Page 4 of 5 FirstFirst 12345 LastLast
Results 31 to 40 of 49

Thread: AtuZi not completely removed (?)

  1. #31
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi Katy1,

    Let's try a different approach to System File Checker.

    Download Tweaking.com Windows Repair from here or here and save it to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    =========================

    Click on Step 4 Optional



    Locate the Do It button as indicated in the image.

    Let the scan complete and post the results after the scan has finished

    In your next post please provide the following:
    • SFC Scan results
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  2. #32
    Member
    Join Date
    Jan 2015
    Posts
    32

    Default AtuZi not completely removed (?)

    Hi OCD,

    Having terrible problems. Again I right clicked on Tweaking.com, run as, and there were no options. I ran DOIT and could not find the SFC Scan results file. I am trying again now.

    Yesterday I got all sorts of malware, which I finally deleted from add/remove programs:GAMESDESKTOP, VOPackage, Techgile, windows registry cleaner (?)BetterDeals, CinemaP.19cVO4oa, /ContentExplorer,ConvertAd,IGSmugscm /renite/desjtio/access(VuuPC)SmartWeb,SoftwareWatcher,WebCompanion/AdAware (ad awares good!!!), WinCheck,WordProsprl.m.0.6,....I'm grateful and surprised i got back here. I deleted and reinstalled spybot also.

    On to Tweaking again

    Best,
    Katy

  3. #33
    Member
    Join Date
    Jan 2015
    Posts
    32

    Default AtuZi not completely removed (?)

    OCD,

    Yes, I forgot. I don't have a windows CD but ran Tweaking anyway; I have MicrosoftOffice CDs that I reinstalled and they weren't helpful. And all the aforementioned malmare got in. ahh...what now (besides hanging myself!) lol

    Katy

    AtuZi be damned ;(

  4. #34
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi Katy1,

    Please refer back to my instructions in post #2, and repeated again in post #25

    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

    It is very important that you stop removing any software on your own. If you contract additional malware, let me know. Making changes to your system without my supervision will only delay the cleaning process. Also, if it happens it will be reflected in a subsequent scan.

    =========================

    Did the Tweaking SFC scan run to completion? If so, don't worry about the log.

    =========================

    Re-run Farbar Recovery Scan Tool it should be on your desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • When the tool opens click Yes to disclaimer.
    • Select the Addition box
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • It will also make (Addition.txt). Please attach it to your reply

    =========================

    In your next post please provide the following:
    • FRST.txt
    • Addition.txt
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  5. #35
    Member
    Join Date
    Jan 2015
    Posts
    32

    Default AtuZi not completely removed (?)

    Hi OCD!

    Yes, Tweaking SFC did run thru.

    ran Farber. Attaching FRST.txt and Addition.txt

    Thankkkkkk you.
    Katy
    ............Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-02-2015 01
    Ran by Katy (administrator) on D5TBBCB1 on 05-02-2015 13:31:28
    Running from C:\Documents and Settings\Katy\Desktop
    Loaded Profiles: Katy (Available profiles: Katy)
    Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 7 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)



    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [DMXLauncher] => C:\Program Files\Dell\Media Experience\DMXLauncher.exe [98304 2006-05-03] ()
    HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
    HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe
    HKLM\...\Run: [ISUSPM Startup] => "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2009-05-19] (Analog Devices, Inc.)
    HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [122940 2005-11-07] (Sonic Solutions)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
    HKLM\...\Run: [gmsd_us_178] => [X]
    HKLM\...\Run: [upgmsd_us_178.exe] => C:\Documents and Settings\Katy\Local Settings\Application Data\gmsd_us_178\upgmsd_us_178.exe -runhelper
    Winlogon\Notify\avgrsstarter: avgrsstx.dll [X]
    Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
    HKLM\...\Policies\Explorer: [NoCDBurning] 0
    HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Macrovision Corporation)
    HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
    HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\...\RunOnce: [Adobe Speed Launcher] => 1423159303
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    BootExecute: autocheck autochk * sdnclean.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
    HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=COSP&ptag=D0...logo=CT3331981
    SearchScopes: HKLM -> DefaultScope URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> DefaultScope {7ad9fd96-42e6-497b-8495-a40df0cc61e2} URL = http://www.bing.com/search?pc=COSP&ptag=D020515-AC44713A88D0B45FFA7F&form=CONBDF&conlogo=CT3331981&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {7ad9fd96-42e6-497b-8495-a40df0cc61e2} URL = http://www.bing.com/search?pc=COSP&ptag=D020515-AC44713A88D0B45FFA7F&form=CONBDF&conlogo=CT3331981&q={searchTerms}
    BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
    BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab
    ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Katy\Application Data\Mozilla\Firefox\Profiles\rwde3gyy.default-1423158602250
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
    FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
    FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [Not Found]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
    S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
    R2 Iprip; C:\WINDOWS\System32\iprip.dll [35328 2008-04-13] (Microsoft Corporation)
    R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
    S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
    S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel(R) Corporation) [File not signed]
    S2 NIS; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
    S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-13] (Microsoft Corporation)
    R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
    S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
    S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /svc [X]
    S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]
    S2 serverjo; C:\Documents and Settings\Katy\Application Data\VOPackage\JOSrv.exe [X]
    S2 womufoji; C:\Documents and Settings\Katy\Application Data\VOPackage\nsx96.tmpfs [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 6195; C:\WINDOWS\System32\DRIVERS\6195 [9072 2011-11-18] ()
    S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
    S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2004-03-24] () [File not signed]
    S1 ccSet_NIS; C:\WINDOWS\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
    R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-11-07] (Sonic Solutions) [File not signed]
    R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions) [File not signed]
    R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-11-07] (Sonic Solutions) [File not signed]
    R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2005-11-07] (Sonic Solutions) [File not signed]
    R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-11-07] (Sonic Solutions) [File not signed]
    R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-11-07] (Sonic Solutions) [File not signed]
    R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions) [File not signed]
    R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-11-07] (Sonic Solutions) [File not signed]
    R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-11-07] (Sonic Solutions) [File not signed]
    R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
    R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
    R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-31] (Symantec Corporation)
    S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-12] (HP)
    S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-12] (HP)
    S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP)
    S3 netrcacm; C:\WINDOWS\System32\DRIVERS\netrcacm.sys [20648 2003-04-02] (Thomson Inc.)
    R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46080 2005-08-19] (Sonic Solutions) [File not signed]
    R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46248 2013-10-10] ()
    S3 SRTSP; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-26] (Symantec Corporation)
    R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
    R0 SymDS; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
    R0 SymEFA; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-26] (Symantec Corporation)
    R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2013-12-14] (Symantec Corporation)
    S1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
    S1 SYMTDI; C:\WINDOWS\system32\drivers\NIS\1501000.012\SYMTDI.SYS [421592 2013-09-25] (Symantec Corporation)
    R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
    S3 2980; System32\DRIVERS\2980 [X]
    S3 Avgfwdx; system32\DRIVERS\avgfwdx.sys [X]
    S3 Avgfwfd; system32\DRIVERS\avgfwdx.sys [X]
    S1 BHDrvx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [X]
    S3 cpuz134; \??\C:\DOCUME~1\Katy\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
    S3 IDSxpx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140219.001\IDSxpx86.sys [X]
    S3 NAVENG; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVENG.SYS [X]
    S3 NAVEX15; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVEX15.SYS [X]
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
    S1 wpnfd_1_10_0_6; system32\drivers\wpnfd_1_10_0_6.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-05 13:31 - 2015-02-05 13:31 - 00014240 _____ () C:\Documents and Settings\Katy\Desktop\FRST.txt
    2015-02-05 13:31 - 2015-02-05 13:31 - 00000000 ____D () C:\Documents and Settings\Katy\Desktop\FRST-OlderVersion
    2015-02-05 12:38 - 2015-02-05 12:38 - 00000000 ____D () C:\Documents and Settings\Katy\Desktop\Old Firefox Data
    2015-02-05 08:39 - 2015-02-05 08:39 - 00001812 _____ () C:\Documents and Settings\Katy\Desktop\Tweaking.com - Windows Repair (All in One).lnk
    2015-02-05 08:29 - 2015-02-05 08:29 - 00000000 ____D () C:\Program Files\Tweaking.com
    2015-02-05 08:29 - 2015-02-05 08:29 - 00000000 ____D () C:\Documents and Settings\Katy\Desktop\Program Files\Programs\Tweaking.com
    2015-02-05 08:28 - 2015-02-05 08:28 - 10318832 _____ () C:\Documents and Settings\Katy\Desktop\tweaking.com_windows_repair_aio_setup.exe
    2015-02-04 19:42 - 2015-02-05 13:09 - 00001370 _____ () C:\WINDOWS\Tasks\PHRDQX.job
    2015-02-04 19:42 - 2015-02-04 19:42 - 01513432 _____ (Cinema PlusV04.02) C:\Documents and Settings\Katy\Application Data\PHRDQX.exe
    2015-02-04 19:41 - 2015-02-05 13:09 - 00001718 _____ () C:\WINDOWS\Tasks\SHGGIKJF.job
    2015-02-04 19:41 - 2015-02-05 13:01 - 00000956 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
    2015-02-04 19:41 - 2015-02-05 07:46 - 00000960 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
    2015-02-04 19:41 - 2015-02-04 19:41 - 02002392 _____ (Cinema PlusV04.02) C:\Documents and Settings\Katy\Application Data\SHGGIKJF.exe
    2015-02-04 19:41 - 2015-02-04 19:41 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\globalUpdate
    2015-02-04 19:37 - 2015-02-04 20:22 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\gmsd_us_178
    2015-02-04 19:29 - 2015-02-04 19:29 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
    2015-02-04 19:29 - 2015-02-04 19:29 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Mozilla
    2015-02-04 19:20 - 2015-02-05 13:09 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
    2015-02-04 19:20 - 2015-02-04 19:20 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
    2015-02-04 19:20 - 2015-02-04 19:20 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
    2015-02-04 19:19 - 2015-02-04 19:19 - 00001842 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2015-02-04 19:19 - 2015-02-04 19:19 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
    2015-02-04 19:19 - 2015-02-04 19:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
    2015-02-04 19:19 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
    2015-02-04 19:16 - 2015-02-04 19:16 - 00004512 _____ () C:\WINDOWS\system32\LavasoftTcpService.ini
    2015-02-04 19:16 - 2015-02-04 19:16 - 00002400 _____ () C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
    2015-02-04 19:16 - 2015-01-23 06:39 - 00332216 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService.dll
    2015-02-04 18:58 - 2015-02-05 13:30 - 00000000 ____D () C:\Documents and Settings\Katy\Desktop\ocd atuzi tools
    2015-02-04 12:48 - 2015-02-05 13:31 - 00000000 ____D () C:\FRST
    2015-02-04 12:48 - 2015-02-04 12:48 - 00000000 ____D () C:\AdwCleaner
    2015-02-04 12:29 - 2015-02-04 12:29 - 00000415 _____ () C:\WINDOWS\WINNT32.LOG
    2015-02-04 12:17 - 2010-07-12 07:55 - 00218112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD62D.tmp
    2015-02-04 12:17 - 2004-08-04 05:00 - 00041029 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD647.tmp
    2015-02-04 12:17 - 2004-08-04 05:00 - 00036937 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD644.tmp
    2015-02-04 12:17 - 2004-08-04 05:00 - 00029760 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD64D.tmp
    2015-02-04 12:17 - 2004-08-04 05:00 - 00028288 _____ () C:\WINDOWS\system32\dllcache\xjis.nls
    2015-02-04 12:17 - 2004-08-04 05:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD630.tmp
    2015-02-04 12:17 - 2004-08-04 05:00 - 00004677 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD64A.tmp
    2015-02-04 12:16 - 2004-08-04 05:00 - 00119808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD623.tmp
    2015-02-04 12:15 - 2013-07-16 19:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD5E5.tmp
    2015-02-04 12:15 - 2004-08-04 05:00 - 00032339 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD5DF.tmp
    2015-02-04 12:11 - 2008-04-13 19:12 - 00538624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD573.tmp
    2015-02-04 12:11 - 2004-08-04 05:00 - 00056832 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD561.tmp
    2015-02-04 12:09 - 2004-08-04 05:00 - 02178131 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD519.tmp
    2015-02-04 12:09 - 2004-08-04 05:00 - 00066113 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD516.tmp
    2015-02-04 12:09 - 2004-08-04 05:00 - 00042573 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD51C.tmp
    2015-02-04 12:07 - 2004-08-04 05:00 - 00753236 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD4CC.tmp
    2015-02-04 12:07 - 2004-08-04 05:00 - 00048706 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD4C9.tmp
    2015-02-04 12:07 - 2004-08-04 05:00 - 00042574 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD4CF.tmp
    2015-02-04 12:06 - 2008-04-13 19:12 - 00281088 ____C (Cinematronics) C:\WINDOWS\system32\dllcache\OLD486.tmp
    2015-02-04 12:06 - 2004-08-04 05:00 - 00083748 _____ () C:\WINDOWS\system32\dllcache\prcp.nls
    2015-02-04 12:06 - 2004-08-04 05:00 - 00083748 _____ () C:\WINDOWS\system32\dllcache\prc.nls
    2015-02-04 12:04 - 2013-07-03 21:08 - 02028544 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD43B.tmp
    2015-02-04 12:02 - 2009-12-16 13:43 - 00343040 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD3FC.tmp
    2015-02-04 12:02 - 2004-08-04 05:00 - 00126976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD3F3.tmp
    2015-02-04 12:00 - 2004-08-04 05:00 - 00047066 _____ () C:\WINDOWS\system32\dllcache\ksc.nls
    2015-02-04 11:57 - 2004-08-04 05:00 - 01175635 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD30C.tmp
    2015-02-04 11:57 - 2004-08-04 05:00 - 00057409 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD309.tmp
    2015-02-04 11:57 - 2004-08-04 05:00 - 00042573 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD30F.tmp
    2015-02-04 11:56 - 2004-08-04 05:00 - 00605696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD2D8.tmp
    2015-02-04 11:56 - 2004-08-04 05:00 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD2C3.tmp
    2015-02-04 11:56 - 2001-08-17 12:10 - 00022090 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\OLD2B2.tmp
    2015-02-04 11:56 - 2001-08-17 12:10 - 00022090 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\OLD2AF.tmp
    2015-02-04 11:54 - 2001-08-17 12:10 - 00019996 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\OLD26B.tmp
    2015-02-04 11:54 - 2001-08-17 12:10 - 00019996 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\OLD268.tmp
    2015-02-04 11:52 - 2008-04-13 19:12 - 00102912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD1A2.tmp
    2015-02-04 11:52 - 2004-08-04 05:00 - 01039955 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD1AB.tmp
    2015-02-04 11:52 - 2004-08-04 05:00 - 00780885 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD186.tmp
    2015-02-04 11:52 - 2004-08-04 05:00 - 00217160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD1A8.tmp
    2015-02-04 11:52 - 2004-08-04 05:00 - 00080384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD17D.tmp
    2015-02-04 11:52 - 2004-08-04 05:00 - 00042575 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD189.tmp
    2015-02-04 11:52 - 2004-08-04 05:00 - 00040515 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD183.tmp
    2015-02-04 11:51 - 2004-08-04 05:00 - 01817687 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLDD7.tmp
    2015-02-04 11:51 - 2004-08-04 05:00 - 00195618 _____ () C:\WINDOWS\system32\dllcache\c_10002.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00189986 _____ () C:\WINDOWS\system32\dllcache\c_1361.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00187938 _____ () C:\WINDOWS\system32\dllcache\c_20005.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00186402 _____ () C:\WINDOWS\system32\dllcache\c_20001.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00185378 _____ () C:\WINDOWS\system32\dllcache\c_20003.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00180770 _____ () C:\WINDOWS\system32\dllcache\c_20932.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00180258 _____ () C:\WINDOWS\system32\dllcache\c_20004.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00180258 _____ () C:\WINDOWS\system32\dllcache\c_20000.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00177698 _____ () C:\WINDOWS\system32\dllcache\c_20949.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00177698 _____ () C:\WINDOWS\system32\dllcache\c_10003.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00173602 _____ () C:\WINDOWS\system32\dllcache\c_20936.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00173602 _____ () C:\WINDOWS\system32\dllcache\c_20002.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00173602 _____ () C:\WINDOWS\system32\dllcache\c_10008.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00162850 _____ () C:\WINDOWS\system32\dllcache\c_10001.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00114688 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD14E.tmp
    2015-02-04 11:51 - 2004-08-04 05:00 - 00082501 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLDD4.tmp
    2015-02-04 11:51 - 2004-08-04 05:00 - 00082172 _____ () C:\WINDOWS\system32\dllcache\bopomofo.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066728 _____ () C:\WINDOWS\system32\dllcache\big5.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066594 _____ () C:\WINDOWS\system32\dllcache\c_864.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066594 _____ () C:\WINDOWS\system32\dllcache\c_862.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066594 _____ () C:\WINDOWS\system32\dllcache\c_858.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066594 _____ () C:\WINDOWS\system32\dllcache\c_720.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_870.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_708.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_28596.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_21027.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_21025.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20924.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20880.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20871.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20838.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20833.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20424.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20423.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20420.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20297.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20290.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20285.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20284.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20280.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20278.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20277.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20273.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20269.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20108.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20107.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20106.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20105.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1149.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1148.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1147.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1146.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1145.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1144.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1143.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1142.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1141.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1140.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1047.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_10005.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_10004.nls
    2015-02-04 11:51 - 2004-08-04 05:00 - 00042577 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLDDA.tmp
    2015-02-04 11:49 - 2013-07-03 22:03 - 02149888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD51.tmp
    2015-02-03 11:24 - 2015-02-03 11:24 - 00017025 _____ () C:\Documents and Settings\Katy\Desktop\stoicism nyt 2 2 15.txt
    2015-02-03 11:15 - 2015-02-03 11:20 - 00000092 _____ () C:\Documents and Settings\Katy\Desktop\stoic.txt
    2015-02-02 14:32 - 2015-02-02 14:32 - 00170998 _____ () C:\Documents and Settings\Katy\Local Settings\Application Data\ars.cache
    2015-02-02 14:32 - 2015-02-02 14:32 - 00150328 _____ () C:\Documents and Settings\Katy\Local Settings\Application Data\census.cache
    2015-02-02 13:56 - 2015-02-02 13:56 - 00000036 _____ () C:\Documents and Settings\Katy\Local Settings\Application Data\housecall.guid.cache
    2015-02-02 10:44 - 2015-02-02 10:44 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2015-02-01 20:09 - 2015-02-03 09:09 - 00018944 _____ () C:\Documents and Settings\Katy\Desktop\FEBRUARY SPENDING RECORD 2015.xls
    2015-02-01 15:38 - 2015-01-16 09:32 - 00450775 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20150201-153831.backup
    2015-01-29 14:14 - 2015-01-29 14:14 - 00000000 ____D () C:\WINDOWS\ERUNT
    2015-01-29 13:46 - 2015-01-29 13:46 - 00053106 _____ () C:\Documents and Settings\Katy\Desktop\win 7 ultimate guide 1 29 15.txt
    2015-01-28 21:28 - 2015-02-05 13:31 - 01123328 _____ (Farbar) C:\Documents and Settings\Katy\Desktop\FRST.exe
    2015-01-26 18:24 - 2015-02-04 12:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-01-25 11:12 - 2015-01-25 11:12 - 00002086 _____ () C:\Documents and Settings\Katy\Application Data\PHRDQX
    2015-01-25 11:12 - 2015-01-25 11:12 - 00001248 _____ () C:\Documents and Settings\Katy\Application Data\SHGGIKJF
    2015-01-24 09:23 - 2015-01-24 09:25 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\POT STOX
    2015-01-24 08:46 - 2015-01-24 08:46 - 00000331 _____ () C:\Documents and Settings\Katy\My Documents\be careful.txt
    2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Hewlett-Packard
    2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
    2015-01-23 10:44 - 2015-01-23 10:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AdZe MiXXe
    2015-01-23 07:19 - 2015-01-23 07:19 - 00013620 ____C () C:\Documents and Settings\Katy\My Documents\shais taub the steps we took etc.txt
    2015-01-20 12:32 - 2015-01-18 20:43 - 00104194 ____C () C:\WINDOWS\hpoins04.dat.temp
    2015-01-20 12:32 - 2004-06-22 10:04 - 00017176 ____C () C:\WINDOWS\hpomdl04.dat.temp
    2015-01-20 12:32 - 2004-04-13 03:10 - 00581632 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpotscl.dll
    2015-01-20 12:32 - 2004-04-13 03:10 - 00090112 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpovst08.dll
    2015-01-20 12:32 - 2004-03-14 05:32 - 00278528 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpgwiamd.dll
    2015-01-20 12:31 - 2004-04-07 09:34 - 00196608 _____ (HP) C:\WINDOWS\system32\hpzcoi10.dll
    2015-01-20 12:31 - 2004-04-07 09:33 - 00344064 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\hpzcon10.dll
    2015-01-20 12:31 - 2004-03-14 05:43 - 00180315 _____ (HP) C:\WINDOWS\system32\hpzsnt10.dll
    2015-01-20 12:28 - 2015-01-23 10:47 - 00000000 ____D () C:\Program Files\Hewlett-Packard
    2015-01-20 12:28 - 2015-01-23 08:26 - 00000000 ____D () C:\Program Files\Hp
    2015-01-20 09:54 - 2015-01-20 09:54 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\ProcAlyzer Dumps
    2015-01-18 21:01 - 2015-02-02 21:01 - 00000302 _____ () C:\WINDOWS\Tasks\WebReg officejet 4200 series.job
    2015-01-18 21:01 - 2015-01-18 21:01 - 00001053 ____C () C:\_Sid.txt
    2015-01-18 20:11 - 2015-01-18 20:11 - 00000000 ____D () C:\Program Files\Common Files\HP
    2015-01-18 20:09 - 2015-01-18 20:09 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
    2015-01-18 19:58 - 2015-01-20 12:34 - 00102032 _____ () C:\WINDOWS\hpoins04.dat
    2015-01-18 19:58 - 2004-06-22 06:20 - 00017218 ____C () C:\WINDOWS\hpomdl04.dat
    2015-01-16 09:32 - 2015-01-09 14:14 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150116-093242.backup
    2015-01-13 20:11 - 2015-01-23 08:43 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\{7477016f-6628-718d-7477-7016f66205bd}
    2015-01-12 20:52 - 2015-01-12 20:53 - 00059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
    2015-01-12 20:52 - 2015-01-12 20:52 - 00002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
    2015-01-11 10:21 - 2015-01-11 10:21 - 00074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
    2015-01-10 16:18 - 2015-01-10 16:18 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\Image Zone Express
    2015-01-10 13:23 - 2015-01-10 13:23 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\Hewlett-Packard
    2015-01-09 14:14 - 2015-01-06 11:39 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150109-141431.backup
    2015-01-06 11:39 - 2015-01-03 09:12 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150106-113903.backup

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-05 13:31 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Temp
    2015-02-05 13:24 - 2012-04-04 07:16 - 00701616 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2015-02-05 13:24 - 2012-04-04 07:16 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-02-05 13:24 - 2011-12-09 09:38 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2015-02-05 13:08 - 2011-02-22 08:01 - 01611824 ____C () C:\WINDOWS\WindowsUpdate.log
    2015-02-05 13:04 - 2011-02-22 08:01 - 00000159 ____C () C:\WINDOWS\wiadebug.log
    2015-02-05 13:04 - 2011-02-22 08:01 - 00000048 ____C () C:\WINDOWS\wiaservc.log
    2015-02-05 13:01 - 2014-04-03 12:42 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
    2015-02-05 13:01 - 2004-08-10 13:08 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
    2015-02-05 13:00 - 2014-08-13 18:38 - 00065536 ____C () C:\WINDOWS\system32\config\SpybotSD.evt
    2015-02-05 13:00 - 2012-08-27 16:05 - 00032622 _____ () C:\WINDOWS\SchedLgU.Txt
    2015-02-05 13:00 - 2011-11-18 19:18 - 00196608 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
    2015-02-05 13:00 - 2006-07-22 16:51 - 00000278 __SHC () C:\Documents and Settings\Katy\ntuser.ini
    2015-02-05 12:56 - 2011-01-13 16:15 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2015-02-05 12:56 - 2006-07-17 19:17 - 00000254 _____ () C:\boot.ini
    2015-02-05 10:00 - 2014-07-20 20:09 - 00026583 _____ () C:\WINDOWS\setupact.log
    2015-02-05 08:59 - 2012-03-21 06:39 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\NA
    2015-02-05 08:59 - 2012-01-11 21:34 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\FUN
    2015-02-05 08:59 - 2011-12-09 20:03 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\AA
    2015-02-05 07:18 - 2004-08-10 12:51 - 00002206 ____C () C:\WINDOWS\system32\wpa.dbl
    2015-02-04 20:50 - 2008-04-01 07:21 - 00006848 ____C () C:\WINDOWS\wininit.ini
    2015-02-04 20:34 - 2014-02-21 15:08 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Lavasoft
    2015-02-04 19:45 - 2014-08-12 09:15 - 00131072 ____C () C:\WINDOWS\system32\config\Spybot -.evt
    2015-02-04 19:43 - 2014-07-30 18:48 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\Adobe
    2015-02-04 19:41 - 2014-07-30 18:43 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
    2015-02-04 19:40 - 2006-08-01 20:48 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2015-02-04 19:28 - 2014-08-12 09:14 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
    2015-02-04 18:59 - 2014-02-24 10:33 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\AVAST Software
    2015-02-04 18:58 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\Google
    2015-02-04 12:57 - 2011-12-10 22:39 - 00002487 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
    2015-02-04 12:49 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy
    2015-02-04 12:49 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
    2015-02-04 12:49 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
    2015-02-04 12:49 - 2004-08-10 13:02 - 00000000 ____D () C:\WINDOWS\Registration
    2015-02-04 12:45 - 2011-12-10 22:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
    2015-02-04 12:39 - 2014-10-12 17:25 - 00173971 ____C () C:\WINDOWS\setupapi.log
    2015-02-04 12:37 - 2004-08-10 12:51 - 00001329 ____C () C:\WINDOWS\win.ini
    2015-02-04 12:36 - 2011-11-23 14:56 - 00000000 ____D () C:\WINDOWS\SHELLNEW
    2015-02-04 12:36 - 2004-08-10 12:57 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2015-02-04 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\Media
    2015-02-04 12:35 - 2006-08-05 18:58 - 00000000 ____D () C:\Program Files\Microsoft Office
    2015-02-04 12:34 - 2004-08-10 13:04 - 00000000 ____D () C:\Program Files\microsoft frontpage
    2015-02-04 12:34 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\system
    2015-02-04 12:29 - 2011-12-05 09:57 - 00000853 ____C () C:\WINDOWS\DHCPUPG.LOG
    2015-02-04 09:29 - 2012-07-03 07:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2015-02-03 10:38 - 2011-12-21 12:30 - 00000000 ___DC () C:\8fd3818fadf89c2779d8860803ef0cab
    2015-02-03 08:58 - 2004-08-10 13:08 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
    2015-02-02 10:42 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\Help
    2015-02-01 14:24 - 2004-08-10 13:04 - 00000175 ____C () C:\WINDOWS\control.ini
    2015-01-31 17:34 - 2011-12-10 22:39 - 00002489 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
    2015-01-31 09:02 - 2009-03-16 09:58 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF912A38-04AF-4DEA-99F3-FBFD6C3CAF34}.job
    2015-01-27 20:21 - 2006-08-05 19:02 - 00059312 ____C () C:\Documents and Settings\Katy\Application Data\GDIPFONTCACHEV1.DAT
    2015-01-24 20:25 - 2014-10-18 22:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
    2015-01-24 19:50 - 2014-03-27 10:02 - 00002565 ____C () C:\Documents and Settings\Katy\Desktop\Microsoft Calculator Plus.lnk
    2015-01-24 09:21 - 2011-12-09 20:04 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\MONEY
    2015-01-23 10:49 - 2008-12-11 09:27 - 00243128 ____C () C:\WINDOWS\system32\FNTCACHE.DAT
    2015-01-23 10:44 - 2013-08-14 07:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2015-01-23 10:43 - 2006-07-17 19:17 - 00000000 ___DC () C:\dell
    2015-01-23 10:43 - 2006-07-17 19:11 - 00000000 ____D () C:\i386
    2015-01-23 08:26 - 2011-12-08 21:07 - 00000000 ___DC () C:\unzipped
    2015-01-22 09:24 - 2014-10-02 10:36 - 00002027 ____C () C:\Documents and Settings\Katy\My Documents\swank critical.txt
    2015-01-20 13:10 - 2011-12-18 12:21 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
    2015-01-20 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\twain_32
    2015-01-20 12:34 - 2008-12-03 11:55 - 00012964 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    2015-01-20 12:30 - 2006-07-22 19:36 - 00059312 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2015-01-20 11:31 - 2014-07-20 18:28 - 00000724 ____C () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    2015-01-20 11:31 - 2011-12-08 20:32 - 00000730 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    2015-01-15 10:14 - 2006-07-23 08:43 - 110348472 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-01-14 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\pchealth
    2015-01-12 21:00 - 2009-08-15 14:23 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HpUpdate
    2015-01-11 11:05 - 2011-12-09 08:41 - 00000000 ____D () C:\Program Files\Savings Bond Wizard
    2015-01-10 13:36 - 2008-12-03 13:12 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HP
    2015-01-08 15:00 - 2014-04-03 12:42 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

    ==================== Files in the root of some directories =======

    2006-08-27 16:27 - 2008-07-26 19:15 - 0004096 ____C () C:\Documents and Settings\Katy\Application Data\dvd.bmk
    2015-01-12 20:52 - 2015-01-12 20:52 - 0002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
    2015-01-12 20:52 - 2015-01-12 20:53 - 0059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
    2006-07-28 06:32 - 2006-07-28 06:32 - 0012358 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JCM.{PB
    2006-07-28 06:32 - 2006-07-28 06:32 - 0061678 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JPR.{PB
    2015-01-25 11:12 - 2015-01-25 11:12 - 0002086 _____ () C:\Documents and Settings\Katy\Application Data\PHRDQX
    2015-02-04 19:42 - 2015-02-04 19:42 - 1513432 _____ (Cinema PlusV04.02) C:\Documents and Settings\Katy\Application Data\PHRDQX.exe
    2015-01-25 11:12 - 2015-01-25 11:12 - 0001248 _____ () C:\Documents and Settings\Katy\Application Data\SHGGIKJF
    2015-02-04 19:41 - 2015-02-04 19:41 - 2002392 _____ (Cinema PlusV04.02) C:\Documents and Settings\Katy\Application Data\SHGGIKJF.exe
    2015-01-11 10:21 - 2015-01-11 10:21 - 0074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
    2015-02-02 14:32 - 2015-02-02 14:32 - 0170998 _____ () C:\Documents and Settings\Katy\Local Settings\Application Data\ars.cache
    2015-02-02 14:32 - 2015-02-02 14:32 - 0150328 _____ () C:\Documents and Settings\Katy\Local Settings\Application Data\census.cache
    2008-08-24 17:23 - 2011-01-12 10:24 - 0004608 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2006-07-23 07:45 - 2006-07-23 07:45 - 0000127 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\fusioncache.dat
    2015-02-02 13:56 - 2015-02-02 13:56 - 0000036 _____ () C:\Documents and Settings\Katy\Local Settings\Application Data\housecall.guid.cache

    Some content of TEMP:
    ====================
    C:\Documents and Settings\Katy\Local Settings\Temp\8594.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End Of Log ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-02-2015 01
    Ran by Katy at 2015-02-05 13:32:49
    Running from C:\Documents and Settings\Katy\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG Anti-Virus Free (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Norton Internet Security (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    aaquotes (HKLM\...\ST5UNST #1) (Version: - )
    ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1703.41614 - ABBYY Software House)
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    AiO_Scan (Version: 43.0.217.000 - Hewlett-Packard) Hidden
    AOLIcon (Version: 1.00.0000 - Dell) Hidden
    Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )
    Dell CinePlayer (HKLM\...\{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}) (Version: 3.0 - Dell)
    Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
    Digital Content Portal (HKLM\...\{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}) (Version: 1.00.0000 - Dell)
    Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc)
    DocProc (Version: 7.0.0.0 - Hewlett-Packard) Hidden
    DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Documentation & Support Launcher (HKLM\...\{B0DF58A2-40DF-4465-AA56-38623EC9938C}) (Version: 1.00.0000 - Dell Inc.)
    e-AA lite (HKLM\...\e-AA lite_is1) (Version: v1.11 - The Anonymous Press)
    ELIcon (Version: 1.00.0000 - Dell) Hidden
    Enterprise (Version: 43.0.217.000 - Hewlett-Packard) Hidden
    Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden
    Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
    HP PSC & Officejet 4.2 Corporate Edition (HKLM\...\{AC1314E7-D28C-40A1-B322-80D2868D35CE}) (Version: - HP)
    HP Support Solutions Framework (HKLM\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
    InstantShareAlert (Version: 1.00.0000 - HP) Hidden
    Intel(R) Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
    Intel(R) PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - )
    Intel(R) PROSet for Wired Connections (HKLM\...\{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}) (Version: 8.00.5000 - Dell)
    Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    Mah Jongg - The REAL Game! (HKLM\...\Mah Jongg - The REAL Game!) (Version: - )
    MCU (Version: 1.00.0000 - Dell) Hidden
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office XP Professional (HKLM\...\{90110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 2.40 - BVRP Software)
    Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.12 - BVRP Software, Inc)
    OCR Software by I.R.I.S 7.0 (HKLM\...\HPOCR) (Version: 7.0 - HP)
    Professor Teaches Access 2000 (HKLM\...\Professor Teaches Access 2000) (Version: - )
    Professor Teaches Access 2002 (HKLM\...\Professor Teaches Access 2002) (Version: 3.0 - Individual Software, Inc.)
    Professor Teaches Excel 2000 (HKLM\...\Professor Teaches Excel 2000) (Version: - )
    Professor Teaches Excel 2002 (HKLM\...\Professor Teaches Excel 2002) (Version: 3.0 - Individual Software, Inc.)
    Professor Teaches FrontPage 2002 (HKLM\...\Professor Teaches FrontPage 2002) (Version: 3.0 - Individual Software, Inc.)
    Professor Teaches Outlook 2000 (HKLM\...\Professor Teaches Outlook 2000) (Version: - )
    Professor Teaches Outlook 2002 (HKLM\...\Professor Teaches Outlook 2002) (Version: 3.0 - Individual Software, Inc.)
    Professor Teaches PowerPoint 2000 (HKLM\...\Professor Teaches PowerPoint 2000) (Version: - )
    Professor Teaches PowerPoint 2002 (HKLM\...\Professor Teaches PowerPoint 2002) (Version: 3.0 - Individual Software, Inc.)
    Professor Teaches Windows XP Home Edition (HKLM\...\Professor Teaches Windows XP Home Edition) (Version: 4.0 - Individual Software, Inc.)
    Professor Teaches Word 2000 (HKLM\...\Professor Teaches Word 2000) (Version: - )
    Professor Teaches Word 2002 (HKLM\...\Professor Teaches Word 2002) (Version: 3.0 - Individual Software, Inc.)
    Roxio DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 5.2.0 - Roxio)
    Roxio MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.6 - Roxio)
    Roxio RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Roxio)
    Roxio RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Roxio)
    Roxio RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Roxio)
    Savings Bond Wizard (HKLM\...\Savings Bond Wizard) (Version: - )
    Scan (Version: 4.1.0.0 - Hewlett-Packard) Hidden
    Scrabble (HKLM\...\Scrabble) (Version: - )
    Search Assist (HKLM\...\{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}) (Version: 1.00.0000 - Dell)
    Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
    Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
    Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.4 - Tweaking.com)
    VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
    WebCyberCoach 3.2 Dell (HKLM\...\WebCyberCoach_wtrb) (Version: - )
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden
    Wellness (HKLM\...\{E7DB1937-44D9-4DD7-9704-46BDCACD9DD0}) (Version: 4.5 - Zentrum Publishing)
    Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0018.5 - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
    Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
    Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20061107.210142 - Microsoft Corporation)
    Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
    Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
    WinZip (HKLM\...\WinZip) (Version: 9.0 (6028) - WinZip Computing, Inc.)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Katy\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
    CustomCLSID: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Katy\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No File

    ==================== Restore Points =========================

    07-12-2014 03:01:58 System Checkpoint
    09-12-2014 10:03:13 System Checkpoint
    10-12-2014 09:51:25 Software Distribution Service 3.0
    15-12-2014 11:19:34 System Checkpoint
    17-12-2014 18:45:45 System Checkpoint
    19-12-2014 10:27:10 System Checkpoint
    21-12-2014 14:34:04 System Checkpoint
    22-12-2014 13:51:03 Restore Operation
    22-12-2014 13:58:35 Software Distribution Service 3.0
    22-12-2014 15:46:26 Restore Operation
    26-12-2014 18:52:22 Removed Across Lite
    31-12-2014 13:27:45 System Checkpoint
    03-01-2015 09:34:01 System Checkpoint
    05-01-2015 08:42:34 System Checkpoint
    06-01-2015 09:38:57 System Checkpoint
    09-01-2015 15:00:45 System Checkpoint
    10-01-2015 13:22:58 Installed HP Support Solutions Framework
    10-01-2015 13:54:01 Printer Driver HP Officejet 5600 series fax Installed
    11-01-2015 10:19:22 Removed HP Software Update
    12-01-2015 21:00:19 Installed HP Product Assistant
    13-01-2015 20:16:10 Restore Operation
    13-01-2015 20:22:04 Software Distribution Service 3.0
    14-01-2015 12:51:09 Removed HP Support Solutions Framework
    14-01-2015 12:53:52 Removed HP Update.
    15-01-2015 09:59:35 Restore Operation
    15-01-2015 10:14:15 Software Distribution Service 3.0
    17-01-2015 05:06:29 System Checkpoint
    18-01-2015 19:42:15 Installed HP Support Solutions Framework
    18-01-2015 20:14:22 Printer Driver hp officejet 4200 series fax Installed
    19-01-2015 08:38:01 Restore Operation
    19-01-2015 08:51:23 Restore Operation
    19-01-2015 09:06:37 Software Distribution Service 3.0
    19-01-2015 10:13:08 Restore Operation
    20-01-2015 10:58:48 System Checkpoint
    20-01-2015 12:28:41 Installed HP Support Solutions Framework
    22-01-2015 07:48:36 System Checkpoint
    23-01-2015 08:24:59 Restore Operation
    23-01-2015 08:49:34 Software Distribution Service 3.0
    23-01-2015 10:34:38 Restore Operation
    25-01-2015 16:13:08 System Checkpoint
    26-01-2015 18:38:05 System Checkpoint
    28-01-2015 08:10:41 System Checkpoint
    29-01-2015 09:41:49 System Checkpoint
    31-01-2015 21:26:22 System Checkpoint
    02-02-2015 05:55:58 System Checkpoint
    04-02-2015 11:26:21 System Checkpoint
    04-02-2015 12:35:08 Installed Microsoft Office 2000 Professional
    04-02-2015 12:44:38 Restore Operation
    04-02-2015 13:27:59 avast! antivirus system restore point
    04-02-2015 18:10:51 avast! antivirus system restore point
    04-02-2015 18:21:41 Restore Operation
    04-02-2015 18:25:35 Restore Operation
    04-02-2015 18:30:26 Restore Operation
    04-02-2015 18:36:50 Restore Operation
    04-02-2015 18:44:03 Restore Operation
    04-02-2015 18:48:52 Restore Operation
    04-02-2015 18:55:33 Restore Operation
    04-02-2015 19:01:06 Restore Operation
    04-02-2015 19:07:03 Restore Operation
    04-02-2015 19:15:28 LavasoftWeCompanion
    04-02-2015 20:30:31 LavasoftWeCompanion

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2004-08-10 12:51 - 2015-02-01 15:38 - 00450775 ___RC C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 1spybot.com
    127.0.0.1 www.1spybot.com
    127.0.0.1 1stantivirus.com
    127.0.0.1 www.1stantivirus.com
    127.0.0.1 1stpagehere.com
    127.0.0.1 www.1stpagehere.com
    127.0.0.1 1stsearchportal.com
    127.0.0.1 www.1stsearchportal.com
    127.0.0.1 2-2005-search.com
    127.0.0.1 www.2-2005-search.com
    127.0.0.1 2.82211.net
    127.0.0.1 2006ooo.com
    127.0.0.1 www.2006ooo.com
    127.0.0.1 2007-download.com
    127.0.0.1 www.2007-download.com
    127.0.0.1 2008-search-destroy.com
    127.0.0.1 www.2008-search-destroy.com
    127.0.0.1 2008-viewer.com
    127.0.0.1 www.2008-viewer.com
    127.0.0.1 2008firefox.com
    127.0.0.1 www.2008firefox.com
    127.0.0.1 2008search-destroy.com
    127.0.0.1 www.2008search-destroy.com
    127.0.0.1 2009--access.com
    127.0.0.1 www.2009--access.com
    127.0.0.1 2009-edition.com
    127.0.0.1 www.2009-edition.com
    127.0.0.1 2009-phone.com
    127.0.0.1 www.2009-phone.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
    Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\PHRDQX.job => C:\Documents and Settings\Katy\Application Data\PHRDQX.exe
    Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
    Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
    Task: C:\WINDOWS\Tasks\SHGGIKJF.job => C:\Documents and Settings\Katy\Application Data\SHGGIKJF.exe
    Task: C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    Task: C:\WINDOWS\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF912A38-04AF-4DEA-99F3-FBFD6C3CAF34}.job => C:\WINDOWS\system32\msfeedssync.exe
    Task: C:\WINDOWS\Tasks\WebReg officejet 4200 series.job => C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe

    ==================== Loaded Modules (whitelisted) ==============


    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\WINDOWS\explorer.exe:SummaryInformation
    AlternateDataStreams: C:\WINDOWS\explorer.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\WINDOWS\wmp11Uninst.log:SummaryInformation
    AlternateDataStreams: C:\WINDOWS\wmp11Uninst.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2BDCFAD6
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2D5907B8
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D158BAF9
    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Registry Areas =====================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Katy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1226216386-1621485569-1288477537-500 - Administrator - Enabled)
    Guest (S-1-5-21-1226216386-1621485569-1288477537-501 - Limited - Enabled)
    HelpAssistant (S-1-5-21-1226216386-1621485569-1288477537-1005 - Limited - Disabled)
    Katy (S-1-5-21-1226216386-1621485569-1288477537-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Katy
    SUPPORT_388945a0 (S-1-5-21-1226216386-1621485569-1288477537-1002 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/05/2015 01:09:03 PM) (Source: Ci) (EventID: 4118) (User: )
    Description: A content scan could not be completed on c:\.

    Error: (02/05/2015 07:24:06 AM) (Source: Ci) (EventID: 4118) (User: )
    Description: A content scan could not be completed on c:\.

    Error: (02/04/2015 08:58:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application gentlemjmp_ieeuu.tmp, version 51.52.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (02/04/2015 07:16:30 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 35.0.1.5500, faulting module mozalloc.dll, version 35.0.1.5500, fault address 0x00001425.
    Processing media-specific event for [plugin-container.exe!ws!]

    Error: (02/04/2015 07:13:35 PM) (Source: Ci) (EventID: 4118) (User: )
    Description: A content scan could not be completed on c:\.

    Error: (02/04/2015 07:06:49 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
    Description: The application cannot be initialized.

    Context: Windows Application


    Details:
    The content index cannot be read. (0xc0041800)

    Error: (02/04/2015 07:06:49 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
    Description: The gatherer object cannot be initialized.

    Context: Windows Application, SystemIndex Catalog


    Details:
    The content index cannot be read. (0xc0041800)

    Error: (02/04/2015 07:06:49 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

    Context: Windows Application, SystemIndex Catalog


    Details:
    The content index cannot be read. (0xc0041800)

    Error: (02/04/2015 07:06:49 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
    Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.

    Context: Windows Application, SystemIndex Catalog


    Details:
    0xc0041801 (0xc0041801)

    Error: (02/04/2015 06:48:41 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
    Description: The application cannot be initialized.

    Context: Windows Application


    Details:
    The content index cannot be read. (0xc0041800)


    System errors:
    =============
    Error: (02/05/2015 01:24:59 PM) (Source: WPDMTPDriver) (EventID: 15300) (User: )
    Description: MTP WPD Driver has failed to start. Error 0x8007048f.

    Error: (02/05/2015 01:08:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    BHDrvx86
    ccSet_NIS
    SymIRON
    SYMTDI
    wpnfd_1_10_0_6

    Error: (02/05/2015 01:05:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Start Menu Video Camera service failed to start due to the following error:
    %%2

    Error: (02/05/2015 01:05:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The JO Service component service failed to start due to the following error:
    %%2

    Error: (02/05/2015 01:05:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
    %%1053

    Error: (02/05/2015 01:05:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

    Error: (02/05/2015 01:05:14 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The Norton Internet Security service terminated with service-specific error 4294967295 (0xFFFFFFFF).

    Error: (02/05/2015 01:05:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The HP Support Solutions Framework Service service failed to start due to the following error:
    %%1053

    Error: (02/05/2015 01:05:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: Timeout (30000 milliseconds) waiting for the HP Support Solutions Framework Service service to connect.

    Error: (02/05/2015 01:05:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The globalUpdate Update Service (globalUpdate) service failed to start due to the following error:
    %%2


    Microsoft Office Sessions:
    =========================
    Error: (02/05/2015 01:09:03 PM) (Source: Ci) (EventID: 4118) (User: )
    Description: c:\

    Error: (02/05/2015 07:24:06 AM) (Source: Ci) (EventID: 4118) (User: )
    Description: c:\

    Error: (02/04/2015 08:58:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: gentlemjmp_ieeuu.tmp51.52.0.0hungapp0.0.0.000000000

    Error: (02/04/2015 07:16:30 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: plugin-container.exe35.0.1.5500mozalloc.dll35.0.1.550000001425

    Error: (02/04/2015 07:13:35 PM) (Source: Ci) (EventID: 4118) (User: )
    Description: c:\

    Error: (02/04/2015 07:06:49 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
    Description: Context: Windows Application


    Details:
    The content index cannot be read. (0xc0041800)

    Error: (02/04/2015 07:06:49 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
    Description: Context: Windows Application, SystemIndex Catalog


    Details:
    The content index cannot be read. (0xc0041800)

    Error: (02/04/2015 07:06:49 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
    Description: Context: Windows Application, SystemIndex Catalog


    Details:
    The content index cannot be read. (0xc0041800)
    Search.TripoliIndexer

    Error: (02/04/2015 07:06:49 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
    Description: Context: Windows Application, SystemIndex Catalog


    Details:
    0xc0041801 (0xc0041801)

    Error: (02/04/2015 06:48:41 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
    Description: Context: Windows Application


    Details:
    The content index cannot be read. (0xc0041800)


    ==================== Memory info ===========================

    Processor: Intel(R) Celeron(R) CPU 2.53GHz
    Percentage of memory in use: 30%
    Total physical RAM: 2045.98 MB
    Available physical RAM: 1423.86 MB
    Total Pagefile: 3431.36 MB
    Available Pagefile: 2921.68 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1928.27 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:52.7 GB) (Free:31.16 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive d: (Backup) (Fixed) (Total:18.61 GB) (Free:18.53 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 74.5 GB) (Disk ID: D0F4738C)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=52.7 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=18.6 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=3.1 GB) - (Type=DB)

    ==================== End Of Log ============================

  6. #36
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi Katy1,

    As you are well aware you are running an out dated operating system (Windows XP). You also have an older computer with a slower processor 2.53GHz and a minimal amount of RAM : 2045.98 MB (Random Access Memory). These are the primary contributing factors that are contributing to the slowness of your computer.

    If it is in your budget an new computer would be your best avenue to take. If it's not, the if your computer's RAM can be expanded you could always add some new RAM modules which is rather affordable these days. If you would like some additional information on this let me know.

    You did also stated that you do not have the Windows XP installation disks, correct?

    =========================

    Multiple Anti-Virus Programs Installed

    I notice that you have both AVG Anti-Virus Free and Norton Internet Security installed at the same time. Having more than one antivirus program running at the same time can seriously degrade the performance of your system.

    Please uninstall either AVG Anti-Virus Free or Norton Internet Security (which ever you prefer) using either the provided uninstall feature that is part of the antivirus program or through Add/Remove Programs (for Vista and Win 7 users to go to Programs and Features in the Control Panel). As a rule of thumb one should run one firewall, one antivirus program in memory, and one anti-spyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.

    =========================

    FRST Fix Script

    Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

    Code:
    Start
    CloseProcesses:
    HKLM\...\Run: [gmsd_us_178] => [X]
    HKLM\...\Run: [upgmsd_us_178.exe] => C:\Documents and Settings\Katy\Local Settings\Application Data\gmsd_us_178\upgmsd_us_178.exe -runhelper
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKLM -> DefaultScope URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> DefaultScope {7ad9fd96-42e6-497b-8495-a40df0cc61e2} URL = http://www.bing.com/search?pc=COSP&ptag=D020515-AC44713A88D0B45FFA7F&form=CONBDF&conlogo=CT3331981&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {7ad9fd96-42e6-497b-8495-a40df0cc61e2} URL = http://www.bing.com/search?pc=COSP&ptag=D020515-AC44713A88D0B45FFA7F&form=CONBDF&conlogo=CT3331981&q={searchTerms}
    2015-02-04 19:42 - 2015-02-05 13:09 - 00001370 _____ () C:\WINDOWS\Tasks\PHRDQX.job
    2015-02-04 19:42 - 2015-02-04 19:42 - 01513432 _____ (Cinema PlusV04.02) C:\Documents and Settings\Katy\Application Data\PHRDQX.exe
    2015-02-04 19:41 - 2015-02-05 13:09 - 00001718 _____ () C:\WINDOWS\Tasks\SHGGIKJF.job
    2015-02-04 19:41 - 2015-02-05 13:01 - 00000956 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
    2015-02-04 19:41 - 2015-02-05 07:46 - 00000960 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
    2015-02-04 19:41 - 2015-02-04 19:41 - 02002392 _____ (Cinema PlusV04.02) C:\Documents and Settings\Katy\Application Data\SHGGIKJF.exe
    2015-02-04 19:41 - 2015-02-04 19:41 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\globalUpdate
    2015-02-04 19:37 - 2015-02-04 20:22 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\gmsd_us_178
    Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
    C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\PHRDQX.job => C:\Documents and Settings\Katy\Application Data\PHRDQX.exe
    C:\Documents and Settings\Katy\Application Data\PHRDQX.exe
    EmptyTemp:
    End
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST and press the Fix button just once and wait.
    The tool will make a log (Fixlog.txt) please post it to your reply.

    =========================

    Re-run Farbar Recovery Scan Tool it should be on your desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

    =========================

    In your next post please provide the following:
    • Fixlog.txt
    • new FRST.txt
    • Any change in performance?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  7. #37
    Member
    Join Date
    Jan 2015
    Posts
    32

    Default AtuZi not completely removed (?)

    Hi OCD,

    - No I do not have XP installation disks.

    - AVG and Norton are not in my Add/Remove files. AVG gave me a lot of problems years ago and I thought I deleted it; same with Norton. I thought Norton was supplanted by PC Tools and later Spybot (?)

    - FRST Fix script. Won't let me cut/paste text the code you provided for Fixlog.txt on notepad. I went down the list with my mouse, right clicked and got 'save page as, select all, view page source, page info, and inspect element (O).

    I'll stop and wait for next instruction.

    Katy

  8. #38
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi Katy1,

    Below is parts of the Security Check and FRST - addition.txt logs. I have highlighted the security software that you currently have installed on your machine. Just because the program doesn't show in your Add/Remove program menu doesn't necessarily mean they still aren't present on your computer.

    These show that you have Windows Firewall disabled, AVG Anti-virus disabled, Norton Anti-virus disabled and Norton Firewall disabled. And for general information SpyBot does not contain an anti-virus component unless you have the paid version.

    Are these all disabled because you were running the scan or do you no longer use them?
    Results of screen317's Security Check version 0.99.95
    Windows XP Service Pack 3 x86
    Internet Explorer 7 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    `````````Anti-malware/Other Utilities Check:`````````
    MVPS Hosts File
    Spybot - Search & Destroy
    Java 7 Update 71
    Java 64-bit 8 Update 31
    Adobe Flash Player 16.0.0.296
    Adobe Reader XI
    Mozilla Firefox (35.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    Spybot Teatimer.exe is disabled!
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````

    =========================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
    Ran by Katy at 2015-01-28 21:36:30
    Running from C:\Documents and Settings\Katy\Desktop
    Boot Mode: Normal

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG Anti-Virus Free (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Norton Internet Security (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    =========================

    Please re-enable the Windows Firewall now.

    Enable Windows Firewall in XP

    • Click Start, click Run, type Firewall.cpl, and then click OK.
    • On the General tab, click On (recommended).
    • Click OK.

    =========================

    Next, install a Free Anti-Virus

    =========================

    FRST Fix script. Won't let me cut/paste text the code you provided for Fixlog.txt on notepad. I went down the list with my mouse, right clicked and got 'save page as, select all, view page source, page info, and inspect element (O).
    You have done this step before, have you changed how you do it?

    Try this:
    • Open Notepad. Navigate to the FRST script I posted for you.
    • Next, in the "code box" above Left click the word "Start" and hold the mouse button down.
    • Drag the mouse down the text (within the code box) until you get to the word "End", release the mouse button.
    • All the text should now be highlighted.
    • Right click the highlighted text and choose "Copy"
    • Go to the open Notepad window, right click anywhere in the "white space" and choose "Paste"
    • Now save that Notepad file as "fixlist.txt" to your Desktop and follow the remainder of the instructions to process the FRST script fix.

    =========================

    In your next post please provide the following:
    • Fixlog.txt
    • new FRST.txt
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

  9. #39
    Member
    Join Date
    Jan 2015
    Posts
    32

    Default AtuZi not completely removed (?)

    Hi OCD,

    -I don't know why the antiviruses are on my machine. I only use Spybot paid home version with antivirus.

    -Enabled windows firewall. Thank you!

    - did not download a free antivirus because I use Spybots.

    - (lol) I don't understand why I can't highlight the code you sent; I did it before of course, but it won't let me now. Tried repeatedly. Nada.

    Next? Thank you.

    Katy

  10. #40
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi Katy1,

    This has to do with some application that's having a lock over the Windows
    Clipboard. David Candy's application should determine the Process that's
    causing the problem.

    Download GetOpenClipboardWindow.zip from here:
    http://windowsxp.mvps.org/temp/GetOp...oardWindow.zip

    Unzip and run the tool. Post back what it reports. For best results, run
    this utility during the time you encounter the Copy<=>Paste problem.

    =========================

    NEW STEPS ADDED TO INITIAL POST

    =========================

    We are encountering a lot of issues that we shouldn't be. Let's try and repair some of those issues so we can complete our other tasks easier.

    Save these instructions to wordpad/notepad or print them out, while some of the fix will have to be done in safemode this page will not be available for you to follow.

    Reboot Windows XP in Safe Mode w/ Networking
    • Restart your computer.
    • When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
    • Select the option for Safe Mode w/ Networking using the arrow keys.
    • Then press enter on your keyboard to boot into Safe Mode w/ Networking.


    =========================

    I previously had you download Tweaking All in One , please open the program again.

    Locate the Repairs tab



    Next click Open Repairs



    Select only the options as outlined in the image. Others may be selected by default



    =========================

    Reboot into Normal Mode

    =========================

    Your hard drive is severly fragmented.

    Run the Windows Defrag Tool now.
    • Open My Computer.
    • Right-click the local disk volume that you want to defragment, and then click Properties.
    • On the Tools tab, click Defragment Now.
    • Click Defragment.


    =========================

    Reboot when it has completed.

    =========================

    After the above steps have completed go back to post #36 http://forums.spybot.info/showthread...l=1#post461837 and complete the tasks requested
    Last edited by OCD; 2015-02-06 at 23:20. Reason: added additional steps
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •