - 00001329 ____C () C:\WINDOWS\win.ini
2015-02-04 12:36 - 2011-11-23 14:56 - 00000000 ____D () C:\WINDOWS\SHELLNEW
2015-02-04 12:36 - 2004-08-10 12:57 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-04 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\Media
2015-02-04 12:35 - 2006-08-05 18:58 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-04 12:34 - 2004-08-10 13:04 - 00000000 ____D () C:\Program Files\microsoft frontpage
2015-02-04 12:34 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\system
2015-02-04 12:29 - 2011-12-05 09:57 - 00000853 ____C () C:\WINDOWS\DHCPUPG.LOG
2015-02-04 09:29 - 2012-07-03 07:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-03 10:38 - 2011-12-21 12:30 - 00000000 ___DC () C:\8fd3818fadf89c2779d8860803ef0cab
2015-02-03 08:58 - 2004-08-10 13:08 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2015-02-02 10:42 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\Help
2015-02-01 14:24 - 2004-08-10 13:04 - 00000175 ____C () C:\WINDOWS\control.ini
2015-01-31 17:34 - 2011-12-10 22:39 - 00002489 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2015-01-31 09:02 - 2009-03-16 09:58 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF912A38-04AF-4DEA-99F3-FBFD6C3CAF34}.job
2015-01-27 20:21 - 2006-08-05 19:02 - 00059312 ____C () C:\Documents and Settings\Katy\Application Data\GDIPFONTCACHEV1.DAT
2015-01-24 20:25 - 2014-10-18 22:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-01-24 19:50 - 2014-03-27 10:02 - 00002565 ____C () C:\Documents and Settings\Katy\Desktop\Microsoft Calculator Plus.lnk
2015-01-24 09:21 - 2011-12-09 20:04 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\MONEY
2015-01-23 10:49 - 2008-12-11 09:27 - 00243128 ____C () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-23 10:44 - 2013-08-14 07:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-23 10:43 - 2006-07-17 19:17 - 00000000 ___DC () C:\dell
2015-01-23 10:43 - 2006-07-17 19:11 - 00000000 ____D () C:\i386
2015-01-23 08:26 - 2011-12-08 21:07 - 00000000 ___DC () C:\unzipped
2015-01-22 09:24 - 2014-10-02 10:36 - 00002027 ____C () C:\Documents and Settings\Katy\My Documents\swank critical.txt
2015-01-20 13:10 - 2011-12-18 12:21 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-01-20 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\twain_32
2015-01-20 12:34 - 2008-12-03 11:55 - 00012964 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-01-20 12:30 - 2006-07-22 19:36 - 00059312 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-01-20 11:31 - 2014-07-20 18:28 - 00000724 ____C () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-01-20 11:31 - 2011-12-08 20:32 - 00000730 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-15 10:14 - 2006-07-23 08:43 - 110348472 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-14 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\pchealth
2015-01-12 21:00 - 2009-08-15 14:23 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HpUpdate
2015-01-11 11:05 - 2011-12-09 08:41 - 00000000 ____D () C:\Program Files\Savings Bond Wizard
2015-01-10 13:36 - 2008-12-03 13:12 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HP
2015-01-08 15:00 - 2014-04-03 12:42 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
==================== Files in the root of some directories =======
2006-08-27 16:27 - 2008-07-26 19:15 - 0004096 ____C () C:\Documents and Settings\Katy\Application Data\dvd.bmk
2015-01-12 20:52 - 2015-01-12 20:52 - 0002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-12 20:52 - 2015-01-12 20:53 - 0059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2006-07-28 06:32 - 2006-07-28 06:32 - 0012358 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JCM.{PB
2006-07-28 06:32 - 2006-07-28 06:32 - 0061678 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JPR.{PB
2015-01-25 11:12 - 2015-01-25 11:12 - 0002086 _____ () C:\Documents and Settings\Katy\Application Data\PHRDQX
2015-02-04 19:42 - 2015-02-04 19:42 - 1513432 _____ (Cinema PlusV04.02) C:\Documents and Settings\Katy\Application Data\PHRDQX.exe
2015-01-25 11:12 - 2015-01-25 11:12 - 0001248 _____ () C:\Documents and Settings\Katy\Application Data\SHGGIKJF
2015-02-04 19:41 - 2015-02-04 19:41 - 2002392 _____ (Cinema PlusV04.02) C:\Documents and Settings\Katy\Application Data\SHGGIKJF.exe
2015-01-11 10:21 - 2015-01-11 10:21 - 0074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2015-02-02 14:32 - 2015-02-02 14:32 - 0170998 _____ () C:\Documents and Settings\Katy\Local Settings\Application Data\ars.cache
2015-02-02 14:32 - 2015-02-02 14:32 - 0150328 _____ () C:\Documents and Settings\Katy\Local Settings\Application Data\census.cache
2008-08-24 17:23 - 2011-01-12 10:24 - 0004608 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-23 07:45 - 2006-07-23 07:45 - 0000127 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\fusioncache.dat
2015-02-02 13:56 - 2015-02-02 13:56 - 0000036 _____ () C:\Documents and Settings\Katy\Local Settings\Application Data\housecall.guid.cache
Some content of TEMP:
====================
C:\Documents and Settings\Katy\Local Settings\Temp\8594.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-02-2015 01
Ran by Katy at 2015-02-05 13:32:49
Running from C:\Documents and Settings\Katy\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG Anti-Virus Free (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
aaquotes (HKLM\...\ST5UNST #1) (Version: - )
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1703.41614 - ABBYY Software House)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AiO_Scan (Version: 43.0.217.000 - Hewlett-Packard) Hidden
AOLIcon (Version: 1.00.0000 - Dell) Hidden
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )
Dell CinePlayer (HKLM\...\{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}) (Version: 3.0 - Dell)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Digital Content Portal (HKLM\...\{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}) (Version: 1.00.0000 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc)
DocProc (Version: 7.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Documentation & Support Launcher (HKLM\...\{B0DF58A2-40DF-4465-AA56-38623EC9938C}) (Version: 1.00.0000 - Dell Inc.)
e-AA lite (HKLM\...\e-AA lite_is1) (Version: v1.11 - The Anonymous Press)
ELIcon (Version: 1.00.0000 - Dell) Hidden
Enterprise (Version: 43.0.217.000 - Hewlett-Packard) Hidden
Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP PSC & Officejet 4.2 Corporate Edition (HKLM\...\{AC1314E7-D28C-40A1-B322-80D2868D35CE}) (Version: - HP)
HP Support Solutions Framework (HKLM\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
Intel(R) Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel(R) PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - )
Intel(R) PROSet for Wired Connections (HKLM\...\{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}) (Version: 8.00.5000 - Dell)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Mah Jongg - The REAL Game! (HKLM\...\Mah Jongg - The REAL Game!) (Version: - )
MCU (Version: 1.00.0000 - Dell) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM\...\{90110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 2.40 - BVRP Software)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.12 - BVRP Software, Inc)
OCR Software by I.R.I.S 7.0 (HKLM\...\HPOCR) (Version: 7.0 - HP)
Professor Teaches Access 2000 (HKLM\...\Professor Teaches Access 2000) (Version: - )
Professor Teaches Access 2002 (HKLM\...\Professor Teaches Access 2002) (Version: 3.0 - Individual Software, Inc.)
Professor Teaches Excel 2000 (HKLM\...\Professor Teaches Excel 2000) (Version: - )
Professor Teaches Excel 2002 (HKLM\...\Professor Teaches Excel 2002) (Version: 3.0 - Individual Software, Inc.)
Professor Teaches FrontPage 2002 (HKLM\...\Professor Teaches FrontPage 2002) (Version: 3.0 - Individual Software, Inc.)
Professor Teaches Outlook 2000 (HKLM\...\Professor Teaches Outlook 2000) (Version: - )
Professor Teaches Outlook 2002 (HKLM\...\Professor Teaches Outlook 2002) (Version: 3.0 - Individual Software, Inc.)
Professor Teaches PowerPoint 2000 (HKLM\...\Professor Teaches PowerPoint 2000) (Version: - )
Professor Teaches PowerPoint 2002 (HKLM\...\Professor Teaches PowerPoint 2002) (Version: 3.0 - Individual Software, Inc.)
Professor Teaches Windows XP Home Edition (HKLM\...\Professor Teaches Windows XP Home Edition) (Version: 4.0 - Individual Software, Inc.)
Professor Teaches Word 2000 (HKLM\...\Professor Teaches Word 2000) (Version: - )
Professor Teaches Word 2002 (HKLM\...\Professor Teaches Word 2002) (Version: 3.0 - Individual Software, Inc.)
Roxio DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 5.2.0 - Roxio)
Roxio MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.6 - Roxio)
Roxio RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Roxio)
Roxio RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Roxio)
Roxio RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Roxio)
Savings Bond Wizard (HKLM\...\Savings Bond Wizard) (Version: - )
Scan (Version: 4.1.0.0 - Hewlett-Packard) Hidden
Scrabble (HKLM\...\Scrabble) (Version: - )
Search Assist (HKLM\...\{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}) (Version: 1.00.0000 - Dell)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.4 - Tweaking.com)
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
WebCyberCoach 3.2 Dell (HKLM\...\WebCyberCoach_wtrb) (Version: - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Wellness (HKLM\...\{E7DB1937-44D9-4DD7-9704-46BDCACD9DD0}) (Version: 4.5 - Zentrum Publishing)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0018.5 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20061107.210142 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinZip (HKLM\...\WinZip) (Version: 9.0 (6028) - WinZip Computing, Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Katy\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Katy\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No File
==================== Restore Points =========================
07-12-2014 03:01:58 System Checkpoint
09-12-2014 10:03:13 System Checkpoint
10-12-2014 09:51:25 Software Distribution Service 3.0
15-12-2014 11:19:34 System Checkpoint
17-12-2014 18:45:45 System Checkpoint
19-12-2014 10:27:10 System Checkpoint
21-12-2014 14:34:04 System Checkpoint
22-12-2014 13:51:03 Restore Operation
22-12-2014 13:58:35 Software Distribution Service 3.0
22-12-2014 15:46:26 Restore Operation
26-12-2014 18:52:22 Removed Across Lite
31-12-2014 13:27:45 System Checkpoint
03-01-2015 09:34:01 System Checkpoint
05-01-2015 08:42:34 System Checkpoint
06-01-2015 09:38:57 System Checkpoint
09-01-2015 15:00:45 System Checkpoint
10-01-2015 13:22:58 Installed HP Support Solutions Framework
10-01-2015 13:54:01 Printer Driver HP Officejet 5600 series fax Installed
11-01-2015 10:19:22 Removed HP Software Update
12-01-2015 21:00:19 Installed HP Product Assistant
13-01-2015 20:16:10 Restore Operation
13-01-2015 20:22:04 Software Distribution Service 3.0
14-01-2015 12:51:09 Removed HP Support Solutions Framework
14-01-2015 12:53:52 Removed HP Update.
15-01-2015 09:59:35 Restore Operation
15-01-2015 10:14:15 Software Distribution Service 3.0
17-01-2015 05:06:29 System Checkpoint
18-01-2015 19:42:15 Installed HP Support Solutions Framework
18-01-2015 20:14:22 Printer Driver hp officejet 4200 series fax Installed
19-01-2015 08:38:01 Restore Operation
19-01-2015 08:51:23 Restore Operation
19-01-2015 09:06:37 Software Distribution Service 3.0
19-01-2015 10:13:08 Restore Operation
20-01-2015 10:58:48 System Checkpoint
20-01-2015 12:28:41 Installed HP Support Solutions Framework
22-01-2015 07:48:36 System Checkpoint
23-01-2015 08:24:59 Restore Operation
23-01-2015 08:49:34 Software Distribution Service 3.0
23-01-2015 10:34:38 Restore Operation
25-01-2015 16:13:08 System Checkpoint
26-01-2015 18:38:05 System Checkpoint
28-01-2015 08:10:41 System Checkpoint
29-01-2015 09:41:49 System Checkpoint
31-01-2015 21:26:22 System Checkpoint
02-02-2015 05:55:58 System Checkpoint
04-02-2015 11:26:21 System Checkpoint
04-02-2015 12:35:08 Installed Microsoft Office 2000 Professional
04-02-2015 12:44:38 Restore Operation
04-02-2015 13:27:59 avast! antivirus system restore point
04-02-2015 18:10:51 avast! antivirus system restore point
04-02-2015 18:21:41 Restore Operation
04-02-2015 18:25:35 Restore Operation
04-02-2015 18:30:26 Restore Operation
04-02-2015 18:36:50 Restore Operation
04-02-2015 18:44:03 Restore Operation
04-02-2015 18:48:52 Restore Operation
04-02-2015 18:55:33 Restore Operation
04-02-2015 19:01:06 Restore Operation
04-02-2015 19:07:03 Restore Operation
04-02-2015 19:15:28 LavasoftWeCompanion
04-02-2015 20:30:31 LavasoftWeCompanion
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-08-10 12:51 - 2015-02-01 15:38 - 00450775 ___RC C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 1spybot.com
127.0.0.1 www.1spybot.com
127.0.0.1 1stantivirus.com
127.0.0.1 www.1stantivirus.com
127.0.0.1 1stpagehere.com
127.0.0.1 www.1stpagehere.com
127.0.0.1 1stsearchportal.com
127.0.0.1 www.1stsearchportal.com
127.0.0.1 2-2005-search.com
127.0.0.1 www.2-2005-search.com
127.0.0.1 2.82211.net
127.0.0.1 2006ooo.com
127.0.0.1 www.2006ooo.com
127.0.0.1 2007-download.com
127.0.0.1 www.2007-download.com
127.0.0.1 2008-search-destroy.com
127.0.0.1 www.2008-search-destroy.com
127.0.0.1 2008-viewer.com
127.0.0.1 www.2008-viewer.com
127.0.0.1 2008firefox.com
127.0.0.1 www.2008firefox.com
127.0.0.1 2008search-destroy.com
127.0.0.1 www.2008search-destroy.com
127.0.0.1 2009--access.com
127.0.0.1 www.2009--access.com
127.0.0.1 2009-edition.com
127.0.0.1 www.2009-edition.com
127.0.0.1 2009-phone.com
127.0.0.1 www.2009-phone.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\PHRDQX.job => C:\Documents and Settings\Katy\Application Data\PHRDQX.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\SHGGIKJF.job => C:\Documents and Settings\Katy\Application Data\SHGGIKJF.exe
Task: C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
Task: C:\WINDOWS\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF912A38-04AF-4DEA-99F3-FBFD6C3CAF34}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\WebReg officejet 4200 series.job => C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
==================== Loaded Modules (whitelisted) ==============
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\WINDOWS\explorer.exe:�SummaryInformation
AlternateDataStreams: C:\WINDOWS\explorer.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\wmp11Uninst.log:�SummaryInformation
AlternateDataStreams: C:\WINDOWS\wmp11Uninst.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2BDCFAD6
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2D5907B8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D158BAF9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Katy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-1226216386-1621485569-1288477537-500 - Administrator - Enabled)
Guest (S-1-5-21-1226216386-1621485569-1288477537-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1226216386-1621485569-1288477537-1005 - Limited - Disabled)
Katy (S-1-5-21-1226216386-1621485569-1288477537-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Katy
SUPPORT_388945a0 (S-1-5-21-1226216386-1621485569-1288477537-1002 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/05/2015 01:09:03 PM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.
Error: (02/05/2015 07:24:06 AM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.
Error: (02/04/2015 08:58:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application gentlemjmp_ieeuu.tmp, version 51.52.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (02/04/2015 07:16:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 35.0.1.5500, faulting module mozalloc.dll, version 35.0.1.5500, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]
Error: (02/04/2015 07:13:35 PM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.
Error: (02/04/2015 07:06:49 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
Context: Windows Application
Details:
The content index cannot be read. (0xc0041800)
Error: (02/04/2015 07:06:49 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index cannot be read. (0xc0041800)
Error: (02/04/2015 07:06:49 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
The content index cannot be read. (0xc0041800)
Error: (02/04/2015 07:06:49 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.
Context: Windows Application, SystemIndex Catalog
Details:
0xc0041801 (0xc0041801)
Error: (02/04/2015 06:48:41 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
Context: Windows Application
Details:
The content index cannot be read. (0xc0041800)
System errors:
=============
Error: (02/05/2015 01:24:59 PM) (Source: WPDMTPDriver) (EventID: 15300) (User: )
Description: MTP WPD Driver has failed to start. Error 0x8007048f.
Error: (02/05/2015 01:08:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx86
ccSet_NIS
SymIRON
SYMTDI
wpnfd_1_10_0_6
Error: (02/05/2015 01:05:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Start Menu Video Camera service failed to start due to the following error:
%%2
Error: (02/05/2015 01:05:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The JO Service component service failed to start due to the following error:
%%2
Error: (02/05/2015 01:05:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053
Error: (02/05/2015 01:05:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
Error: (02/05/2015 01:05:14 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Norton Internet Security service terminated with service-specific error 4294967295 (0xFFFFFFFF).
Error: (02/05/2015 01:05:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%1053
Error: (02/05/2015 01:05:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the HP Support Solutions Framework Service service to connect.
Error: (02/05/2015 01:05:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The globalUpdate Update Service (globalUpdate) service failed to start due to the following error:
%%2
Microsoft Office Sessions:
=========================
Error: (02/05/2015 01:09:03 PM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\
Error: (02/05/2015 07:24:06 AM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\
Error: (02/04/2015 08:58:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: gentlemjmp_ieeuu.tmp51.52.0.0hungapp0.0.0.000000000
Error: (02/04/2015 07:16:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.5500mozalloc.dll35.0.1.550000001425
Error: (02/04/2015 07:13:35 PM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\
Error: (02/04/2015 07:06:49 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application
Details:
The content index cannot be read. (0xc0041800)
Error: (02/04/2015 07:06:49 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog
Details:
The content index cannot be read. (0xc0041800)
Error: (02/04/2015 07:06:49 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog
Details:
The content index cannot be read. (0xc0041800)
Search.TripoliIndexer
Error: (02/04/2015 07:06:49 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Context: Windows Application, SystemIndex Catalog
Details:
0xc0041801 (0xc0041801)
Error: (02/04/2015 06:48:41 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application
Details:
The content index cannot be read. (0xc0041800)
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) CPU 2.53GHz
Percentage of memory in use: 30%
Total physical RAM: 2045.98 MB
Available physical RAM: 1423.86 MB
Total Pagefile: 3431.36 MB
Available Pagefile: 2921.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1928.27 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:52.7 GB) (Free:31.16 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Backup) (Fixed) (Total:18.61 GB) (Free:18.53 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=52.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.1 GB) - (Type=DB)
==================== End Of Log ============================
Hi Katy1,
As you are well aware you are running an out dated operating system (Windows XP). You also have an older computer with a slower processor 2.53GHz and a minimal amount of RAM : 2045.98 MB (Random Access Memory). These are the primary contributing factors that are contributing to the slowness of your computer.
If it is in your budget an new computer would be your best avenue to take. If it's not, the if your computer's RAM can be expanded you could always add some new RAM modules which is rather affordable these days. If you would like some additional information on this let me know.
You did also stated that you do not have the Windows XP installation disks, correct?
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Multiple Anti-Virus Programs Installed
I notice that you have both AVG Anti-Virus Free and Norton Internet Security installed at the same time. Having more than one antivirus program running at the same time can seriously degrade the performance of your system.
Please uninstall either AVG Anti-Virus Free or Norton Internet Security (which ever you prefer) using either the provided uninstall feature that is part of the antivirus program or through Add/Remove Programs (for Vista and Win 7 users to go to Programs and Features in the Control Panel). As a rule of thumb one should run one firewall, one antivirus program in memory, and one anti-spyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) FRST Fix Script
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
Start
CloseProcesses:
HKLM\...\Run: [gmsd_us_178] => [X]
HKLM\...\Run: [upgmsd_us_178.exe] => C:\Documents and Settings\Katy\Local Settings\Application Data\gmsd_us_178\upgmsd_us_178.exe -runhelper
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> DefaultScope URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> DefaultScope {7ad9fd96-42e6-497b-8495-a40df0cc61e2} URL = http://www.bing.com/search?pc=COSP&ptag=D020515-AC44713A88D0B45FFA7F&form=CONBDF&conlogo=CT3331981&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {7ad9fd96-42e6-497b-8495-a40df0cc61e2} URL = http://www.bing.com/search?pc=COSP&ptag=D020515-AC44713A88D0B45FFA7F&form=CONBDF&conlogo=CT3331981&q={searchTerms}
2015-02-04 19:42 - 2015-02-05 13:09 - 00001370 _____ () C:\WINDOWS\Tasks\PHRDQX.job
2015-02-04 19:42 - 2015-02-04 19:42 - 01513432 _____ (Cinema PlusV04.02) C:\Documents and Settings\Katy\Application Data\PHRDQX.exe
2015-02-04 19:41 - 2015-02-05 13:09 - 00001718 _____ () C:\WINDOWS\Tasks\SHGGIKJF.job
2015-02-04 19:41 - 2015-02-05 13:01 - 00000956 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-02-04 19:41 - 2015-02-05 07:46 - 00000960 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-02-04 19:41 - 2015-02-04 19:41 - 02002392 _____ (Cinema PlusV04.02) C:\Documents and Settings\Katy\Application Data\SHGGIKJF.exe
2015-02-04 19:41 - 2015-02-04 19:41 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\globalUpdate
2015-02-04 19:37 - 2015-02-04 20:22 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\gmsd_us_178
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\PHRDQX.job => C:\Documents and Settings\Katy\Application Data\PHRDQX.exe
C:\Documents and Settings\Katy\Application Data\PHRDQX.exe
EmptyTemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Farbar Recovery Scan Tool it should be on your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================
In your next post please provide the following:
Fixlog.txt
new FRST.txt
Any change in performance?
Hi OCD, :)
- No I do not have XP installation disks.
- AVG and Norton are not in my Add/Remove files. AVG gave me a lot of problems years ago and I thought I deleted it; same with Norton. I thought Norton was supplanted by PC Tools and later Spybot (?)
- FRST Fix script. Won't let me cut/paste text the code you provided for Fixlog.txt on notepad. I went down the list with my mouse, right clicked and got 'save page as, select all, view page source, page info, and inspect element (O).
I'll stop and wait for next instruction.
Katy
Hi Katy1,
Below is parts of the Security Check and FRST - addition.txt logs. I have highlighted the security software that you currently have installed on your machine. Just because the program doesn't show in your Add/Remove program menu doesn't necessarily mean they still aren't present on your computer.
These show that you have Windows Firewall disabled, AVG Anti-virus disabled, Norton Anti-virus disabled and Norton Firewall disabled. And for general information SpyBot does not contain an anti-virus component unless you have the paid version.
Are these all disabled because you were running the scan or do you no longer use them?
Results of screen317's Security Check version 0.99.95
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Java 7 Update 71
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.296
Adobe Reader XI
Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
=========================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by Katy at 2015-01-28 21:36:30
Running from C:\Documents and Settings\Katy\Desktop
Boot Mode: Normal
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG Anti-Virus Free (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
=========================
Please re-enable the Windows Firewall now.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Enable Windows Firewall in XP
Click Start, click Run, type Firewall.cpl, and then click OK.
On the General tab, click On (recommended).
Click OK.
=========================
Next, install a Free Anti-Virus
Avast Free Antivirus (http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html)
Avira Free Antivirus 2013 (http://download.cnet.com/Avira-Free-Antivirus-2013/3000-2239_4-10322935.html)
Ad-Aware Free Antivirus + (http://download.cnet.com/Ad-Aware-Free-Antivirus/3000-8022_4-10045910.html)
=========================
FRST Fix script. Won't let me cut/paste text the code you provided for Fixlog.txt on notepad. I went down the list with my mouse, right clicked and got 'save page as, select all, view page source, page info, and inspect element (O).
You have done this step before, have you changed how you do it?
Try this:
Open Notepad. Navigate to the FRST script I posted for you.
Next, in the "code box" above Left click the word "Start" and hold the mouse button down.
Drag the mouse down the text (within the code box) until you get to the word "End", release the mouse button.
All the text should now be highlighted.
Right click the highlighted text and choose "Copy"
Go to the open Notepad window, right click anywhere in the "white space" and choose "Paste"
Now save that Notepad file as "fixlist.txt" to your Desktop and follow the remainder of the instructions to process the FRST script fix.
=========================
In your next post please provide the following:
Fixlog.txt
new FRST.txt
Hi OCD,
-I don't know why the antiviruses are on my machine. I only use Spybot paid home version with antivirus.
-Enabled windows firewall. Thank you!
- did not download a free antivirus because I use Spybots.
- (lol) I don't understand why I can't highlight the code you sent; I did it before of course, but it won't let me now. Tried repeatedly. Nada.
Next? Thank you.
Katy
Hi Katy1,
This has to do with some application that's having a lock over the Windows
Clipboard. David Candy's application should determine the Process that's
causing the problem.
Download GetOpenClipboardWindow.zip from here:
http://windowsxp.mvps.org/temp/GetOp...oardWindow.zip
Unzip and run the tool. Post back what it reports. For best results, run
this utility during the time you encounter the Copy<=>Paste problem.
=========================
NEW STEPS ADDED TO INITIAL POST
=========================
We are encountering a lot of issues that we shouldn't be. Let's try and repair some of those issues so we can complete our other tasks easier.
Save these instructions to wordpad/notepad or print them out, while some of the fix will have to be done in safemode this page will not be available for you to follow.
Reboot Windows XP in Safe Mode w/ Networking
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode w/ Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode w/ Networking.
=========================
I previously had you download Tweaking All in One , please open the program again.
Locate the Repairs tab
http://i1269.photobucket.com/albums/jj590/OCD-WTT/KatyRepair_zps199c1b98.gif (http://s1269.photobucket.com/user/OCD-WTT/media/KatyRepair_zps199c1b98.gif.html)
Next click Open Repairs
http://i1269.photobucket.com/albums/jj590/OCD-WTT/KatyRepair2_zpsa1c68b1d.gif (http://s1269.photobucket.com/user/OCD-WTT/media/KatyRepair2_zpsa1c68b1d.gif.html)
Select only the options as outlined in the image. Others may be selected by default
http://i1269.photobucket.com/albums/jj590/OCD-WTT/KatyTweaking_zpsacb7a1ce.gif (http://s1269.photobucket.com/user/OCD-WTT/media/KatyTweaking_zpsacb7a1ce.gif.html)
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Reboot into Normal Mode
=========================
Your hard drive is severly fragmented.
Run the Windows Defrag Tool now.
Open My Computer.
Right-click the local disk volume that you want to defragment, and then click Properties.
On the Tools tab, click Defragment Now.
Click Defragment.
=========================
Reboot when it has completed.
=========================
After the above steps have completed go back to post #36 http://forums.spybot.info/showthread.php?71932-AtuZi-not-completely-removed-(-)&p=461837&viewfull=1#post461837 and complete the tasks requested
Hi OCD, :)
I tried to get David Candy's clipboard application and got this error message:
"404 - file or directory not found. "
(In the box below that sentence)
"The reasource you are looking for might have been removed, had its name changed, or is temporarily unavailable".
I did copy NEW STEPS ADDED TO INITIAL POST.
Thank you,
Katy
OCD,
Tried again to get David Candy's application. :(
Shall I proceed to the Next Steps you outlined?
Thanks so much. Wish I could be more help.
Katy
Hi Katy1,
Try this link > http://windowsxp.mvps.org/temp/GetOpenClipboardWindow.zip
Then proceed with the steps from post # 36
Hi OCD!
Scan result of Farbar Recovery Scan Tool
(FRST) (x86) Version: 07-02-2015
Ran by Katy (administrator) on D5TBBCB1
on 07-02-2015 10:44:56
Running from C:\Documents and
Settings\Katy\Desktop
Loaded Profiles: Katy (Available profiles:
Katy)
Platform: Microsoft Windows XP Home
Edition Service Pack 3 (X86) OS Language:
English (United States)
Internet Explorer Version 7 (Default browser:
FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/33508
1-frst-tutorial-how-to-use-farbar-recovery-scan
-tool/
==================== Processes
(Whitelisted) =================
(If an entry is included in the fixlist, the
process will be closed. The file will not be
moved.)
(Microsoft Corporation)
C:\WINDOWS\system32\cisvc.exe
(Oracle Corporation) C:\Program
Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program
Files\Common Files\Microsoft
Shared\VS7Debug\mdm.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Safer-Networking Ltd.) C:\Program
Files\Spybot - Search & Destroy
2\SDFSSvc.exe
() C:\Program Files\Dell\Media
Experience\DMXLauncher.exe
(Intel Corporation)
C:\WINDOWS\system32\hkcmd.exe
(Analog Devices, Inc.) C:\Program
Files\Analog Devices\Core\smax4pnp.exe
(Sonic Solutions)
C:\WINDOWS\system32\DLA\DLACTRLW.
EXE
(Oracle Corporation) C:\Program
Files\Common Files\Java\Java
Update\jusched.exe
(Safer-Networking Ltd.) C:\Program
Files\Spybot - Search & Destroy
2\SDTray.exe
(Macrovision Corporation) C:\Program
Files\Common
Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation)
C:\WINDOWS\system32\tcpsvcs.exe
(Microsoft Corporation)
C:\WINDOWS\system32\snmp.exe
(Microsoft Corporation)
C:\WINDOWS\system32\fxssvc.exe
(Safer-Networking Ltd.) C:\Program
Files\Spybot - Search & Destroy
2\SDUpdSvc.exe
(Microsoft Corporation)
C:\WINDOWS\system32\cidaemon.exe
(Mozilla Corporation) C:\Program Files\Mozilla
Firefox\firefox.exe
(WinZip Computing, Inc.)
C:\PROGRA~1\WINZIP\WINZIP32.EXE
==================== Registry
(Whitelisted) ==================
(If an entry is included in the fixlist, the registry
item will be restored to default or removed.
The file will not be moved.)
HKLM\...\Run: [DMXLauncher] =>
C:\Program Files\Dell\Media
Experience\DMXLauncher.exe [98304
2006-05-03] ()
HKLM\...\Run: [igfxhkcmd] =>
C:\WINDOWS\system32\hkcmd.exe [77824
2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] =>
C:\WINDOWS\system32\igfxpers.exe
HKLM\...\Run: [ISUSPM Startup] =>
"c:\Program Files\Common
Files\InstallShield\UpdateService\isuspm.exe"
-startup
HKLM\...\Run: [SoundMAXPnP] =>
C:\Program Files\Analog
Devices\Core\smax4pnp.exe [1404928
2009-05-19] (Analog Devices, Inc.)
HKLM\...\Run: [DLA] =>
C:\WINDOWS\System32\DLA\DLACTRLW.
EXE [122940 2005-11-07] (Sonic Solutions)
HKLM\...\Run: [Adobe ARM] => C:\Program
Files\Common
Files\Adobe\ARM\1.0\AdobeARM.exe
[1021128 2014-12-03] (Adobe Systems
Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] =>
C:\Program Files\Common Files\Java\Java
Update\jusched.exe [271744 2014-09-26]
(Oracle Corporation)
HKLM\...\Run: [SDTray] => C:\Program
Files\Spybot - Search & Destroy
2\SDTray.exe [5624784 2013-07-25]
(Safer-Networking Ltd.)
HKLM\...\Run: [gmsd_us_178] => [X]
HKLM\...\Run: [upgmsd_us_178.exe] =>
C:\Documents and Settings\Katy\Local
Settings\Application
Data\gmsd_us_178\upgmsd_us_178.exe
-runhelper
Winlogon\Notify\avgrsstarter: avgrsstx.dll [X]
Winlogon\Notify\SDWinLogon:
SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1226216386-1621485569-12884
77537-1006\...\Run: [ISUSScheduler] =>
C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe
[79136 2008-10-24] (Macrovision Corporation)
HKU\S-1-5-21-1226216386-1621485569-12884
77537-1006\...\Run: [Web Companion] =>
C:\Program Files\Lavasoft\Web
Companion\Application\WebCompanion.exe
--minimize
HKU\S-1-5-21-1226216386-1621485569-12884
77537-1006\...\RunOnce: [Adobe Speed
Launcher] => 1423322036
ShellIconOverlayIdentifiers: [00avast] ->
{472083B0-C522-11CF-8763-00608CC02F24
} => No File
BootExecute: autocheck autochk /r
\??\C:autocheck autochk *
==================== Internet
(Whitelisted) ====================
(If an item is included in the fixlist, if it is a
registry item it will be removed or restored to
default.)
HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
https://www.yahoo.com?fr=hp-avast&type=av
astbcl
HKLM\Software\Microsoft\Internet
Explorer\Main,Local Page =
%SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1226216386-1621485569-12884
77537-1006\Software\Microsoft\Internet
Explorer\Main,Search Page =
https://search.yahoo.com/yhs/search?type=ava
stbcl&hspart=avast&hsimp=yhs-001&p={sear
chTerms}
HKU\S-1-5-21-1226216386-1621485569-12884
77537-1006\Software\Microsoft\Internet
Explorer\Main,Search Bar =
https://www.yahoo.com?fr=hp-avast&type=av
astbcl
HKU\S-1-5-21-1226216386-1621485569-12884
77537-1006\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://www.bing.com/?pc=COSP&ptag=D020
515-AC44713A88D0B45FFA7F&form=CON
MHP&conlogo=CT3331981
SearchScopes: HKLM -> DefaultScope URL
=
SearchScopes: HKU\.DEFAULT ->
DefaultScope
{0633EE93-D776-472f-A0FF-E1416B8B2E3A
} URL =
SearchScopes: HKU\S-1-5-19 ->
DefaultScope
{0633EE93-D776-472f-A0FF-E1416B8B2E3A
} URL =
SearchScopes: HKU\S-1-5-20 ->
DefaultScope
{0633EE93-D776-472f-A0FF-E1416B8B2E3A
} URL =
SearchScopes:
HKU\S-1-5-21-1226216386-1621485569-12884
77537-1006 -> DefaultScope
{7ad9fd96-42e6-497b-8495-a40df0cc61e2}
URL =
http://www.bing.com/search?pc=COSP&ptag
=D020515-AC44713A88D0B45FFA7F&form
=CONBDF&conlogo=CT3331981&q={searc
hTerms}
SearchScopes:
HKU\S-1-5-21-1226216386-1621485569-12884
77537-1006 ->
{7ad9fd96-42e6-497b-8495-a40df0cc61e2}
URL =
http://www.bing.com/search?pc=COSP&ptag
=D020515-AC44713A88D0B45FFA7F&form
=CONBDF&conlogo=CT3331981&q={searc
hTerms}
BHO: DriveLetterAccess ->
{5CA3D70E-1895-11CF-8E15-001234567890}
->
C:\WINDOWS\System32\DLA\DLASHX_W.
DLL (Sonic Solutions)
BHO: Norton Identity Protection ->
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA
408} -> C:\Program Files\Norton Internet
Security\Engine\21.1.0.18\coIEPlg.dll No File
BHO: Norton Vulnerability Protection ->
{6D53EC84-6AAE-4787-AEEE-F4628F01010
C} -> C:\Program Files\Norton Internet
Security\Engine\21.1.0.18\IPS\IPSBHO.DLL
No File
BHO: Java(tm) Plug-In SSV Helper ->
{761497BB-D6F0-462C-B6EB-D4DAF1D92D
43} -> C:\Program Files\Java\jre7\bin\ssv.dll
(Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper ->
{DBC80044-A445-435b-BC74-9C25C1C588A
9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll
(Oracle Corporation)
Toolbar: HKLM - Norton Toolbar -
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49C
A} - C:\Program Files\Norton Internet
Security\Engine\21.1.0.18\coIEPlg.dll No File
Toolbar:
HKU\S-1-5-21-1226216386-1621485569-12884
77537-1006 -> Norton Toolbar -
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49C
A} - C:\Program Files\Norton Internet
Security\Engine\21.1.0.18\coIEPlg.dll No File
DPF:
{8AD9C840-044E-11D1-B3E9-00805F499D93
}
http://java.sun.com/update/1.7.0/jinstall-1_7_0_
67-windows-i586.cab
DPF:
{CAFEEFAC-0017-0000-0001-ABCDEFFED
CBA}
DPF:
{CAFEEFAC-0017-0000-0067-ABCDEFFED
CBA}
http://java.sun.com/update/1.7.0/jinstall-1_7_0_
67-windows-i586.cab
DPF:
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFF
EDCBA}
http://java.sun.com/update/1.7.0/jinstall-1_7_0_
67-windows-i586.cab
ShellExecuteHooks: Windows Desktop Search
Namespace Manager -
{56F9679E-7826-4C84-81F3-532071A8BCC5
} - C:\Program Files\Windows Desktop
Search\MSNLNamespaceMgr.dll [304128
2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts.
See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer]
192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and
Settings\Katy\Application
Data\Mozilla\Firefox\Profiles\rwde3gyy.default
-1423158602250
FF Plugin: @adobe.com/FlashPlayer ->
C:\WINDOWS\system32\Macromed\Flash\NP
SWF32_16_0_0_305.dll ()
FF Plugin:
@java.com/DTPlugin,version=10.71.2 ->
C:\Program
Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
(Oracle Corporation)
FF Plugin:
@java.com/JavaPlugin,version=10.71.2 ->
C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
(Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5
->
c:\WINDOWS\Microsoft.NET\Framework\v3.
5\Windows Presentation
Foundation\NPWPF.dll (Microsoft
Corporation)
FF Plugin: @staging.google.com/globalUpdate
Update;version=10 -> C:\Program
Files\globalUpdate\Update\1.3.25.0\npGoogle
Update4.dll No File
FF Plugin: @staging.google.com/globalUpdate
Update;version=4 -> C:\Program
Files\globalUpdate\Update\1.3.25.0\npGoogle
Update4.dll No File
FF Plugin: Adobe Reader -> C:\Program
Files\Adobe\Reader
11.0\Reader\AIR\nppdf32.dll (Adobe Systems
Inc.)
FF HKLM\...\Firefox\Extensions:
[{BBDA0591-3099-440a-AA10-41764D9DB4
DB}] - C:\Documents and Settings\All
Users\Application
Data\Norton\{0C55C096-0F1D-4F28-AAA2-8
5EF591126E7}\NIS_21.1.0.18\IPSFF
FF HKLM\...\Firefox\Extensions:
[{2D3F3651-74B9-4795-BDEC-6DA2F431CB
62}] - C:\Documents and Settings\All
Users\Application
Data\Norton\{0C55C096-0F1D-4F28-AAA2-8
5EF591126E7}\NIS_21.1.0.18\coFFPlgn
Chrome:
=======
CHR HKLM\...\Chrome\Extension:
[mkfokfffehpeedafpekjeddnmnjhmcmk] -
C:\Program Files\Norton Internet
Security\Engine\21.1.0.18\Exts\Chrome.crx
[Not Found]
==========================
Services (Whitelisted)
=================
(If an entry is included in the fixlist, the service
will be removed from the registry. The file will
not be moved unless listed separately.)
R2 6to4; C:\WINDOWS\System32\6to4svc.dll
[100864 2010-02-11] (Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService;
C:\Program
Files\Hp\Common\HPSupportSolutionsFrame
workService.exe [89864 2014-12-11]
(Hewlett-Packard Company)
R2 Iprip; C:\WINDOWS\System32\iprip.dll
[35328 2008-04-13] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program
Files\Java\jre7\bin\jqs.exe [182696 2014-10-18]
(Oracle Corporation)
S3 LPDSVC;
C:\WINDOWS\system32\tcpsvcs.exe [19456
2004-08-04] (Microsoft Corporation)
S3 NetSvc; C:\Program
Files\Intel\PROSetWired\NCS\Sync\NetSvc.ex
e [143360 2003-12-17] (Intel(R) Corporation)
[File not signed]
S3 p2pgasvc;
C:\WINDOWS\system32\p2pgasvc.dll
[105472 2008-04-13] (Microsoft Corporation)
R2 SDScannerService; C:\Program
Files\Spybot - Search & Destroy
2\SDFSSvc.exe [3921880 2013-10-15]
(Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program
Files\Spybot - Search & Destroy
2\SDUpdSvc.exe [1042272 2013-09-20]
(Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot
- Search & Destroy 2\SDWSCSvc.exe
[171416 2013-09-13] (Safer-Networking Ltd.)
S2 globalUpdate; C:\Program
Files\globalUpdate\Update\GoogleUpdate.exe
/svc [X]
S3 globalUpdatem; C:\Program
Files\globalUpdate\Update\GoogleUpdate.exe
/medsvc [X]
S2 NIS; "C:\Program Files\Norton Internet
Security\Engine\21.1.0.18\NIS.exe" /s "NIS"
/m "C:\Program Files\Norton Internet
Security\Engine\21.1.0.18\diMaster.dll"
/prefetch:1
S2 serverjo; C:\Documents and
Settings\Katy\Application
Data\VOPackage\JOSrv.exe [X]
S2 womufoji; C:\Documents and
Settings\Katy\Application
Data\VOPackage\nsx96.tmpfs [X]
==================== Drivers
(Whitelisted) ====================
(If an entry is included in the fixlist, the service
will be removed from the registry. The file will
not be moved unless listed separately.)
S3 6195;
C:\WINDOWS\System32\DRIVERS\6195
[9072 2011-11-18] ()
S4 abp480n5;
C:\WINDOWS\system32\DRIVERS\ABP480
N5.SYS [23552 2001-08-17] (Microsoft
Corporation)
S3 bvrp_pci;
C:\WINDOWS\system32\Drivers\bvrp_pci.sys
[4272 2004-03-24] () [File not signed]
S1 ccSet_NIS;
C:\WINDOWS\system32\drivers\NIS\1501000
.012\ccSetx86.sys [127064 2013-09-25]
(Symantec Corporation)
R2 DLABOIOM;
C:\WINDOWS\System32\DLA\DLABOIOM.
SYS [25628 2005-11-07] (Sonic Solutions)
[File not signed]
R1 DLACDBHM;
C:\WINDOWS\System32\Drivers\DLACDBH
M.SYS [5660 2005-11-18] (Sonic Solutions)
[File not signed]
R2 DLADResN;
C:\WINDOWS\System32\DLA\DLADResN.S
YS [2496 2005-11-07] (Sonic Solutions) [File
not signed]
R2 DLAIFS_M;
C:\WINDOWS\System32\DLA\DLAIFS_M.S
YS [86652 2005-11-07] (Sonic Solutions) [File
not signed]
R2 DLAOPIOM;
C:\WINDOWS\System32\DLA\DLAOPIOM.
SYS [14684 2005-11-07] (Sonic Solutions)
[File not signed]
R2 DLAPoolM;
C:\WINDOWS\System32\DLA\DLAPoolM.S
YS [6364 2005-11-07] (Sonic Solutions) [File
not signed]
R1 DLARTL_N;
C:\WINDOWS\System32\Drivers\DLARTL_
N.SYS [22684 2005-11-18] (Sonic Solutions)
[File not signed]
R2 DLAUDFAM;
C:\WINDOWS\System32\DLA\DLAUDFAM.
SYS [94332 2005-11-07] (Sonic Solutions)
[File not signed]
R2 DLAUDF_M;
C:\WINDOWS\System32\DLA\DLAUDF_M.
SYS [87036 2005-11-07] (Sonic Solutions)
[File not signed]
R0 DRVMCDB;
C:\WINDOWS\System32\Drivers\DRVMCDB
.SYS [89264 2005-09-12] (Sonic Solutions)
[File not signed]
R2 DRVNDDM;
C:\WINDOWS\System32\Drivers\DRVNDDM
.SYS [40544 2005-08-12] (Sonic Solutions)
[File not signed]
R1 eeCtrl; C:\Program Files\Common
Files\Symantec Shared\EENGINE\eeCtrl.sys
[376920 2013-12-31] (Symantec Corporation)
S3 HPZid412;
C:\WINDOWS\System32\DRIVERS\HPZid41
2.sys [49664 2006-04-12] (HP)
S3 HPZipr12;
C:\WINDOWS\System32\DRIVERS\HPZipr1
2.sys [16496 2006-04-12] (HP)
S3 HPZius12;
C:\WINDOWS\System32\DRIVERS\HPZius1
2.sys [21568 2006-04-12] (HP)
S3 netrcacm;
C:\WINDOWS\System32\DRIVERS\netrcacm
.sys [20648 2003-04-02] (Thomson Inc.)
R0 PxHelp20;
C:\WINDOWS\System32\Drivers\PxHelp20.sy
s [46080 2005-08-19] (Sonic Solutions) [File
not signed]
R1 SDHookDriver; C:\Program Files\Spybot -
Search & Destroy 2\SDHookDrv32.sys [46248
2013-10-10] ()
S3 SRTSP;
C:\WINDOWS\system32\drivers\NIS\1501000
.012\SRTSP.SYS [651352 2013-09-26]
(Symantec Corporation)
R1 SRTSPX;
C:\WINDOWS\system32\drivers\NIS\1501000
.012\SRTSPX.SYS [32344 2013-09-09]
(Symantec Corporation)
R0 SymDS;
C:\WINDOWS\System32\drivers\NIS\1501000
.012\SYMDS.SYS [367704 2013-09-09]
(Symantec Corporation)
R0 SymEFA;
C:\WINDOWS\System32\drivers\NIS\1501000
.012\SYMEFA.SYS [935512 2013-09-26]
(Symantec Corporation)
R3 SymEvent;
C:\WINDOWS\system32\Drivers\SYMEVEN
T.SYS [142936 2013-12-14] (Symantec
Corporation)
S1 SymIRON;
C:\WINDOWS\system32\drivers\NIS\1501000
.012\Ironx86.SYS [206936 2013-09-26]
(Symantec Corporation)
S1 SYMTDI;
C:\WINDOWS\system32\drivers\NIS\1501000
.012\SYMTDI.SYS [421592 2013-09-25]
(Symantec Corporation)
R1 Tcpip6;
C:\WINDOWS\System32\DRIVERS\tcpip6.sy
s [226880 2010-02-11] (Microsoft
Corporation)
S3 2980; System32\DRIVERS\2980 [X]
S3 Avgfwdx;
system32\DRIVERS\avgfwdx.sys [X]
S3 Avgfwfd;
system32\DRIVERS\avgfwdx.sys [X]
S1 BHDrvx86; \??\C:\Program Files\Norton
Internet
Security\NortonData\21.1.0.18\Definitions\BA
SHDefs\20140214.001\BHDrvx86.sys [X]
S3 cpuz134;
\??\C:\DOCUME~1\Katy\LOCALS~1\Temp\c
puz134\cpuz134_x32.sys [X]
S3 IDSxpx86; \??\C:\Program Files\Norton
Internet
Security\NortonData\21.1.0.18\Definitions\IPS
Defs\20140219.001\IDSxpx86.sys [X]
S3 NAVENG; \??\C:\Program Files\Norton
Internet
Security\NortonData\21.1.0.18\Definitions\Viru
sDefs\20140220.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton
Internet
Security\NortonData\21.1.0.18\Definitions\Viru
sDefs\20140220.003\NAVEX15.SYS [X]
U5 ScsiPort;
C:\WINDOWS\system32\drivers\scsiport.sys
[96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys
[X]
S1 wpnfd_1_10_0_6;
system32\drivers\wpnfd_1_10_0_6.sys [X]
==================== NetSvcs
(Whitelisted) ===================
(If an item is included in the fixlist, it will be
removed from the registry. Any associated file
could be listed separately to be moved.)
==================== One Month
Created Files and Folders ========
(If an entry is included in the fixlist, the
file\folder will be moved.)
2015-02-07 10:44 - 2015-02-07 10:45 -
00015506 _____ () C:\Documents and
Settings\Katy\Desktop\FRST.txt
2015-02-07 10:42 - 2015-02-07 10:42 -
00000000 ____D () C:\Documents and
Settings\Katy\Desktop\FRST-OlderVersion
2015-02-07 10:30 - 2015-02-07 10:30 -
00004181 _____ () C:\Documents and
Settings\Katy\Desktop\GetOpenClipboardWin
dow.zip
2015-02-06 22:22 - 2015-02-06 22:22 -
00003044 _____ () C:\Documents and
Settings\Katy\Desktop\VolumeC.txt
2015-02-06 18:12 - 2015-02-06 18:12 -
00003433 _____ () C:\Documents and
Settings\Katy\Desktop\ocd 2 6 15 post 39.txt
2015-02-06 08:11 - 2015-02-06 08:11 -
00000240 _____ () C:\Documents and
Settings\Katy\Desktop\xp dell stats.txt
2015-02-05 08:39 - 2015-02-05 08:39 -
00001812 _____ () C:\Documents and
Settings\Katy\Desktop\Tweaking.com -
Windows Repair (All in One).lnk
2015-02-05 08:29 - 2015-02-05 08:29 -
00000000 ____D () C:\Program
Files\Tweaking.com
2015-02-05 08:29 - 2015-02-05 08:29 -
00000000 ____D () C:\Documents and
Settings\Katy\Desktop\Program
Files\Programs\Tweaking.com
2015-02-05 08:28 - 2015-02-05 08:28 -
10318832 _____ () C:\Documents and
Settings\Katy\Desktop\tweaking.com_windows
_repair_aio_setup.exe
2015-02-04 19:42 - 2015-02-07 10:22 -
00001370 _____ ()
C:\WINDOWS\Tasks\PHRDQX.job
2015-02-04 19:42 - 2015-02-04 19:42 -
01513432 _____ (Cinema PlusV04.02)
C:\Documents and Settings\Katy\Application
Data\PHRDQX.exe
2015-02-04 19:41 - 2015-02-07 10:20 -
00001718 _____ ()
C:\WINDOWS\Tasks\SHGGIKJF.job
2015-02-04 19:41 - 2015-02-07 10:13 -
00000956 _____ ()
C:\WINDOWS\Tasks\globalUpdateUpdateTas
kMachineCore.job
2015-02-04 19:41 - 2015-02-06 07:46 -
00000960 _____ ()
C:\WINDOWS\Tasks\globalUpdateUpdateTas
kMachineUA.job
2015-02-04 19:41 - 2015-02-04 19:41 -
02002392 _____ (Cinema PlusV04.02)
C:\Documents and Settings\Katy\Application
Data\SHGGIKJF.exe
2015-02-04 19:41 - 2015-02-04 19:41 -
00000000 ____D () C:\Documents and
Settings\Katy\Local Settings\Application
Data\globalUpdate
2015-02-04 19:37 - 2015-02-04 20:22 -
00000000 ____D () C:\Documents and
Settings\Katy\Local Settings\Application
Data\gmsd_us_178
2015-02-04 19:29 - 2015-02-04 19:29 -
00000000 ____D () C:\Documents and
Settings\LocalService\Local
Settings\Application Data\Mozilla
2015-02-04 19:29 - 2015-02-04 19:29 -
00000000 ____D () C:\Documents and
Settings\LocalService\Application Data\Mozilla
2015-02-04 19:20 - 2015-02-07 10:14 -
00000644 _____ ()
C:\WINDOWS\Tasks\Check for updates
(Spybot - Search & Destroy).job
2015-02-04 19:20 - 2015-02-04 19:20 -
00000616 _____ ()
C:\WINDOWS\Tasks\Refresh immunization
(Spybot - Search & Destroy).job
2015-02-04 19:20 - 2015-02-04 19:20 -
00000446 _____ ()
C:\WINDOWS\Tasks\Scan the system
(Spybot - Search & Destroy).job
2015-02-04 19:19 - 2015-02-04 19:19 -
00001842 _____ () C:\Documents and
Settings\All Users\Start
Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-04 19:19 - 2015-02-04 19:19 -
00001836 _____ () C:\Documents and
Settings\All Users\Desktop\Spybot-S&D Start
Center.lnk
2015-02-04 19:19 - 2015-02-04 19:19 -
00000000 ____D () C:\Documents and
Settings\All Users\Start
Menu\Programs\Spybot - Search & Destroy 2
2015-02-04 19:19 - 2013-09-20 10:49 -
00018968 _____ (Safer Networking Limited)
C:\WINDOWS\system32\sdnclean.exe
2015-02-04 19:16 - 2015-02-04 19:16 -
00004512 _____ ()
C:\WINDOWS\system32\LavasoftTcpService.
ini
2015-02-04 19:16 - 2015-02-04 19:16 -
00002400 _____ ()
C:\WINDOWS\system32\LavasoftTcpService
Off.ini
2015-02-04 19:16 - 2015-01-23 06:39 -
00332216 _____ (Lavasoft Limited)
C:\WINDOWS\system32\LavasoftTcpService.
dll
2015-02-04 18:58 - 2015-02-05 13:30 -
00000000 ____D () C:\Documents and
Settings\Katy\Desktop\ocd atuzi tools
2015-02-04 12:48 - 2015-02-07 10:44 -
00000000 ____D () C:\FRST
2015-02-04 12:48 - 2015-02-04 12:48 -
00000000 ____D () C:\AdwCleaner
2015-02-04 12:29 - 2015-02-04 12:29 -
00000415 _____ ()
C:\WINDOWS\WINNT32.LOG
2015-02-04 12:17 - 2010-07-12 07:55 -
00218112 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD62D.t
mp
2015-02-04 12:17 - 2004-08-04 05:00 -
00041029 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD647.tm
p
2015-02-04 12:17 - 2004-08-04 05:00 -
00036937 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD644.tm
p
2015-02-04 12:17 - 2004-08-04 05:00 -
00029760 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD64D.t
mp
2015-02-04 12:17 - 2004-08-04 05:00 -
00028288 _____ ()
C:\WINDOWS\system32\dllcache\xjis.nls
2015-02-04 12:17 - 2004-08-04 05:00 -
00005632 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD630.tm
p
2015-02-04 12:17 - 2004-08-04 05:00 -
00004677 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD64A.t
mp
2015-02-04 12:16 - 2004-08-04 05:00 -
00119808 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD623.tm
p
2015-02-04 12:15 - 2013-07-16 19:58 -
00060160 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD5E5.tm
p
2015-02-04 12:15 - 2004-08-04 05:00 -
00032339 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD5DF.t
mp
2015-02-04 12:11 - 2008-04-13 19:12 -
00538624 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD573.tm
p
2015-02-04 12:11 - 2004-08-04 05:00 -
00056832 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD561.tm
p
2015-02-04 12:09 - 2004-08-04 05:00 -
02178131 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD519.tm
p
2015-02-04 12:09 - 2004-08-04 05:00 -
00066113 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD516.tm
p
2015-02-04 12:09 - 2004-08-04 05:00 -
00042573 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD51C.t
mp
2015-02-04 12:07 - 2004-08-04 05:00 -
00753236 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD4CC.t
mp
2015-02-04 12:07 - 2004-08-04 05:00 -
00048706 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD4C9.t
mp
2015-02-04 12:07 - 2004-08-04 05:00 -
00042574 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD4CF.t
mp
2015-02-04 12:06 - 2008-04-13 19:12 -
00281088 ____C (Cinematronics)
C:\WINDOWS\system32\dllcache\OLD486.tm
p
2015-02-04 12:06 - 2004-08-04 05:00 -
00083748 _____ ()
C:\WINDOWS\system32\dllcache\prcp.nls
2015-02-04 12:06 - 2004-08-04 05:00 -
00083748 _____ ()
C:\WINDOWS\system32\dllcache\prc.nls
2015-02-04 12:04 - 2013-07-03 21:08 -
02028544 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD43B.t
mp
2015-02-04 12:02 - 2009-12-16 13:43 -
00343040 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD3FC.t
mp
2015-02-04 12:02 - 2004-08-04 05:00 -
00126976 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD3F3.tm
p
2015-02-04 12:00 - 2004-08-04 05:00 -
00047066 _____ ()
C:\WINDOWS\system32\dllcache\ksc.nls
2015-02-04 11:57 - 2004-08-04 05:00 -
01175635 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD30C.t
mp
2015-02-04 11:57 - 2004-08-04 05:00 -
00057409 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD309.tm
p
2015-02-04 11:57 - 2004-08-04 05:00 -
00042573 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD30F.tm
p
2015-02-04 11:56 - 2004-08-04 05:00 -
00605696 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD2D8.t
mp
2015-02-04 11:56 - 2004-08-04 05:00 -
00055296 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD2C3.t
mp
2015-02-04 11:56 - 2001-08-17 12:10 -
00022090 _____ (3Com Corporation)
C:\WINDOWS\system32\dllcache\OLD2B2.t
mp
2015-02-04 11:56 - 2001-08-17 12:10 -
00022090 _____ (3Com Corporation)
C:\WINDOWS\system32\dllcache\OLD2AF.t
mp
2015-02-04 11:54 - 2001-08-17 12:10 -
00019996 _____ (3Com Corporation)
C:\WINDOWS\system32\dllcache\OLD26B.t
mp
2015-02-04 11:54 - 2001-08-17 12:10 -
00019996 _____ (3Com Corporation)
C:\WINDOWS\system32\dllcache\OLD268.tm
p
2015-02-04 11:52 - 2008-04-13 19:12 -
00102912 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD1A2.t
mp
2015-02-04 11:52 - 2004-08-04 05:00 -
01039955 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD1AB.t
mp
2015-02-04 11:52 - 2004-08-04 05:00 -
00780885 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD186.tm
p
2015-02-04 11:52 - 2004-08-04 05:00 -
00217160 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD1A8.t
mp
2015-02-04 11:52 - 2004-08-04 05:00 -
00080384 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD17D.t
mp
2015-02-04 11:52 - 2004-08-04 05:00 -
00042575 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD189.tm
p
2015-02-04 11:52 - 2004-08-04 05:00 -
00040515 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD183.tm
p
2015-02-04 11:51 - 2004-08-04 05:00 -
01817687 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLDD7.tm
p
2015-02-04 11:51 - 2004-08-04 05:00 -
00195618 _____ ()
C:\WINDOWS\system32\dllcache\c_10002.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00189986 _____ ()
C:\WINDOWS\system32\dllcache\c_1361.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00187938 _____ ()
C:\WINDOWS\system32\dllcache\c_20005.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00186402 _____ ()
C:\WINDOWS\system32\dllcache\c_20001.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00185378 _____ ()
C:\WINDOWS\system32\dllcache\c_20003.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00180770 _____ ()
C:\WINDOWS\system32\dllcache\c_20932.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00180258 _____ ()
C:\WINDOWS\system32\dllcache\c_20004.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00180258 _____ ()
C:\WINDOWS\system32\dllcache\c_20000.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00177698 _____ ()
C:\WINDOWS\system32\dllcache\c_20949.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00177698 _____ ()
C:\WINDOWS\system32\dllcache\c_10003.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00173602 _____ ()
C:\WINDOWS\system32\dllcache\c_20936.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00173602 _____ ()
C:\WINDOWS\system32\dllcache\c_20002.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00173602 _____ ()
C:\WINDOWS\system32\dllcache\c_10008.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00162850 _____ ()
C:\WINDOWS\system32\dllcache\c_10001.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00114688 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD14E.tm
p
2015-02-04 11:51 - 2004-08-04 05:00 -
00082501 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLDD4.tm
p
2015-02-04 11:51 - 2004-08-04 05:00 -
00082172 _____ ()
C:\WINDOWS\system32\dllcache\bopomofo.
nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066728 _____ ()
C:\WINDOWS\system32\dllcache\big5.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066594 _____ ()
C:\WINDOWS\system32\dllcache\c_864.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066594 _____ ()
C:\WINDOWS\system32\dllcache\c_862.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066594 _____ ()
C:\WINDOWS\system32\dllcache\c_858.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066594 _____ ()
C:\WINDOWS\system32\dllcache\c_720.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_870.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_708.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_28596.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_21027.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_21025.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_20924.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_20880.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_20871.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_20838.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_20833.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_20424.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_20423.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_20420.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_20297.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_20290.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_20285.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_20284.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_20280.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_20278.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_20277.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_20273.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_20269.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_20108.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_20107.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_20106.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_20105.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_1149.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_1148.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_1147.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_1146.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_1145.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_1144.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_1143.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_1142.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_1141.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_1140.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_1047.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_10005.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00066082 _____ ()
C:\WINDOWS\system32\dllcache\c_10004.nls
2015-02-04 11:51 - 2004-08-04 05:00 -
00042577 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLDDA.tm
p
2015-02-04 11:49 - 2013-07-03 22:03 -
02149888 ____C (Microsoft Corporation)
C:\WINDOWS\system32\dllcache\OLD51.tmp
2015-02-03 11:24 - 2015-02-03 11:24 -
00017025 _____ () C:\Documents and
Settings\Katy\Desktop\stoicism nyt 2 2 15.txt
2015-02-03 11:15 - 2015-02-03 11:20 -
00000092 _____ () C:\Documents and
Settings\Katy\Desktop\stoic.txt
2015-02-02 14:32 - 2015-02-02 14:32 -
00170998 _____ () C:\Documents and
Settings\Katy\Local Settings\Application
Data\ars.cache
2015-02-02 14:32 - 2015-02-02 14:32 -
00150328 _____ () C:\Documents and
Settings\Katy\Local Settings\Application
Data\census.cache
2015-02-02 13:56 - 2015-02-02 13:56 -
00000036 _____ () C:\Documents and
Settings\Katy\Local Settings\Application
Data\housecall.guid.cache
2015-02-02 10:44 - 2015-02-02 10:44 -
00000000 ___DC () C:\Documents and
Settings\All Users\Application
Data\Malwarebytes
2015-02-01 20:09 - 2015-02-03 09:09 -
00018944 _____ () C:\Documents and
Settings\Katy\Desktop\FEBRUARY
SPENDING RECORD 2015.xls
2015-02-01 15:38 - 2015-01-16 09:32 -
00450775 ____R ()
C:\WINDOWS\system32\Drivers\etc\hosts.20
150201-153831.backup
2015-01-29 14:14 - 2015-01-29 14:14 -
00000000 ____D () C:\WINDOWS\ERUNT
2015-01-29 13:46 - 2015-02-06 08:10 -
00053109 _____ () C:\Documents and
Settings\Katy\Desktop\win 7 ultimate guide 1
29 15.txt
2015-01-28 21:28 - 2015-02-07 10:42 -
01124352 _____ (Farbar) C:\Documents and
Settings\Katy\Desktop\FRST.exe
2015-01-26 18:24 - 2015-02-04 12:48 -
00000000 ____D () C:\Program Files\Mozilla
Firefox
2015-01-25 11:12 - 2015-01-25 11:12 -
00002086 _____ () C:\Documents and
Settings\Katy\Application Data\PHRDQX
2015-01-25 11:12 - 2015-01-25 11:12 -
00001248 _____ () C:\Documents and
Settings\Katy\Application Data\SHGGIKJF
2015-01-24 09:23 - 2015-01-24 09:25 -
00000000 ____D () C:\Documents and
Settings\Katy\My Documents\POT STOX
2015-01-24 08:46 - 2015-01-24 08:46 -
00000331 _____ () C:\Documents and
Settings\Katy\My Documents\be careful.txt
2015-01-23 10:47 - 2015-01-23 10:47 -
00000000 ____D () C:\Documents and
Settings\LocalService\Local
Settings\Application Data\Hewlett-Packard
2015-01-23 10:47 - 2015-01-23 10:47 -
00000000 ____D () C:\Documents and
Settings\All Users\Start Menu\Programs\HP
2015-01-23 10:44 - 2015-01-23 10:44 -
00000000 ____D () C:\Documents and
Settings\All Users\Start Menu\Programs\AdZe
MiXXe
2015-01-23 07:19 - 2015-01-23 07:19 -
00013620 ____C () C:\Documents and
Settings\Katy\My Documents\shais taub the
steps we took etc.txt
2015-01-20 12:32 - 2015-01-18 20:43 -
00104194 ____C ()
C:\WINDOWS\hpoins04.dat.temp
2015-01-20 12:32 - 2004-06-22 10:04 -
00017176 ____C ()
C:\WINDOWS\hpomdl04.dat.temp
2015-01-20 12:32 - 2004-04-13 03:10 -
00581632 _____ (Hewlett-Packard Co.)
C:\WINDOWS\system32\hpotscl.dll
2015-01-20 12:32 - 2004-04-13 03:10 -
00090112 _____ (Hewlett-Packard Co.)
C:\WINDOWS\system32\hpovst08.dll
2015-01-20 12:32 - 2004-03-14 05:32 -
00278528 _____ (Hewlett-Packard)
C:\WINDOWS\system32\hpgwiamd.dll
2015-01-20 12:31 - 2004-04-07 09:34 -
00196608 _____ (HP)
C:\WINDOWS\system32\hpzcoi10.dll
2015-01-20 12:31 - 2004-04-07 09:33 -
00344064 _____ (Hewlett-Packard Company)
C:\WINDOWS\system32\hpzcon10.dll
2015-01-20 12:31 - 2004-03-14 05:43 -
00180315 _____ (HP)
C:\WINDOWS\system32\hpzsnt10.dll
2015-01-20 12:28 - 2015-01-23 10:47 -
00000000 ____D () C:\Program
Files\Hewlett-Packard
2015-01-20 12:28 - 2015-01-23 08:26 -
00000000 ____D () C:\Program Files\Hp
2015-01-20 09:54 - 2015-01-20 09:54 -
00000000 ____D () C:\Documents and
Settings\Katy\My Documents\ProcAlyzer
Dumps
2015-01-18 21:01 - 2015-02-05 21:01 -
00000302 _____ ()
C:\WINDOWS\Tasks\WebReg officejet 4200
series.job
2015-01-18 21:01 - 2015-01-18 21:01 -
00001053 ____C () C:\_Sid.txt
2015-01-18 20:11 - 2015-01-18 20:11 -
00000000 ____D () C:\Program
Files\Common Files\HP
2015-01-18 20:09 - 2015-01-18 20:09 -
00000000 ___DC () C:\Documents and
Settings\All Users\Application
Data\Hewlett-Packard
2015-01-18 19:58 - 2015-01-20 12:34 -
00102032 _____ ()
C:\WINDOWS\hpoins04.dat
2015-01-18 19:58 - 2004-06-22 06:20 -
00017218 ____C ()
C:\WINDOWS\hpomdl04.dat
2015-01-16 09:32 - 2015-01-09 14:14 -
00450775 ___RC ()
C:\WINDOWS\system32\Drivers\etc\hosts.20
150116-093242.backup
2015-01-13 20:11 - 2015-01-23 08:43 -
00000000 ___DC () C:\Documents and
Settings\All Users\Application
Data\{7477016f-6628-718d-7477-7016f66205b
d}
2015-01-12 20:52 - 2015-01-12 20:53 -
00059328 ____C () C:\Documents and
Settings\Katy\Application
Data\PatchUpdate_HP_CounterReport_Updat
e_HPSU.log
2015-01-12 20:52 - 2015-01-12 20:52 -
00002048 ____C () C:\Documents and
Settings\Katy\Application
Data\HPSU_48BitScanUpdate.log
2015-01-11 10:21 - 2015-01-11 10:21 -
00074143 ____C () C:\Documents and
Settings\Katy\Application
Data\Update_HP_RedboxHprblog_HPSU.log
2015-01-10 16:18 - 2015-01-10 16:18 -
00000000 ____D () C:\Documents and
Settings\Katy\Application Data\Image Zone
Express
2015-01-10 13:23 - 2015-01-10 13:23 -
00000000 ____D () C:\Documents and
Settings\Katy\Local Settings\Application
Data\Hewlett-Packard
2015-01-09 14:14 - 2015-01-06 11:39 -
00450775 ___RC ()
C:\WINDOWS\system32\Drivers\etc\hosts.20
150109-141431.backup
==================== One Month
Modified Files and Folders =======
(If an entry is included in the fixlist, the
file\folder will be moved.)
2015-02-07 10:46 - 2006-07-22 16:51 -
00000000 ____D () C:\Documents and
Settings\Katy\Local Settings\Temp
2015-02-07 10:24 - 2012-04-04 07:16 -
00000830 _____ ()
C:\WINDOWS\Tasks\Adobe Flash Player
Updater.job
2015-02-07 10:24 - 2011-02-22 08:01 -
01665244 ____C ()
C:\WINDOWS\WindowsUpdate.log
2015-02-07 10:21 - 2014-07-20 20:09 -
00027363 _____ ()
C:\WINDOWS\setupact.log
2015-02-07 10:16 - 2011-02-22 08:01 -
00000159 ____C ()
C:\WINDOWS\wiadebug.log
2015-02-07 10:16 - 2011-02-22 08:01 -
00000048 ____C ()
C:\WINDOWS\wiaservc.log
2015-02-07 10:13 - 2014-04-03 12:42 -
00000220 _____ ()
C:\WINDOWS\Tasks\Microsoft Windows XP
End of Service Notification Logon.job
2015-02-07 10:13 - 2004-08-10 13:08 -
00000006 ___HC ()
C:\WINDOWS\Tasks\SA.DAT
2015-02-07 10:12 - 2014-08-13 18:38 -
00196608 ____C ()
C:\WINDOWS\system32\config\SpybotSD.ev
t
2015-02-07 10:12 - 2012-08-27 16:05 -
00032546 _____ ()
C:\WINDOWS\SchedLgU.Txt
2015-02-07 10:12 - 2006-07-22 16:51 -
00000278 __SHC () C:\Documents and
Settings\Katy\ntuser.ini
2015-02-07 10:03 - 2009-03-16 09:58 -
00000420 ____H ()
C:\WINDOWS\Tasks\User_Feed_Synchroniz
ation-{FF912A38-04AF-4DEA-99F3-FBFD6C
3CAF34}.job
2015-02-06 15:24 - 2011-12-10 22:39 -
00002489 ____C () C:\Documents and
Settings\All Users\Start
Menu\Programs\Microsoft Word.lnk
2015-02-06 15:23 - 2011-12-09 20:03 -
00000000 ____D () C:\Documents and
Settings\Katy\My Documents\AA
2015-02-06 07:56 - 2006-07-25 17:56 -
00000000 ____D () C:\Documents and
Settings\Katy\Local Settings\Application
Data\Symantec
2015-02-06 07:52 - 2006-07-22 16:51 -
00000000 ____D () C:\Documents and
Settings\Katy
2015-02-05 17:17 - 2004-08-10 13:04 -
00000175 ____C () C:\WINDOWS\control.ini
2015-02-05 13:24 - 2012-04-04 07:16 -
00701616 ____C (Adobe Systems
Incorporated)
C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-05 13:24 - 2011-12-09 09:38 -
00071344 ____C (Adobe Systems
Incorporated)
C:\WINDOWS\system32\FlashPlayerCPLApp
.cpl
2015-02-05 13:00 - 2011-11-18 19:18 -
00196608 _____ ()
C:\WINDOWS\system32\config\WindowsPo
werShell.evt
2015-02-05 12:56 - 2011-01-13 16:15 -
00000000 ___DC () C:\Documents and
Settings\All Users\Application Data\Spybot -
Search & Destroy
2015-02-05 12:56 - 2006-07-17 19:17 -
00000254 _____ () C:\boot.ini
2015-02-05 08:59 - 2012-03-21 06:39 -
00000000 ____D () C:\Documents and
Settings\Katy\My Documents\NA
2015-02-05 08:59 - 2012-01-11 21:34 -
00000000 ____D () C:\Documents and
Settings\Katy\My Documents\FUN
2015-02-05 07:18 - 2004-08-10 12:51 -
00002206 ____C ()
C:\WINDOWS\system32\wpa.dbl
2015-02-04 20:50 - 2008-04-01 07:21 -
00006848 ____C () C:\WINDOWS\wininit.ini
2015-02-04 20:34 - 2014-02-21 15:08 -
00000000 ___DC () C:\Documents and
Settings\All Users\Application Data\Lavasoft
2015-02-04 19:45 - 2014-08-12 09:15 -
00131072 ____C ()
C:\WINDOWS\system32\config\Spybot -.evt
2015-02-04 19:43 - 2014-07-30 18:48 -
00000000 ____D () C:\Documents and
Settings\Katy\Local Settings\Application
Data\Adobe
2015-02-04 19:41 - 2014-07-30 18:43 -
00002347 _____ () C:\Documents and
Settings\All Users\Start
Menu\Programs\Adobe Reader XI.lnk
2015-02-04 19:40 - 2006-08-01 20:48 -
00000000 ____D () C:\Program
Files\Common Files\Adobe
2015-02-04 19:28 - 2014-08-12 09:14 -
00000000 ____D () C:\Program Files\Spybot -
Search & Destroy 2
2015-02-04 18:59 - 2014-02-24 10:33 -
00000000 ___DC () C:\Documents and
Settings\All Users\Application Data\AVAST
Software
2015-02-04 18:58 - 2006-07-22 16:51 -
00000000 ____D () C:\Documents and
Settings\Katy\Local Settings\Application
Data\Google
2015-02-04 12:57 - 2011-12-10 22:39 -
00002487 ____C () C:\Documents and
Settings\All Users\Start
Menu\Programs\Microsoft Excel.lnk
2015-02-04 12:49 - 2004-08-10 13:08 -
00000000 __SHD () C:\Documents and
Settings\NetworkService
2015-02-04 12:49 - 2004-08-10 13:08 -
00000000 __SHD () C:\Documents and
Settings\LocalService
2015-02-04 12:49 - 2004-08-10 13:02 -
00000000 ____D ()
C:\WINDOWS\Registration
2015-02-04 12:45 - 2011-12-10 22:39 -
00000000 ____D () C:\Documents and
Settings\All Users\Start
Menu\Programs\Microsoft Office Tools
2015-02-04 12:39 - 2014-10-12 17:25 -
00173971 ____C ()
C:\WINDOWS\setupapi.log
2015-02-04 12:37 - 2004-08-10 12:51 -
00001329 ____C () C:\WINDOWS\win.ini
2015-02-04 12:36 - 2011-11-23 14:56 -
00000000 ____D ()
C:\WINDOWS\SHELLNEW
2015-02-04 12:36 - 2004-08-10 12:57 -
00000000 ____D () C:\Program
Files\Common Files\Microsoft Shared
2015-02-04 12:36 - 2004-08-10 12:52 -
00000000 ____D () C:\WINDOWS\Media
2015-02-04 12:35 - 2006-08-05 18:58 -
00000000 ____D () C:\Program
Files\Microsoft Office
2015-02-04 12:34 - 2004-08-10 13:04 -
00000000 ____D () C:\Program
Files\microsoft frontpage
2015-02-04 12:34 - 2004-08-10 12:52 -
00000000 ____D () C:\WINDOWS\system
2015-02-04 12:29 - 2011-12-05 09:57 -
00000853 ____C ()
C:\WINDOWS\DHCPUPG.LOG
2015-02-04 09:29 - 2012-07-03 07:14 -
00000000 ____D () C:\Program Files\Mozilla
Maintenance Service
2015-02-03 10:38 - 2011-12-21 12:30 -
00000000 ___DC ()
C:\8fd3818fadf89c2779d8860803ef0cab
2015-02-03 08:58 - 2004-08-10 13:08 -
00000000 ____D () C:\Documents and
Settings\LocalService\Local Settings\Temp
2015-02-02 10:42 - 2004-08-10 12:52 -
00000000 ____D () C:\WINDOWS\Help
2015-01-27 20:21 - 2006-08-05 19:02 -
00059312 ____C () C:\Documents and
Settings\Katy\Application
Data\GDIPFONTCACHEV1.DAT
2015-01-24 20:25 - 2014-10-18 22:02 -
00000000 ____D () C:\Documents and
Settings\All Users\Start Menu\Programs\Java
2015-01-24 19:50 - 2014-03-27 10:02 -
00002565 ____C () C:\Documents and
Settings\Katy\Desktop\Microsoft Calculator
Plus.lnk
2015-01-24 09:21 - 2011-12-09 20:04 -
00000000 ____D () C:\Documents and
Settings\Katy\My Documents\MONEY
2015-01-23 10:49 - 2008-12-11 09:27 -
00243128 ____C ()
C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-23 10:44 - 2013-08-14 07:20 -
00000000 ____D ()
C:\WINDOWS\system32\MRT
2015-01-23 10:43 - 2006-07-17 19:17 -
00000000 ___DC () C:\dell
2015-01-23 10:43 - 2006-07-17 19:11 -
00000000 ____D () C:\i386
2015-01-23 08:26 - 2011-12-08 21:07 -
00000000 ___DC () C:\unzipped
2015-01-22 09:24 - 2014-10-02 10:36 -
00002027 ____C () C:\Documents and
Settings\Katy\My Documents\swank critical.txt
2015-01-20 13:10 - 2011-12-18 12:21 -
00000000 ____D ()
C:\WINDOWS\system32\FxsTmp
2015-01-20 12:36 - 2004-08-10 12:52 -
00000000 ____D () C:\WINDOWS\twain_32
2015-01-20 12:34 - 2008-12-03 11:55 -
00012964 ____C () C:\Documents and
Settings\All Users\Application
Data\hpzinstall.log
2015-01-20 12:30 - 2006-07-22 19:36 -
00059312 ____C () C:\Documents and
Settings\Katy\Local Settings\Application
Data\GDIPFONTCACHEV1.DAT
2015-01-20 11:31 - 2014-07-20 18:28 -
00000724 ____C () C:\Documents and
Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-01-20 11:31 - 2011-12-08 20:32 -
00000730 ____C () C:\Documents and
Settings\All Users\Start
Menu\Programs\Mozilla Firefox.lnk
2015-01-15 10:14 - 2006-07-23 08:43 -
110348472 ____C (Microsoft Corporation)
C:\WINDOWS\system32\MRT.exe
2015-01-14 12:36 - 2004-08-10 12:52 -
00000000 ____D () C:\WINDOWS\pchealth
2015-01-12 21:00 - 2009-08-15 14:23 -
00000000 ____D () C:\Documents and
Settings\Katy\Application Data\HpUpdate
2015-01-11 11:05 - 2011-12-09 08:41 -
00000000 ____D () C:\Program Files\Savings
Bond Wizard
2015-01-10 13:36 - 2008-12-03 13:12 -
00000000 ____D () C:\Documents and
Settings\Katy\Application Data\HP
2015-01-08 15:00 - 2014-04-03 12:42 -
00000214 _____ ()
C:\WINDOWS\Tasks\Microsoft Windows XP
End of Service Notification Monthly.job
==================== Files in the root
of some directories =======
2006-08-27 16:27 - 2008-07-26 19:15 -
0004096 ____C () C:\Documents and
Settings\Katy\Application Data\dvd.bmk
2015-01-12 20:52 - 2015-01-12 20:52 -
0002048 ____C () C:\Documents and
Settings\Katy\Application
Data\HPSU_48BitScanUpdate.log
2015-01-12 20:52 - 2015-01-12 20:53 -
0059328 ____C () C:\Documents and
Settings\Katy\Application
Data\PatchUpdate_HP_CounterReport_Updat
e_HPSU.log
2006-07-28 06:32 - 2006-07-28 06:32 -
0012358 ____C () C:\Documents and
Settings\Katy\Application
Data\PFP120JCM.{PB
2006-07-28 06:32 - 2006-07-28 06:32 -
0061678 ____C () C:\Documents and
Settings\Katy\Application
Data\PFP120JPR.{PB
2015-01-25 11:12 - 2015-01-25 11:12 -
0002086 _____ () C:\Documents and
Settings\Katy\Application Data\PHRDQX
2015-02-04 19:42 - 2015-02-04 19:42 -
1513432 _____ (Cinema PlusV04.02)
C:\Documents and Settings\Katy\Application
Data\PHRDQX.exe
2015-01-25 11:12 - 2015-01-25 11:12 -
0001248 _____ () C:\Documents and
Settings\Katy\Application Data\SHGGIKJF
2015-02-04 19:41 - 2015-02-04 19:41 -
2002392 _____ (Cinema PlusV04.02)
C:\Documents and Settings\Katy\Application
Data\SHGGIKJF.exe
2015-01-11 10:21 - 2015-01-11 10:21 -
0074143 ____C () C:\Documents and
Settings\Katy\Application
Data\Update_HP_RedboxHprblog_HPSU.log
2015-02-02 14:32 - 2015-02-02 14:32 -
0170998 _____ () C:\Documents and
Settings\Katy\Local Settings\Application
Data\ars.cache
2015-02-02 14:32 - 2015-02-02 14:32 -
0150328 _____ () C:\Documents and
Settings\Katy\Local Settings\Application
Data\census.cache
2008-08-24 17:23 - 2011-01-12 10:24 -
0004608 ____C () C:\Documents and
Settings\Katy\Local Settings\Application
Data\DCBC2A71-70D8-4DAN-EHR8-E0D61D
EA3FDF.ini
2006-07-23 07:45 - 2006-07-23 07:45 -
0000127 ____C () C:\Documents and
Settings\Katy\Local Settings\Application
Data\fusioncache.dat
2015-02-02 13:56 - 2015-02-02 13:56 -
0000036 _____ () C:\Documents and
Settings\Katy\Local Settings\Application
Data\housecall.guid.cache
Some content of TEMP:
====================
C:\Documents and Settings\Katy\Local
Settings\Temp\8594.exe
==================== Bamital &
volsnap Check =================
(There is no automatic fix for files that do not
pass verification.)
C:\WINDOWS\explorer.exe => File is digitally
signed
C:\WINDOWS\system32\winlogon.exe => File
is digitally signed
C:\WINDOWS\system32\svchost.exe => File
is digitally signed
C:\WINDOWS\system32\services.exe => File
is digitally signed
C:\WINDOWS\system32\User32.dll => File is
digitally signed
C:\WINDOWS\system32\userinit.exe => File
is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is
digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys
=> File is digitally signed
==================== End Of Log
============================
..............Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2015
Ran by Katy (administrator) on D5TBBCB1 on 07-02-2015 10:44:56
Running from C:\Documents and Settings\Katy\Desktop
Loaded Profiles: Katy (Available profiles: Katy)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(HP) C:\WINDOWS\system32\HPZipm12.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files\Dell\Media Experience\DMXLauncher.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Sonic Solutions) C:\WINDOWS\system32\DLA\DLACTRLW.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe
(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
(Microsoft Corporation) C:\WINDOWS\system32\fxssvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(WinZip Computing, Inc.) C:\PROGRA~1\WINZIP\WINZIP32.EXE
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [DMXLauncher] => C:\Program Files\Dell\Media Experience\DMXLauncher.exe [98304 2006-05-03] ()
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe
HKLM\...\Run: [ISUSPM Startup] => "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2009-05-19] (Analog Devices, Inc.)
HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [122940 2005-11-07] (Sonic Solutions)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [gmsd_us_178] => [X]
HKLM\...\Run: [upgmsd_us_178.exe] => C:\Documents and Settings\Katy\Local Settings\Application Data\gmsd_us_178\upgmsd_us_178.exe -runhelper
Winlogon\Notify\avgrsstarter: avgrsstx.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Macrovision Corporation)
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\...\RunOnce: [Adobe Speed Launcher] => 1423322036
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk /r \??\C:autocheck autochk *
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=COSP&ptag=D020515-AC44713A88D0B45FFA7F&form=CONMHP&conlogo=CT3331981
SearchScopes: HKLM -> DefaultScope URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> DefaultScope {7ad9fd96-42e6-497b-8495-a40df0cc61e2} URL = http://www.bing.com/search?pc=COSP&ptag=D020515-AC44713A88D0B45FFA7F&form=CONBDF&conlogo=CT3331981&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {7ad9fd96-42e6-497b-8495-a40df0cc61e2} URL = http://www.bing.com/search?pc=COSP&ptag=D020515-AC44713A88D0B45FFA7F&form=CONBDF&conlogo=CT3331981&q={searchTerms}
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll No File
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll No File
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Katy\Application Data\Mozilla\Firefox\Profiles\rwde3gyy.default-1423158602250
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 Iprip; C:\WINDOWS\System32\iprip.dll [35328 2008-04-13] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel(R) Corporation) [File not signed]
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-13] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]
S2 NIS; "C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\21.1.0.18\diMaster.dll" /prefetch:1
S2 serverjo; C:\Documents and Settings\Katy\Application Data\VOPackage\JOSrv.exe [X]
S2 womufoji; C:\Documents and Settings\Katy\Application Data\VOPackage\nsx96.tmpfs [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 6195; C:\WINDOWS\System32\DRIVERS\6195 [9072 2011-11-18] ()
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2004-03-24] () [File not signed]
S1 ccSet_NIS; C:\WINDOWS\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-11-07] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-31] (Symantec Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-12] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-12] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP)
S3 netrcacm; C:\WINDOWS\System32\DRIVERS\netrcacm.sys [20648 2003-04-02] (Thomson Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46080 2005-08-19] (Sonic Solutions) [File not signed]
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46248 2013-10-10] ()
S3 SRTSP; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2013-12-14] (Symantec Corporation)
S1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
S1 SYMTDI; C:\WINDOWS\system32\drivers\NIS\1501000.012\SYMTDI.SYS [421592 2013-09-25] (Symantec Corporation)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 2980; System32\DRIVERS\2980 [X]
S3 Avgfwdx; system32\DRIVERS\avgfwdx.sys [X]
S3 Avgfwfd; system32\DRIVERS\avgfwdx.sys [X]
S1 BHDrvx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\Katy\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IDSxpx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140219.001\IDSxpx86.sys [X]
S3 NAVENG; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVEX15.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
S1 wpnfd_1_10_0_6; system32\drivers\wpnfd_1_10_0_6.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-07 10:44 - 2015-02-07 10:45 - 00015506 _____ () C:\Documents and Settings\Katy\Desktop\FRST.txt
2015-02-07 10:42 - 2015-02-07 10:42 - 00000000 ____D () C:\Documents and Settings\Katy\Desktop\FRST-OlderVersion
2015-02-07 10:30 - 2015-02-07 10:30 - 00004181 _____ () C:\Documents and Settings\Katy\Desktop\GetOpenClipboardWindow.zip
2015-02-06 22:22 - 2015-02-06 22:22 - 00003044 _____ () C:\Documents and Settings\Katy\Desktop\VolumeC.txt
2015-02-06 18:12 - 2015-02-06 18:12 - 00003433 _____ () C:\Documents and Settings\Katy\Desktop\ocd 2 6 15 post 39.txt
2015-02-06 08:11 - 2015-02-06 08:11 - 00000240 _____ () C:\Documents and Settings\Katy\Desktop\xp dell stats.txt
2015-02-05 08:39 - 2015-02-05 08:39 - 00001812 _____ () C:\Documents and Settings\Katy\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2015-02-05 08:29 - 2015-02-05 08:29 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-02-05 08:29 - 2015-02-05 08:29 - 00000000 ____D () C:\Documents and Settings\Katy\Desktop\Program Files\Programs\Tweaking.com
2015-02-05 08:28 - 2015-02-05 08:28 - 10318832 _____ () C:\Documents and Settings\Katy\Desktop\tweaking.com_windows_repair_aio_setup.exe
2015-02-04 19:42 - 2015-02-07 10:22 - 00001370 _____ () C:\WINDOWS\Tasks\PHRDQX.job
2015-02-04 19:42 - 2015-02-04 19:42 - 01513432 _____ (Cinema PlusV04.02) C:\Documents and Settings\Katy\Application Data\PHRDQX.exe
2015-02-04 19:41 - 2015-02-07 10:20 - 00001718 _____ () C:\WINDOWS\Tasks\SHGGIKJF.job
2015-02-04 19:41 - 2015-02-07 10:13 - 00000956 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-02-04 19:41 - 2015-02-06 07:46 - 00000960 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-02-04 19:41 - 2015-02-04 19:41 - 02002392 _____ (Cinema PlusV04.02) C:\Documents and Settings\Katy\Application Data\SHGGIKJF.exe
2015-02-04 19:41 - 2015-02-04 19:41 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\globalUpdate
2015-02-04 19:37 - 2015-02-04 20:22 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\gmsd_us_178
2015-02-04 19:29 - 2015-02-04 19:29 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
2015-02-04 19:29 - 2015-02-04 19:29 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Mozilla
2015-02-04 19:20 - 2015-02-07 10:14 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-02-04 19:20 - 2015-02-04 19:20 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-02-04 19:20 - 2015-02-04 19:20 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-02-04 19:19 - 2015-02-04 19:19 - 00001842 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-04 19:19 - 2015-02-04 19:19 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2015-02-04 19:19 - 2015-02-04 19:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-04 19:19 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2015-02-04 19:16 - 2015-02-04 19:16 - 00004512 _____ () C:\WINDOWS\system32\LavasoftTcpService.ini
2015-02-04 19:16 - 2015-02-04 19:16 - 00002400 _____ () C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-02-04 19:16 - 2015-01-23 06:39 - 00332216 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService.dll
2015-02-04 18:58 - 2015-02-05 13:30 - 00000000 ____D () C:\Documents and Settings\Katy\Desktop\ocd atuzi tools
2015-02-04 12:48 - 2015-02-07 10:44 - 00000000 ____D () C:\FRST
2015-02-04 12:48 - 2015-02-04 12:48 - 00000000 ____D () C:\AdwCleaner
2015-02-04 12:29 - 2015-02-04 12:29 - 00000415 _____ () C:\WINDOWS\WINNT32.LOG
2015-02-04 12:17 - 2010-07-12 07:55 - 00218112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD62D.tmp
2015-02-04 12:17 - 2004-08-04 05:00 - 00041029 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD647.tmp
2015-02-04 12:17 - 2004-08-04 05:00 - 00036937 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD644.tmp
2015-02-04 12:17 - 2004-08-04 05:00 - 00029760 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD64D.tmp
2015-02-04 12:17 - 2004-08-04 05:00 - 00028288 _____ () C:\WINDOWS\system32\dllcache\xjis.nls
2015-02-04 12:17 - 2004-08-04 05:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD630.tmp
2015-02-04 12:17 - 2004-08-04 05:00 - 00004677 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD64A.tmp
2015-02-04 12:16 - 2004-08-04 05:00 - 00119808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD623.tmp
2015-02-04 12:15 - 2013-07-16 19:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD5E5.tmp
2015-02-04 12:15 - 2004-08-04 05:00 - 00032339 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD5DF.tmp
2015-02-04 12:11 - 2008-04-13 19:12 - 00538624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD573.tmp
2015-02-04 12:11 - 2004-08-04 05:00 - 00056832 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD561.tmp
2015-02-04 12:09 - 2004-08-04 05:00 - 02178131 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD519.tmp
2015-02-04 12:09 - 2004-08-04 05:00 - 00066113 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD516.tmp
2015-02-04 12:09 - 2004-08-04 05:00 - 00042573 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD51C.tmp
2015-02-04 12:07 - 2004-08-04 05:00 - 00753236 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD4CC.tmp
2015-02-04 12:07 - 2004-08-04 05:00 - 00048706 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD4C9.tmp
2015-02-04 12:07 - 2004-08-04 05:00 - 00042574 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD4CF.tmp
2015-02-04 12:06 - 2008-04-13 19:12 - 00281088 ____C (Cinematronics) C:\WINDOWS\system32\dllcache\OLD486.tmp
2015-02-04 12:06 - 2004-08-04 05:00 - 00083748 _____ () C:\WINDOWS\system32\dllcache\prcp.nls
2015-02-04 12:06 - 2004-08-04 05:00 - 00083748 _____ () C:\WINDOWS\system32\dllcache\prc.nls
2015-02-04 12:04 - 2013-07-03 21:08 - 02028544 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD43B.tmp
2015-02-04 12:02 - 2009-12-16 13:43 - 00343040 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD3FC.tmp
2015-02-04 12:02 - 2004-08-04 05:00 - 00126976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD3F3.tmp
2015-02-04 12:00 - 2004-08-04 05:00 - 00047066 _____ () C:\WINDOWS\system32\dllcache\ksc.nls
2015-02-04 11:57 - 2004-08-04 05:00 - 01175635 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD30C.tmp
2015-02-04 11:57 - 2004-08-04 05:00 - 00057409 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD309.tmp
2015-02-04 11:57 - 2004-08-04 05:00 - 00042573 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD30F.tmp
2015-02-04 11:56 - 2004-08-04 05:00 - 00605696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD2D8.tmp
2015-02-04 11:56 - 2004-08-04 05:00 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD2C3.tmp
2015-02-04 11:56 - 2001-08-17 12:10 - 00022090 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\OLD2B2.tmp
2015-02-04 11:56 - 2001-08-17 12:10 - 00022090 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\OLD2AF.tmp
2015-02-04 11:54 - 2001-08-17 12:10 - 00019996 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\OLD26B.tmp
2015-02-04 11:54 - 2001-08-17 12:10 - 00019996 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\OLD268.tmp
2015-02-04 11:52 - 2008-04-13 19:12 - 00102912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD1A2.tmp
2015-02-04 11:52 - 2004-08-04 05:00 - 01039955 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD1AB.tmp
2015-02-04 11:52 - 2004-08-04 05:00 - 00780885 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD186.tmp
2015-02-04 11:52 - 2004-08-04 05:00 - 00217160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD1A8.tmp
2015-02-04 11:52 - 2004-08-04 05:00 - 00080384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD17D.tmp
2015-02-04 11:52 - 2004-08-04 05:00 - 00042575 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD189.tmp
2015-02-04 11:52 - 2004-08-04 05:00 - 00040515 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD183.tmp
2015-02-04 11:51 - 2004-08-04 05:00 - 01817687 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLDD7.tmp
2015-02-04 11:51 - 2004-08-04 05:00 - 00195618 _____ () C:\WINDOWS\system32\dllcache\c_10002.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00189986 _____ () C:\WINDOWS\system32\dllcache\c_1361.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00187938 _____ () C:\WINDOWS\system32\dllcache\c_20005.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00186402 _____ () C:\WINDOWS\system32\dllcache\c_20001.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00185378 _____ () C:\WINDOWS\system32\dllcache\c_20003.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00180770 _____ () C:\WINDOWS\system32\dllcache\c_20932.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00180258 _____ () C:\WINDOWS\system32\dllcache\c_20004.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00180258 _____ () C:\WINDOWS\system32\dllcache\c_20000.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00177698 _____ () C:\WINDOWS\system32\dllcache\c_20949.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00177698 _____ () C:\WINDOWS\system32\dllcache\c_10003.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00173602 _____ () C:\WINDOWS\system32\dllcache\c_20936.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00173602 _____ () C:\WINDOWS\system32\dllcache\c_20002.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00173602 _____ () C:\WINDOWS\system32\dllcache\c_10008.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00162850 _____ () C:\WINDOWS\system32\dllcache\c_10001.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00114688 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD14E.tmp
2015-02-04 11:51 - 2004-08-04 05:00 - 00082501 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLDD4.tmp
2015-02-04 11:51 - 2004-08-04 05:00 - 00082172 _____ () C:\WINDOWS\system32\dllcache\bopomofo.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066728 _____ () C:\WINDOWS\system32\dllcache\big5.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066594 _____ () C:\WINDOWS\system32\dllcache\c_864.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066594 _____ () C:\WINDOWS\system32\dllcache\c_862.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066594 _____ () C:\WINDOWS\system32\dllcache\c_858.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066594 _____ () C:\WINDOWS\system32\dllcache\c_720.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_870.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_708.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_28596.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_21027.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_21025.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20924.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20880.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20871.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20838.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20833.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20424.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20423.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20420.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20297.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20290.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20285.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20284.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20280.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20278.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20277.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20273.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20269.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20108.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20107.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20106.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20105.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1149.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1148.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1147.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1146.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1145.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1144.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1143.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1142.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1141.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1140.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1047.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_10005.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_10004.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00042577 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLDDA.tmp
2015-02-04 11:49 - 2013-07-03 22:03 - 02149888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD51.tmp
2015-02-03 11:24 - 2015-02-03 11:24 - 00017025 _____ () C:\Documents and Settings\Katy\Desktop\stoicism nyt 2 2 15.txt
2015-02-03 11:15 - 2015-02-03 11:20 - 00000092 _____ () C:\Documents and Settings\Katy\Desktop\stoic.txt
2015-02-02 14:32 - 2015-02-02 14:32 - 00170998 _____ () C:\Documents and Settings\Katy\Local Settings\Application Data\ars.cache
2015-02-02 14:32 - 2015-02-02 14:32 - 00150328 _____ () C:\Documents and Settings\Katy\Local Settings\Application Data\census.cache
2015-02-02 13:56 - 2015-02-02 13:56 - 00000036 _____ () C:\Documents and Settings\Katy\Local Settings\Application Data\housecall.guid.cache
2015-02-02 10:44 - 2015-02-02 10:44 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-02-01 20:09 - 2015-02-03 09:09 - 00018944 _____ () C:\Documents and Settings\Katy\Desktop\FEBRUARY SPENDING RECORD 2015.xls
2015-02-01 15:38 - 2015-01-16 09:32 - 00450775 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20150201-153831.backup
2015-01-29 14:14 - 2015-01-29 14:14 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-29 13:46 - 2015-02-06 08:10 - 00053109 _____ () C:\Documents and Settings\Katy\Desktop\win 7 ultimate guide 1 29 15.txt
2015-01-28 21:28 - 2015-02-07 10:42 - 01124352 _____ (Farbar) C:\Documents and Settings\Katy\Desktop\FRST.exe
2015-01-26 18:24 - 2015-02-04 12:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 11:12 - 2015-01-25 11:12 - 00002086 _____ () C:\Documents and Settings\Katy\Application Data\PHRDQX
2015-01-25 11:12 - 2015-01-25 11:12 - 00001248 _____ () C:\Documents and Settings\Katy\Application Data\SHGGIKJF
2015-01-24 09:23 - 2015-01-24 09:25 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\POT STOX
2015-01-24 08:46 - 2015-01-24 08:46 - 00000331 _____ () C:\Documents and Settings\Katy\My Documents\be careful.txt
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Hewlett-Packard
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2015-01-23 10:44 - 2015-01-23 10:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AdZe MiXXe
2015-01-23 07:19 - 2015-01-23 07:19 - 00013620 ____C () C:\Documents and Settings\Katy\My Documents\shais taub the steps we took etc.txt
2015-01-20 12:32 - 2015-01-18 20:43 - 00104194 ____C () C:\WINDOWS\hpoins04.dat.temp
2015-01-20 12:32 - 2004-06-22 10:04 - 00017176 ____C () C:\WINDOWS\hpomdl04.dat.temp
2015-01-20 12:32 - 2004-04-13 03:10 - 00581632 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpotscl.dll
2015-01-20 12:32 - 2004-04-13 03:10 - 00090112 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpovst08.dll
2015-01-20 12:32 - 2004-03-14 05:32 - 00278528 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpgwiamd.dll
2015-01-20 12:31 - 2004-04-07 09:34 - 00196608 _____ (HP) C:\WINDOWS\system32\hpzcoi10.dll
2015-01-20 12:31 - 2004-04-07 09:33 - 00344064 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\hpzcon10.dll
2015-01-20 12:31 - 2004-03-14 05:43 - 00180315 _____ (HP) C:\WINDOWS\system32\hpzsnt10.dll
2015-01-20 12:28 - 2015-01-23 10:47 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-01-20 12:28 - 2015-01-23 08:26 - 00000000 ____D () C:\Program Files\Hp
2015-01-20 09:54 - 2015-01-20 09:54 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\ProcAlyzer Dumps
2015-01-18 21:01 - 2015-02-05 21:01 - 00000302 _____ () C:\WINDOWS\Tasks\WebReg officejet 4200 series.job
2015-01-18 21:01 - 2015-01-18 21:01 - 00001053 ____C () C:\_Sid.txt
2015-01-18 20:11 - 2015-01-18 20:11 - 00000000 ____D () C:\Program Files\Common Files\HP
2015-01-18 20:09 - 2015-01-18 20:09 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2015-01-18 19:58 - 2015-01-20 12:34 - 00102032 _____ () C:\WINDOWS\hpoins04.dat
2015-01-18 19:58 - 2004-06-22 06:20 - 00017218 ____C () C:\WINDOWS\hpomdl04.dat
2015-01-16 09:32 - 2015-01-09 14:14 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150116-093242.backup
2015-01-13 20:11 - 2015-01-23 08:43 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\{7477016f-6628-718d-7477-7016f66205bd}
2015-01-12 20:52 - 2015-01-12 20:53 - 00059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2015-01-12 20:52 - 2015-01-12 20:52 - 00002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-11 10:21 - 2015-01-11 10:21 - 00074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2015-01-10 16:18 - 2015-01-10 16:18 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\Image Zone Express
2015-01-10 13:23 - 2015-01-10 13:23 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\Hewlett-Packard
2015-01-09 14:14 - 2015-01-06 11:39 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150109-141431.backup
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-07 10:46 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Temp
2015-02-07 10:24 - 2012-04-04 07:16 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-07 10:24 - 2011-02-22 08:01 - 01665244 ____C () C:\WINDOWS\WindowsUpdate.log
2015-02-07 10:21 - 2014-07-20 20:09 - 00027363 _____ () C:\WINDOWS\setupact.log
2015-02-07 10:16 - 2011-02-22 08:01 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2015-02-07 10:16 - 2011-02-22 08:01 - 00000048 ____C () C:\WINDOWS\wiaservc.log
2015-02-07 10:13 - 2014-04-03 12:42 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-02-07 10:13 - 2004-08-10 13:08 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2015-02-07 10:12 - 2014-08-13 18:38 - 00196608 ____C () C:\WINDOWS\system32\config\SpybotSD.evt
2015-02-07 10:12 - 2012-08-27 16:05 - 00032546 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-07 10:12 - 2006-07-22 16:51 - 00000278 __SHC () C:\Documents and Settings\Katy\ntuser.ini
2015-02-07 10:03 - 2009-03-16 09:58 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF912A38-04AF-4DEA-99F3-FBFD6C3CAF34}.job
2015-02-06 15:24 - 2011-12-10 22:39 - 00002489 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2015-02-06 15:23 - 2011-12-09 20:03 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\AA
2015-02-06 07:56 - 2006-07-25 17:56 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\Symantec
2015-02-06 07:52 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy
2015-02-05 17:17 - 2004-08-10 13:04 - 00000175 ____C () C:\WINDOWS\control.ini
2015-02-05 13:24 - 2012-04-04 07:16 - 00701616 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-05 13:24 - 2011-12-09 09:38 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-05 13:00 - 2011-11-18 19:18 - 00196608 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-02-05 12:56 - 2011-01-13 16:15 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-02-05 12:56 - 2006-07-17 19:17 - 00000254 _____ () C:\boot.ini
2015-02-05 08:59 - 2012-03-21 06:39 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\NA
2015-02-05 08:59 - 2012-01-11 21:34 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\FUN
2015-02-05 07:18 - 2004-08-10 12:51 - 00002206 ____C () C:\WINDOWS\system32\wpa.dbl
2015-02-04 20:50 - 2008-04-01 07:21 - 00006848 ____C () C:\WINDOWS\wininit.ini
2015-02-04 20:34 - 2014-02-21 15:08 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Lavasoft
2015-02-04 19:45 - 2014-08-12 09:15 - 00131072 ____C () C:\WINDOWS\system32\config\Spybot -.evt
2015-02-04 19:43 - 2014-07-30 18:48 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\Adobe
2015-02-04 19:41 - 2014-07-30 18:43 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2015-02-04 19:40 - 2006-08-01 20:48 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-02-04 19:28 - 2014-08-12 09:14 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-02-04 18:59 - 2014-02-24 10:33 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-02-04 18:58 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\Google
2015-02-04 12:57 - 2011-12-10 22:39 - 00002487 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2015-02-04 12:49 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-02-04 12:49 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-02-04 12:49 - 2004-08-10 13:02 - 00000000 ____D () C:\WINDOWS\Registration
2015-02-04 12:45 - 2011-12-10 22:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
2015-02-04 12:39 - 2014-10-12 17:25 - 00173971 ____C () C:\WINDOWS\setupapi.log
2015-02-04 12:37 - 2004-08-10 12:51 - 00001329 ____C () C:\WINDOWS\win.ini
2015-02-04 12:36 - 2011-11-23 14:56 - 00000000 ____D () C:\WINDOWS\SHELLNEW
2015-02-04 12:36 - 2004-08-10 12:57 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-04 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\Media
2015-02-04 12:35 - 2006-08-05 18:58 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-04 12:34 - 2004-08-10 13:04 - 00000000 ____D () C:\Program Files\microsoft frontpage
2015-02-04 12:34 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\system
2015-02-04 12:29 - 2011-12-05 09:57 - 00000853 ____C () C:\WINDOWS\DHCPUPG.LOG
2015-02-04 09:29 - 2012-07-03 07:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-03 10:38 - 2011-12-21 12:30 - 00000000 ___DC () C:\8fd3818fadf89c2779d8860803ef0cab
2015-02-03 08:58 - 2004-08-10 13:08 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2015-02-02 10:42 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\Help
2015-01-27 20:21 - 2006-08-05 19:02 - 00059312 ____C () C:\Documents and Settings\Katy\Application Data\GDIPFONTCACHEV1.DAT
2015-01-24 20:25 - 2014-10-18 22:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-01-24 19:50 - 2014-03-27 10:02 - 00002565 ____C () C:\Documents and Settings\Katy\Desktop\Microsoft Calculator Plus.lnk
2015-01-24 09:21 - 2011-12-09 20:04 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\MONEY
2015-01-23 10:49 - 2008-12-11 09:27 - 00243128 ____C () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-23 10:44 - 2013-08-14 07:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-23 10:43 - 2006-07-17 19:17 - 00000000 ___DC () C:\dell
2015-01-23 10:43 - 2006-07-17 19:11 - 00000000 ____D () C:\i386
2015-01-23 08:26 - 2011-12-08 21:07 - 00000000 ___DC () C:\unzipped
2015-01-22 09:24 - 2014-10-02 10:36 - 00002027 ____C () C:\Documents and Settings\Katy\My Documents\swank critical.txt
2015-01-20 13:10 - 2011-12-18 12:21 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-01-20 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\twain_32
2015-01-20 12:34 - 2008-12-03 11:55 - 00012964 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-01-20 12:30 - 2006-07-22 19:36 - 00059312 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-01-20 11:31 - 2014-07-20 18:28 - 00000724 ____C () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-01-20 11:31 - 2011-12-08 20:32 - 00000730 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-15 10:14 - 2006-07-23 08:43 - 110348472 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-14 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\pchealth
2015-01-12 21:00 - 2009-08-15 14:23 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HpUpdate
2015-01-11 11:05 - 2011-12-09 08:41 - 00000000 ____D () C:\Program Files\Savings Bond Wizard
2015-01-10 13:36 - 2008-12-03 13:12 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HP
2015-01-08 15:00 - 2014-04-03 12:42 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
==================== Files in the root of some directories =======
2006-08-27 16:27 - 2008-07-26 19:15 - 0004096 ____C () C:\Documents and Settings\Katy\Application Data\dvd.bmk
2015-01-12 20:52 - 2015-01-12 20:52 - 0002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-12 20:52 - 2015-01-12 20:53 - 0059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2006-07-28 06:32 - 2006-07-28 06:32 - 0012358 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JCM.{PB
2006-07-28 06:32 - 2006-07-28 06:32 - 0061678 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JPR.{PB
2015-01-25 11:12 - 2015-01-25 11:12 - 0002086 _____ () C:\Documents and Settings\Katy\Application Data\PHRDQX
2015-02-04 19:42 - 2015-02-04 19:42 - 1513432 _____ (Cinema PlusV04.02) C:\Documents and Settings\Katy\Application Data\PHRDQX.exe
2015-01-25 11:12 - 2015-01-25 11:12 - 0001248 _____ () C:\Documents and Settings\Katy\Application Data\SHGGIKJF
2015-02-04 19:41 - 2015-02-04 19:41 - 2002392 _____ (Cinema PlusV04.02) C:\Documents and Settings\Katy\Application Data\SHGGIKJF.exe
2015-01-11 10:21 - 2015-01-11 10:21 - 0074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2015-02-02 14:32 - 2015-02-02 14:32 - 0170998 _____ () C:\Documents and Settings\Katy\Local Settings\Application Data\ars.cache
2015-02-02 14:32 - 2015-02-02 14:32 - 0150328 _____ () C:\Documents and Settings\Katy\Local Settings\Application Data\census.cache
2008-08-24 17:23 - 2011-01-12 10:24 - 0004608 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-23 07:45 - 2006-07-23 07:45 - 0000127 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\fusioncache.dat
2015-02-02 13:56 - 2015-02-02 13:56 - 0000036 _____ () C:\Documents and Settings\Katy\Local Settings\Application Data\housecall.guid.cache
Some content of TEMP:
====================
C:\Documents and Settings\Katy\Local Settings\Temp\8594.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
I also defragmented and it wouldn't go above 60%:
Volume (C:)
Volume size = 52.70 GB
Cluster size = 4 KB
Used space = 20.82 GB
Free space = 31.88 GB
Percent free space = 60 %
Volume fragmentation
Total fragmentation = 0 %
File fragmentation = 0 %
Free space fragmentation = 0 %
File fragmentation
Total files = 95,651
Average file size = 508 KB
Total fragmented files = 1
Total excess fragments = 0
Average fragments per file = 0.99
Pagefile fragmentation
Pagefile size = 1.50 GB
Total fragments = 1
Folder fragmentation
Total folders = 6,184
Fragmented folders = 1
Excess folder fragments = 0
Master File Table (MFT) fragmentation
Total MFT size = 122 MB
MFT record count = 103,359
Percent MFT in use = 82 %
Total MFT fragments = 3
--------------------------------------------------------------------------------
Fragments File Size Files that cannot be defragmented
None
......................
Many thanks,
Katy
Hi Katy1,
It does not appear that you have run the FRST script from post #36? Please do so at this time and post the Fixlog
I also defragmented and it wouldn't go above 60%:
The 60% is the amount of "free space" on the hard drive, not the amount of fragmentation.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Security Check by screen317
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Farbar Recovery Scan Tool it should be on your desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================
In your next post please provide the following:
Fixlog.txt
new checkup.txt
new FRST.txt
Hi Katy1,
Just checking in to see if you still need help?
Hi Katy1,
Just checking in to see if you still need help?
help. OCD thank you.ou i need a new pc! thank you
Hi Katy1,
If you still need help, please post the logs requested in my previous post (#45 (forums.spybot.info/showthread.php?71932-AtuZi-not-completely-removed-(-)&p=461896&viewfull=1#post461896))
This thread has been closed due to inactivity. If it has been three days or more since your last post it will not be re-opened.
If you still require help, please start a new topic and include fresh FRST and aswMBR logs, along with a link to your previous thread.
Please do not add any logs that might have been requested previously, you would be starting fresh.
Applies only to the original poster, anyone else with similar problems please start your own topic.