AtuZi not completely removed (?)

Status
Not open for further replies.
Hi OCD,

Oh boy.

-Ran malwarbites from desktop. Found 6 quarantined items. Did not find any log, searched for MBAM.log in notepad, in computer. nothing.

- Ran ESET smart installer from desktop. Would not let me run; error messages about 'symantec corporation, Norton antivirus 2014': could not find in my add/remove programs.

-Could not disable Spybot for scans.

-Could not run programs in administrative mode; right clicked; didn't work.

-Never used Chrome browser. only Firefox

Katy
 
Hi Katy1,

Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
  • Chrome
=========================

Could not run programs in administrative mode; right clicked; didn't work.
Click to expand...

  1. Can you explain in more detail?
  2. What options (if any) were you presented with when you right clicked?
  3. Do you have Administrator Privileges on the computer?

=========================

Reboot

=========================

Could not disable Spybot for scans
Click to expand...

Try these steps:

Disable Spybot Search & Destroy (temporarily)
  • Launch Spybot S & D
  • Select Mode it the top menu bar, select Advanced
  • Select the Tools sub menu on the left
  • Select the Resident from the left hand menu
  • Remove the check marks from both options in the right hand menu under "Resident Protection Status"
  • Exit Spybot
=========================

Try this other online scanner.

TrendMicro HouseCall Online Scanner
  • Go to http://housecall.trendmicro.com/
  • Download HouseCall - Free Online Scanner
  • Select get HouseCall Now, save the file to your computer.
  • Double-click to launch HouseCall
  • Click Yes for the UAC
  • Click the Scan Now button
  • Fix any problems found
  • Copy and paste the results in your next reply
=========================

Reboot

=========================

Re-run Farbar Recovery Scan Tool it should be on your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Select the Addition box
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It will also make (Addition.txt). Please attach it to your reply
=========================

In your next post please provide the following:
  • Housecall results
  • FRST.txt
  • Addition.txt
  • How is the computer running?
 
Hi OCD,

Not sure if you got my last post so I'll repeat.

-could not delete Chrome from from Control Panel or Add/Remove programs so deleted it thru registry.

-could not right click on programs. They just 'hung' there. I do have administrators privileges.

- Opened Spybot Search and Destroy and clicked Advanced mode, went to Tools, and there is no 'Resident' option. I have Home version.

-I will go to Trend Micro House Calls then to Farber....

You are a saint to stick with me all this time and I thank you very much. :)

Katy
 
Hi OCD,

-Ran Trend Micro House Call; 'No Threats found'.

-rebooted

- tried to rerun Farber and was sent to OCD-WTT Bucket;

got a blank screen with a little bullseye in the middle and a popup to run Media Player;

then a screen for Windows PC Repair.

Computer running slooooow.

Katy
 
Hi Katy1,

could not delete Chrome from from Control Panel or Add/Remove programs so deleted it thru registry.
Click to expand...

It is very important that during the malware removal process you do not take any cleaning steps unless I specifically ask you to do so. I can't stress strongly enough that you do not edit the Registry in any manner. Doing so can render your computer un-bootable, and may be the cause of some of the issues you are experiencing.

could not right click on programs. They just 'hung' there. I do have administrators privileges.
Click to expand...

When you right click on the executable file, do you get an expanded menu of options?
If so, what are the menu options?

Opened Spybot Search and Destroy and clicked Advanced mode, went to Tools, and there is no 'Resident' option. I have Home version.
Click to expand...

Try the instructions provided here >> http://www.safer-networking.org/faq/how-to-disable-spybot-sd-temporarily/

- tried to rerun Farber and was sent to OCD-WTT Bucket;

got a blank screen with a little bullseye in the middle and a popup to run Media Player;

then a screen for Windows PC Repair.
Click to expand...

I'm a bit confused as to why you are experiencing these issues.

=========================

System File Checker (SFC)
  • Click on the Start button and in the Search programs and files box type the following:
    • command
  • Don't press Enter, just let the search results populate above.
  • In the search results, locate the Programs section.
  • Locate the Command Prompt shortcut and right-click on it.
  • Select Run as administrator.
  • Click Yes on the User Account Control window that appears.
  • Important: If you see a User Account Control window but also a message that says To continue, type an administrator password, and then click Yes, then your user account must be a standard account, not an administrator account. Before you can click Yes and open an elevated command prompt, you'll need to type the password of another user on your Windows 7 computer that has administrator level privileges.
  • Note: You will not see this window at all if your User Account Control settings are turned all the way down. See How To Disable User Account Control in Windows 7 for more information.
  • An elevated Command Prompt window will appear.
    • Type: sfc /scannow (There's a space between sfc and /scannow.) , then hit Enter
  • Let the check run to completion. DO NOT reboot the PC or close the cmd window.
  • Copy & Paste the following command at the Command Prompt and press Enter:

    findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt
  • This will place a file on your desktop called sfcdetails.txt which contains the results of the scan.
  • Copy and Paste the contents of the file into your next post.
  • After the scan runs type exit to close the command prompt window
=========================

In your next post please provide the following:
  • sfcdetails.txt
 
Hi OCD,

-followed instruction you provided on Spybot; would did not show a 'resident' listing in Advanced mode, tools.

- when I right clicked on executable files I got nothing; no listings, nada.

- System file checker sent me to bullseye_zpsect36, where I got OCD-WTT bucket list, media player popup, etc. :(

Thank you,

katy
 
Hi Katy,

Please read the instructions all the way through before beginning so you are familiar with the steps you are about to take. You can even print them out for easier reference.

System file checker sent me to bullseye_zpsect36, where I got OCD-WTT bucket list, media player popup, etc. :(
Click to expand...

If I am not mistaken, I think you are clicking on this image and trying to proceed from there. That little "bulls-eye" is just a marker for each new step, not a click-able link for that step.

when I right clicked on executable files I got nothing; no listings, nada.
Click to expand...

When you right click on an executable file you should see a menu similar to this?



Pick any desktop icon and try it. Your menu may be different, but does it include Run as Administrator?

Please also retry the System File Checker from my previous post again. Don't worry about disabling Spybot for now.
 
Hi OCD,

you're right, I was clicking on the 'bullseye'.

I do read all the instructions all the way thru but i didn't want/don't want to make mistakes so I was copying ever message each day. oh boy. doh!

I right clicked on icons on my desktop and never get run as administrator or the menu you provided as an example.

I will reload system file checker. thanks.

Katy
 
Hi OCD,

you're right, I was clicking on the 'bullseye'.

I do read all the instructions all the way thru but i didn't want/don't want to make mistakes so I was copying ever message each day. oh boy. doh!

I right clicked on icons on my desktop and never get run as administrator or the menu you provided as an example.

I will reload system file checker. thanks.

Katy
 
can't get back to where I was to down load system file checker. I googled it and got microsoft sites for techies. (?)
 
Hi Katy1,

Let's try a different approach to System File Checker.

Download Tweaking.com Windows Repair from here or here and save it to your desktop.
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
=========================

Click on Step 4 Optional



Locate the Do It button as indicated in the image.

Let the scan complete and post the results after the scan has finished

In your next post please provide the following:
  • SFC Scan results
 
Hi OCD,

Having terrible problems. Again I right clicked on Tweaking.com, run as, and there were no options. I ran DOIT and could not find the SFC Scan results file. I am trying again now.

Yesterday I got all sorts of malware, which I finally deleted from add/remove programs:GAMESDESKTOP, VOPackage, Techgile, windows registry cleaner (?)BetterDeals, CinemaP.19cVO4oa, /ContentExplorer,ConvertAd,IGSmugscm /renite/desjtio/access(VuuPC)SmartWeb,SoftwareWatcher,WebCompanion/AdAware (ad awares good!!!), WinCheck,WordProsprl.m.0.6,....I'm grateful and surprised i got back here. I deleted and reinstalled spybot also.

On to Tweaking again

Best,
Katy
 
OCD,

Yes, I forgot. I don't have a windows CD but ran Tweaking anyway; I have MicrosoftOffice CDs that I reinstalled and they weren't helpful. And all the aforementioned malmare got in. ahh...what now (besides hanging myself!) lol

Katy

AtuZi be damned ;(
 
Hi Katy1,

Please refer back to my instructions in post #2, and repeated again in post #25

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

It is very important that you stop removing any software on your own. If you contract additional malware, let me know. Making changes to your system without my supervision will only delay the cleaning process. Also, if it happens it will be reflected in a subsequent scan.

=========================

Did the Tweaking SFC scan run to completion? If so, don't worry about the log.

=========================

Re-run Farbar Recovery Scan Tool it should be on your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Select the Addition box
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It will also make (Addition.txt). Please attach it to your reply
=========================

In your next post please provide the following:
  • FRST.txt
  • Addition.txt
 
Hi OCD! :)

Yes, Tweaking SFC did run thru.

ran Farber. Attaching FRST.txt and Addition.txt

Thankkkkkk you.
Katy
............Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-02-2015 01
Ran by Katy (administrator) on D5TBBCB1 on 05-02-2015 13:31:28
Running from C:\Documents and Settings\Katy\Desktop
Loaded Profiles: Katy (Available profiles: Katy)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)



==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DMXLauncher] => C:\Program Files\Dell\Media Experience\DMXLauncher.exe [98304 2006-05-03] ()
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe
HKLM\...\Run: [ISUSPM Startup] => "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2009-05-19] (Analog Devices, Inc.)
HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [122940 2005-11-07] (Sonic Solutions)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [gmsd_us_178] => [X]
HKLM\...\Run: [upgmsd_us_178.exe] => C:\Documents and Settings\Katy\Local Settings\Application Data\gmsd_us_178\upgmsd_us_178.exe -runhelper
Winlogon\Notify\avgrsstarter: avgrsstx.dll [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Macrovision Corporation)
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\...\RunOnce: [Adobe Speed Launcher] => 1423159303
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=COSP&ptag=D020515-AC44713A88D0B45FFA7F&form=CONMHP&conlogo=CT3331981
SearchScopes: HKLM -> DefaultScope URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> DefaultScope {7ad9fd96-42e6-497b-8495-a40df0cc61e2} URL = http://www.bing.com/search?pc=COSP&ptag=D020515-AC44713A88D0B45FFA7F&form=CONBDF&conlogo=CT3331981&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {7ad9fd96-42e6-497b-8495-a40df0cc61e2} URL = http://www.bing.com/search?pc=COSP&ptag=D020515-AC44713A88D0B45FFA7F&form=CONBDF&conlogo=CT3331981&q={searchTerms}
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Katy\Application Data\Mozilla\Firefox\Profiles\rwde3gyy.default-1423158602250
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\Exts\Chrome.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 Iprip; C:\WINDOWS\System32\iprip.dll [35328 2008-04-13] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-18] (Oracle Corporation)
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel(R) Corporation) [File not signed]
S2 NIS; C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-13] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]
S2 serverjo; C:\Documents and Settings\Katy\Application Data\VOPackage\JOSrv.exe [X]
S2 womufoji; C:\Documents and Settings\Katy\Application Data\VOPackage\nsx96.tmpfs [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 6195; C:\WINDOWS\System32\DRIVERS\6195 [9072 2011-11-18] ()
S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 bvrp_pci; C:\WINDOWS\system32\Drivers\bvrp_pci.sys [4272 2004-03-24] () [File not signed]
S1 ccSet_NIS; C:\WINDOWS\system32\drivers\NIS\1501000.012\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-11-07] (Sonic Solutions) [File not signed]
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions) [File not signed]
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-11-07] (Sonic Solutions) [File not signed]
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-11-07] (Sonic Solutions) [File not signed]
R0 DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [89264 2005-09-12] (Sonic Solutions) [File not signed]
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) [File not signed]
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-31] (Symantec Corporation)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49664 2006-04-12] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2006-04-12] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2006-04-12] (HP)
S3 netrcacm; C:\WINDOWS\System32\DRIVERS\netrcacm.sys [20648 2003-04-02] (Thomson Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46080 2005-08-19] (Sonic Solutions) [File not signed]
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46248 2013-10-10] ()
S3 SRTSP; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSP.SYS [651352 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1501000.012\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NIS\1501000.012\SYMEFA.SYS [935512 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2013-12-14] (Symantec Corporation)
S1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1501000.012\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
S1 SYMTDI; C:\WINDOWS\system32\drivers\NIS\1501000.012\SYMTDI.SYS [421592 2013-09-25] (Symantec Corporation)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S3 2980; System32\DRIVERS\2980 [X]
S3 Avgfwdx; system32\DRIVERS\avgfwdx.sys [X]
S3 Avgfwfd; system32\DRIVERS\avgfwdx.sys [X]
S1 BHDrvx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx86.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\Katy\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IDSxpx86; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140219.001\IDSxpx86.sys [X]
S3 NAVENG; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140220.003\NAVEX15.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
S1 wpnfd_1_10_0_6; system32\drivers\wpnfd_1_10_0_6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 13:31 - 2015-02-05 13:31 - 00014240 _____ () C:\Documents and Settings\Katy\Desktop\FRST.txt
2015-02-05 13:31 - 2015-02-05 13:31 - 00000000 ____D () C:\Documents and Settings\Katy\Desktop\FRST-OlderVersion
2015-02-05 12:38 - 2015-02-05 12:38 - 00000000 ____D () C:\Documents and Settings\Katy\Desktop\Old Firefox Data
2015-02-05 08:39 - 2015-02-05 08:39 - 00001812 _____ () C:\Documents and Settings\Katy\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2015-02-05 08:29 - 2015-02-05 08:29 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-02-05 08:29 - 2015-02-05 08:29 - 00000000 ____D () C:\Documents and Settings\Katy\Desktop\Program Files\Programs\Tweaking.com
2015-02-05 08:28 - 2015-02-05 08:28 - 10318832 _____ () C:\Documents and Settings\Katy\Desktop\tweaking.com_windows_repair_aio_setup.exe
2015-02-04 19:42 - 2015-02-05 13:09 - 00001370 _____ () C:\WINDOWS\Tasks\PHRDQX.job
2015-02-04 19:42 - 2015-02-04 19:42 - 01513432 _____ (Cinema PlusV04.02) C:\Documents and Settings\Katy\Application Data\PHRDQX.exe
2015-02-04 19:41 - 2015-02-05 13:09 - 00001718 _____ () C:\WINDOWS\Tasks\SHGGIKJF.job
2015-02-04 19:41 - 2015-02-05 13:01 - 00000956 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-02-04 19:41 - 2015-02-05 07:46 - 00000960 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-02-04 19:41 - 2015-02-04 19:41 - 02002392 _____ (Cinema PlusV04.02) C:\Documents and Settings\Katy\Application Data\SHGGIKJF.exe
2015-02-04 19:41 - 2015-02-04 19:41 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\globalUpdate
2015-02-04 19:37 - 2015-02-04 20:22 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\gmsd_us_178
2015-02-04 19:29 - 2015-02-04 19:29 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
2015-02-04 19:29 - 2015-02-04 19:29 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\Mozilla
2015-02-04 19:20 - 2015-02-05 13:09 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-02-04 19:20 - 2015-02-04 19:20 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-02-04 19:20 - 2015-02-04 19:20 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-02-04 19:19 - 2015-02-04 19:19 - 00001842 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-04 19:19 - 2015-02-04 19:19 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2015-02-04 19:19 - 2015-02-04 19:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-04 19:19 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2015-02-04 19:16 - 2015-02-04 19:16 - 00004512 _____ () C:\WINDOWS\system32\LavasoftTcpService.ini
2015-02-04 19:16 - 2015-02-04 19:16 - 00002400 _____ () C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-02-04 19:16 - 2015-01-23 06:39 - 00332216 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService.dll
2015-02-04 18:58 - 2015-02-05 13:30 - 00000000 ____D () C:\Documents and Settings\Katy\Desktop\ocd atuzi tools
2015-02-04 12:48 - 2015-02-05 13:31 - 00000000 ____D () C:\FRST
2015-02-04 12:48 - 2015-02-04 12:48 - 00000000 ____D () C:\AdwCleaner
2015-02-04 12:29 - 2015-02-04 12:29 - 00000415 _____ () C:\WINDOWS\WINNT32.LOG
2015-02-04 12:17 - 2010-07-12 07:55 - 00218112 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD62D.tmp
2015-02-04 12:17 - 2004-08-04 05:00 - 00041029 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD647.tmp
2015-02-04 12:17 - 2004-08-04 05:00 - 00036937 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD644.tmp
2015-02-04 12:17 - 2004-08-04 05:00 - 00029760 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD64D.tmp
2015-02-04 12:17 - 2004-08-04 05:00 - 00028288 _____ () C:\WINDOWS\system32\dllcache\xjis.nls
2015-02-04 12:17 - 2004-08-04 05:00 - 00005632 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD630.tmp
2015-02-04 12:17 - 2004-08-04 05:00 - 00004677 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD64A.tmp
2015-02-04 12:16 - 2004-08-04 05:00 - 00119808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD623.tmp
2015-02-04 12:15 - 2013-07-16 19:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD5E5.tmp
2015-02-04 12:15 - 2004-08-04 05:00 - 00032339 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD5DF.tmp
2015-02-04 12:11 - 2008-04-13 19:12 - 00538624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD573.tmp
2015-02-04 12:11 - 2004-08-04 05:00 - 00056832 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD561.tmp
2015-02-04 12:09 - 2004-08-04 05:00 - 02178131 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD519.tmp
2015-02-04 12:09 - 2004-08-04 05:00 - 00066113 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD516.tmp
2015-02-04 12:09 - 2004-08-04 05:00 - 00042573 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD51C.tmp
2015-02-04 12:07 - 2004-08-04 05:00 - 00753236 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD4CC.tmp
2015-02-04 12:07 - 2004-08-04 05:00 - 00048706 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD4C9.tmp
2015-02-04 12:07 - 2004-08-04 05:00 - 00042574 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD4CF.tmp
2015-02-04 12:06 - 2008-04-13 19:12 - 00281088 ____C (Cinematronics) C:\WINDOWS\system32\dllcache\OLD486.tmp
2015-02-04 12:06 - 2004-08-04 05:00 - 00083748 _____ () C:\WINDOWS\system32\dllcache\prcp.nls
2015-02-04 12:06 - 2004-08-04 05:00 - 00083748 _____ () C:\WINDOWS\system32\dllcache\prc.nls
2015-02-04 12:04 - 2013-07-03 21:08 - 02028544 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD43B.tmp
2015-02-04 12:02 - 2009-12-16 13:43 - 00343040 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD3FC.tmp
2015-02-04 12:02 - 2004-08-04 05:00 - 00126976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD3F3.tmp
2015-02-04 12:00 - 2004-08-04 05:00 - 00047066 _____ () C:\WINDOWS\system32\dllcache\ksc.nls
2015-02-04 11:57 - 2004-08-04 05:00 - 01175635 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD30C.tmp
2015-02-04 11:57 - 2004-08-04 05:00 - 00057409 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD309.tmp
2015-02-04 11:57 - 2004-08-04 05:00 - 00042573 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD30F.tmp
2015-02-04 11:56 - 2004-08-04 05:00 - 00605696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD2D8.tmp
2015-02-04 11:56 - 2004-08-04 05:00 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD2C3.tmp
2015-02-04 11:56 - 2001-08-17 12:10 - 00022090 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\OLD2B2.tmp
2015-02-04 11:56 - 2001-08-17 12:10 - 00022090 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\OLD2AF.tmp
2015-02-04 11:54 - 2001-08-17 12:10 - 00019996 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\OLD26B.tmp
2015-02-04 11:54 - 2001-08-17 12:10 - 00019996 _____ (3Com Corporation) C:\WINDOWS\system32\dllcache\OLD268.tmp
2015-02-04 11:52 - 2008-04-13 19:12 - 00102912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD1A2.tmp
2015-02-04 11:52 - 2004-08-04 05:00 - 01039955 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD1AB.tmp
2015-02-04 11:52 - 2004-08-04 05:00 - 00780885 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD186.tmp
2015-02-04 11:52 - 2004-08-04 05:00 - 00217160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD1A8.tmp
2015-02-04 11:52 - 2004-08-04 05:00 - 00080384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD17D.tmp
2015-02-04 11:52 - 2004-08-04 05:00 - 00042575 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD189.tmp
2015-02-04 11:52 - 2004-08-04 05:00 - 00040515 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD183.tmp
2015-02-04 11:51 - 2004-08-04 05:00 - 01817687 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLDD7.tmp
2015-02-04 11:51 - 2004-08-04 05:00 - 00195618 _____ () C:\WINDOWS\system32\dllcache\c_10002.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00189986 _____ () C:\WINDOWS\system32\dllcache\c_1361.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00187938 _____ () C:\WINDOWS\system32\dllcache\c_20005.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00186402 _____ () C:\WINDOWS\system32\dllcache\c_20001.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00185378 _____ () C:\WINDOWS\system32\dllcache\c_20003.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00180770 _____ () C:\WINDOWS\system32\dllcache\c_20932.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00180258 _____ () C:\WINDOWS\system32\dllcache\c_20004.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00180258 _____ () C:\WINDOWS\system32\dllcache\c_20000.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00177698 _____ () C:\WINDOWS\system32\dllcache\c_20949.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00177698 _____ () C:\WINDOWS\system32\dllcache\c_10003.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00173602 _____ () C:\WINDOWS\system32\dllcache\c_20936.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00173602 _____ () C:\WINDOWS\system32\dllcache\c_20002.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00173602 _____ () C:\WINDOWS\system32\dllcache\c_10008.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00162850 _____ () C:\WINDOWS\system32\dllcache\c_10001.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00114688 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD14E.tmp
2015-02-04 11:51 - 2004-08-04 05:00 - 00082501 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLDD4.tmp
2015-02-04 11:51 - 2004-08-04 05:00 - 00082172 _____ () C:\WINDOWS\system32\dllcache\bopomofo.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066728 _____ () C:\WINDOWS\system32\dllcache\big5.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066594 _____ () C:\WINDOWS\system32\dllcache\c_864.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066594 _____ () C:\WINDOWS\system32\dllcache\c_862.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066594 _____ () C:\WINDOWS\system32\dllcache\c_858.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066594 _____ () C:\WINDOWS\system32\dllcache\c_720.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_870.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_708.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_28596.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_21027.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_21025.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20924.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20880.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20871.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20838.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20833.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20424.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20423.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20420.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20297.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20290.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20285.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20284.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20280.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20278.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20277.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20273.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20269.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20108.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20107.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20106.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_20105.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1149.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1148.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1147.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1146.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1145.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1144.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1143.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1142.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1141.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1140.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_1047.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_10005.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00066082 _____ () C:\WINDOWS\system32\dllcache\c_10004.nls
2015-02-04 11:51 - 2004-08-04 05:00 - 00042577 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLDDA.tmp
2015-02-04 11:49 - 2013-07-03 22:03 - 02149888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\OLD51.tmp
2015-02-03 11:24 - 2015-02-03 11:24 - 00017025 _____ () C:\Documents and Settings\Katy\Desktop\stoicism nyt 2 2 15.txt
2015-02-03 11:15 - 2015-02-03 11:20 - 00000092 _____ () C:\Documents and Settings\Katy\Desktop\stoic.txt
2015-02-02 14:32 - 2015-02-02 14:32 - 00170998 _____ () C:\Documents and Settings\Katy\Local Settings\Application Data\ars.cache
2015-02-02 14:32 - 2015-02-02 14:32 - 00150328 _____ () C:\Documents and Settings\Katy\Local Settings\Application Data\census.cache
2015-02-02 13:56 - 2015-02-02 13:56 - 00000036 _____ () C:\Documents and Settings\Katy\Local Settings\Application Data\housecall.guid.cache
2015-02-02 10:44 - 2015-02-02 10:44 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-02-01 20:09 - 2015-02-03 09:09 - 00018944 _____ () C:\Documents and Settings\Katy\Desktop\FEBRUARY SPENDING RECORD 2015.xls
2015-02-01 15:38 - 2015-01-16 09:32 - 00450775 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20150201-153831.backup
2015-01-29 14:14 - 2015-01-29 14:14 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-29 13:46 - 2015-01-29 13:46 - 00053106 _____ () C:\Documents and Settings\Katy\Desktop\win 7 ultimate guide 1 29 15.txt
2015-01-28 21:28 - 2015-02-05 13:31 - 01123328 _____ (Farbar) C:\Documents and Settings\Katy\Desktop\FRST.exe
2015-01-26 18:24 - 2015-02-04 12:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 11:12 - 2015-01-25 11:12 - 00002086 _____ () C:\Documents and Settings\Katy\Application Data\PHRDQX
2015-01-25 11:12 - 2015-01-25 11:12 - 00001248 _____ () C:\Documents and Settings\Katy\Application Data\SHGGIKJF
2015-01-24 09:23 - 2015-01-24 09:25 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\POT STOX
2015-01-24 08:46 - 2015-01-24 08:46 - 00000331 _____ () C:\Documents and Settings\Katy\My Documents\be careful.txt
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Hewlett-Packard
2015-01-23 10:47 - 2015-01-23 10:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
2015-01-23 10:44 - 2015-01-23 10:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AdZe MiXXe
2015-01-23 07:19 - 2015-01-23 07:19 - 00013620 ____C () C:\Documents and Settings\Katy\My Documents\shais taub the steps we took etc.txt
2015-01-20 12:32 - 2015-01-18 20:43 - 00104194 ____C () C:\WINDOWS\hpoins04.dat.temp
2015-01-20 12:32 - 2004-06-22 10:04 - 00017176 ____C () C:\WINDOWS\hpomdl04.dat.temp
2015-01-20 12:32 - 2004-04-13 03:10 - 00581632 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpotscl.dll
2015-01-20 12:32 - 2004-04-13 03:10 - 00090112 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpovst08.dll
2015-01-20 12:32 - 2004-03-14 05:32 - 00278528 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpgwiamd.dll
2015-01-20 12:31 - 2004-04-07 09:34 - 00196608 _____ (HP) C:\WINDOWS\system32\hpzcoi10.dll
2015-01-20 12:31 - 2004-04-07 09:33 - 00344064 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\hpzcon10.dll
2015-01-20 12:31 - 2004-03-14 05:43 - 00180315 _____ (HP) C:\WINDOWS\system32\hpzsnt10.dll
2015-01-20 12:28 - 2015-01-23 10:47 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-01-20 12:28 - 2015-01-23 08:26 - 00000000 ____D () C:\Program Files\Hp
2015-01-20 09:54 - 2015-01-20 09:54 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\ProcAlyzer Dumps
2015-01-18 21:01 - 2015-02-02 21:01 - 00000302 _____ () C:\WINDOWS\Tasks\WebReg officejet 4200 series.job
2015-01-18 21:01 - 2015-01-18 21:01 - 00001053 ____C () C:\_Sid.txt
2015-01-18 20:11 - 2015-01-18 20:11 - 00000000 ____D () C:\Program Files\Common Files\HP
2015-01-18 20:09 - 2015-01-18 20:09 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2015-01-18 19:58 - 2015-01-20 12:34 - 00102032 _____ () C:\WINDOWS\hpoins04.dat
2015-01-18 19:58 - 2004-06-22 06:20 - 00017218 ____C () C:\WINDOWS\hpomdl04.dat
2015-01-16 09:32 - 2015-01-09 14:14 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150116-093242.backup
2015-01-13 20:11 - 2015-01-23 08:43 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\{7477016f-6628-718d-7477-7016f66205bd}
2015-01-12 20:52 - 2015-01-12 20:53 - 00059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2015-01-12 20:52 - 2015-01-12 20:52 - 00002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-11 10:21 - 2015-01-11 10:21 - 00074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2015-01-10 16:18 - 2015-01-10 16:18 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\Image Zone Express
2015-01-10 13:23 - 2015-01-10 13:23 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\Hewlett-Packard
2015-01-09 14:14 - 2015-01-06 11:39 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150109-141431.backup
2015-01-06 11:39 - 2015-01-03 09:12 - 00450775 ___RC () C:\WINDOWS\system32\Drivers\etc\hosts.20150106-113903.backup

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 13:31 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Temp
2015-02-05 13:24 - 2012-04-04 07:16 - 00701616 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-05 13:24 - 2012-04-04 07:16 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-05 13:24 - 2011-12-09 09:38 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-02-05 13:08 - 2011-02-22 08:01 - 01611824 ____C () C:\WINDOWS\WindowsUpdate.log
2015-02-05 13:04 - 2011-02-22 08:01 - 00000159 ____C () C:\WINDOWS\wiadebug.log
2015-02-05 13:04 - 2011-02-22 08:01 - 00000048 ____C () C:\WINDOWS\wiaservc.log
2015-02-05 13:01 - 2014-04-03 12:42 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-02-05 13:01 - 2004-08-10 13:08 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2015-02-05 13:00 - 2014-08-13 18:38 - 00065536 ____C () C:\WINDOWS\system32\config\SpybotSD.evt
2015-02-05 13:00 - 2012-08-27 16:05 - 00032622 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-05 13:00 - 2011-11-18 19:18 - 00196608 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2015-02-05 13:00 - 2006-07-22 16:51 - 00000278 __SHC () C:\Documents and Settings\Katy\ntuser.ini
2015-02-05 12:56 - 2011-01-13 16:15 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-02-05 12:56 - 2006-07-17 19:17 - 00000254 _____ () C:\boot.ini
2015-02-05 10:00 - 2014-07-20 20:09 - 00026583 _____ () C:\WINDOWS\setupact.log
2015-02-05 08:59 - 2012-03-21 06:39 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\NA
2015-02-05 08:59 - 2012-01-11 21:34 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\FUN
2015-02-05 08:59 - 2011-12-09 20:03 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\AA
2015-02-05 07:18 - 2004-08-10 12:51 - 00002206 ____C () C:\WINDOWS\system32\wpa.dbl
2015-02-04 20:50 - 2008-04-01 07:21 - 00006848 ____C () C:\WINDOWS\wininit.ini
2015-02-04 20:34 - 2014-02-21 15:08 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Lavasoft
2015-02-04 19:45 - 2014-08-12 09:15 - 00131072 ____C () C:\WINDOWS\system32\config\Spybot -.evt
2015-02-04 19:43 - 2014-07-30 18:48 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\Adobe
2015-02-04 19:41 - 2014-07-30 18:43 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2015-02-04 19:40 - 2006-08-01 20:48 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-02-04 19:28 - 2014-08-12 09:14 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-02-04 18:59 - 2014-02-24 10:33 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-02-04 18:58 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\Google
2015-02-04 12:57 - 2011-12-10 22:39 - 00002487 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2015-02-04 12:49 - 2006-07-22 16:51 - 00000000 ____D () C:\Documents and Settings\Katy
2015-02-04 12:49 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-02-04 12:49 - 2004-08-10 13:08 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-02-04 12:49 - 2004-08-10 13:02 - 00000000 ____D () C:\WINDOWS\Registration
2015-02-04 12:45 - 2011-12-10 22:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
2015-02-04 12:39 - 2014-10-12 17:25 - 00173971 ____C () C:\WINDOWS\setupapi.log
2015-02-04 12:37 - 2004-08-10 12:51 - 00001329 ____C () C:\WINDOWS\win.ini
2015-02-04 12:36 - 2011-11-23 14:56 - 00000000 ____D () C:\WINDOWS\SHELLNEW
2015-02-04 12:36 - 2004-08-10 12:57 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-04 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\Media
2015-02-04 12:35 - 2006-08-05 18:58 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-04 12:34 - 2004-08-10 13:04 - 00000000 ____D () C:\Program Files\microsoft frontpage
2015-02-04 12:34 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\system
2015-02-04 12:29 - 2011-12-05 09:57 - 00000853 ____C () C:\WINDOWS\DHCPUPG.LOG
2015-02-04 09:29 - 2012-07-03 07:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-03 10:38 - 2011-12-21 12:30 - 00000000 ___DC () C:\8fd3818fadf89c2779d8860803ef0cab
2015-02-03 08:58 - 2004-08-10 13:08 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2015-02-02 10:42 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\Help
2015-02-01 14:24 - 2004-08-10 13:04 - 00000175 ____C () C:\WINDOWS\control.ini
2015-01-31 17:34 - 2011-12-10 22:39 - 00002489 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2015-01-31 09:02 - 2009-03-16 09:58 - 00000420 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF912A38-04AF-4DEA-99F3-FBFD6C3CAF34}.job
2015-01-27 20:21 - 2006-08-05 19:02 - 00059312 ____C () C:\Documents and Settings\Katy\Application Data\GDIPFONTCACHEV1.DAT
2015-01-24 20:25 - 2014-10-18 22:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2015-01-24 19:50 - 2014-03-27 10:02 - 00002565 ____C () C:\Documents and Settings\Katy\Desktop\Microsoft Calculator Plus.lnk
2015-01-24 09:21 - 2011-12-09 20:04 - 00000000 ____D () C:\Documents and Settings\Katy\My Documents\MONEY
2015-01-23 10:49 - 2008-12-11 09:27 - 00243128 ____C () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-23 10:44 - 2013-08-14 07:20 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-23 10:43 - 2006-07-17 19:17 - 00000000 ___DC () C:\dell
2015-01-23 10:43 - 2006-07-17 19:11 - 00000000 ____D () C:\i386
2015-01-23 08:26 - 2011-12-08 21:07 - 00000000 ___DC () C:\unzipped
2015-01-22 09:24 - 2014-10-02 10:36 - 00002027 ____C () C:\Documents and Settings\Katy\My Documents\swank critical.txt
2015-01-20 13:10 - 2011-12-18 12:21 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2015-01-20 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\twain_32
2015-01-20 12:34 - 2008-12-03 11:55 - 00012964 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-01-20 12:30 - 2006-07-22 19:36 - 00059312 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-01-20 11:31 - 2014-07-20 18:28 - 00000724 ____C () C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-01-20 11:31 - 2011-12-08 20:32 - 00000730 ____C () C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-15 10:14 - 2006-07-23 08:43 - 110348472 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-14 12:36 - 2004-08-10 12:52 - 00000000 ____D () C:\WINDOWS\pchealth
2015-01-12 21:00 - 2009-08-15 14:23 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HpUpdate
2015-01-11 11:05 - 2011-12-09 08:41 - 00000000 ____D () C:\Program Files\Savings Bond Wizard
2015-01-10 13:36 - 2008-12-03 13:12 - 00000000 ____D () C:\Documents and Settings\Katy\Application Data\HP
2015-01-08 15:00 - 2014-04-03 12:42 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

==================== Files in the root of some directories =======

2006-08-27 16:27 - 2008-07-26 19:15 - 0004096 ____C () C:\Documents and Settings\Katy\Application Data\dvd.bmk
2015-01-12 20:52 - 2015-01-12 20:52 - 0002048 ____C () C:\Documents and Settings\Katy\Application Data\HPSU_48BitScanUpdate.log
2015-01-12 20:52 - 2015-01-12 20:53 - 0059328 ____C () C:\Documents and Settings\Katy\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
2006-07-28 06:32 - 2006-07-28 06:32 - 0012358 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JCM.{PB
2006-07-28 06:32 - 2006-07-28 06:32 - 0061678 ____C () C:\Documents and Settings\Katy\Application Data\PFP120JPR.{PB
2015-01-25 11:12 - 2015-01-25 11:12 - 0002086 _____ () C:\Documents and Settings\Katy\Application Data\PHRDQX
2015-02-04 19:42 - 2015-02-04 19:42 - 1513432 _____ (Cinema PlusV04.02) C:\Documents and Settings\Katy\Application Data\PHRDQX.exe
2015-01-25 11:12 - 2015-01-25 11:12 - 0001248 _____ () C:\Documents and Settings\Katy\Application Data\SHGGIKJF
2015-02-04 19:41 - 2015-02-04 19:41 - 2002392 _____ (Cinema PlusV04.02) C:\Documents and Settings\Katy\Application Data\SHGGIKJF.exe
2015-01-11 10:21 - 2015-01-11 10:21 - 0074143 ____C () C:\Documents and Settings\Katy\Application Data\Update_HP_RedboxHprblog_HPSU.log
2015-02-02 14:32 - 2015-02-02 14:32 - 0170998 _____ () C:\Documents and Settings\Katy\Local Settings\Application Data\ars.cache
2015-02-02 14:32 - 2015-02-02 14:32 - 0150328 _____ () C:\Documents and Settings\Katy\Local Settings\Application Data\census.cache
2008-08-24 17:23 - 2011-01-12 10:24 - 0004608 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-07-23 07:45 - 2006-07-23 07:45 - 0000127 ____C () C:\Documents and Settings\Katy\Local Settings\Application Data\fusioncache.dat
2015-02-02 13:56 - 2015-02-02 13:56 - 0000036 _____ () C:\Documents and Settings\Katy\Local Settings\Application Data\housecall.guid.cache

Some content of TEMP:
====================
C:\Documents and Settings\Katy\Local Settings\Temp\8594.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-02-2015 01
Ran by Katy at 2015-02-05 13:32:49
Running from C:\Documents and Settings\Katy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Anti-Virus Free (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

aaquotes (HKLM\...\ST5UNST #1) (Version: - )
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1703.41614 - ABBYY Software House)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AiO_Scan (Version: 43.0.217.000 - Hewlett-Packard) Hidden
AOLIcon (Version: 1.00.0000 - Dell) Hidden
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )
Dell CinePlayer (HKLM\...\{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}) (Version: 3.0 - Dell)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Digital Content Portal (HKLM\...\{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}) (Version: 1.00.0000 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc)
DocProc (Version: 7.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Documentation & Support Launcher (HKLM\...\{B0DF58A2-40DF-4465-AA56-38623EC9938C}) (Version: 1.00.0000 - Dell Inc.)
e-AA lite (HKLM\...\e-AA lite_is1) (Version: v1.11 - The Anonymous Press)
ELIcon (Version: 1.00.0000 - Dell) Hidden
Enterprise (Version: 43.0.217.000 - Hewlett-Packard) Hidden
Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP PSC & Officejet 4.2 Corporate Edition (HKLM\...\{AC1314E7-D28C-40A1-B322-80D2868D35CE}) (Version: - HP)
HP Support Solutions Framework (HKLM\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
InstantShareAlert (Version: 1.00.0000 - HP) Hidden
Intel(R) Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel(R) PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - )
Intel(R) PROSet for Wired Connections (HKLM\...\{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}) (Version: 8.00.5000 - Dell)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Mah Jongg - The REAL Game! (HKLM\...\Mah Jongg - The REAL Game!) (Version: - )
MCU (Version: 1.00.0000 - Dell) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft Calculator Plus (HKLM\...\{83073C45-3003-4671-9A86-243AAADD915A}) (Version: 1.0.0 - Microsoft)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM\...\{90110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 2.40 - BVRP Software)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.12 - BVRP Software, Inc)
OCR Software by I.R.I.S 7.0 (HKLM\...\HPOCR) (Version: 7.0 - HP)
Professor Teaches Access 2000 (HKLM\...\Professor Teaches Access 2000) (Version: - )
Professor Teaches Access 2002 (HKLM\...\Professor Teaches Access 2002) (Version: 3.0 - Individual Software, Inc.)
Professor Teaches Excel 2000 (HKLM\...\Professor Teaches Excel 2000) (Version: - )
Professor Teaches Excel 2002 (HKLM\...\Professor Teaches Excel 2002) (Version: 3.0 - Individual Software, Inc.)
Professor Teaches FrontPage 2002 (HKLM\...\Professor Teaches FrontPage 2002) (Version: 3.0 - Individual Software, Inc.)
Professor Teaches Outlook 2000 (HKLM\...\Professor Teaches Outlook 2000) (Version: - )
Professor Teaches Outlook 2002 (HKLM\...\Professor Teaches Outlook 2002) (Version: 3.0 - Individual Software, Inc.)
Professor Teaches PowerPoint 2000 (HKLM\...\Professor Teaches PowerPoint 2000) (Version: - )
Professor Teaches PowerPoint 2002 (HKLM\...\Professor Teaches PowerPoint 2002) (Version: 3.0 - Individual Software, Inc.)
Professor Teaches Windows XP Home Edition (HKLM\...\Professor Teaches Windows XP Home Edition) (Version: 4.0 - Individual Software, Inc.)
Professor Teaches Word 2000 (HKLM\...\Professor Teaches Word 2000) (Version: - )
Professor Teaches Word 2002 (HKLM\...\Professor Teaches Word 2002) (Version: 3.0 - Individual Software, Inc.)
Roxio DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 5.2.0 - Roxio)
Roxio MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.6 - Roxio)
Roxio RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Roxio)
Roxio RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Roxio)
Roxio RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Roxio)
Savings Bond Wizard (HKLM\...\Savings Bond Wizard) (Version: - )
Scan (Version: 4.1.0.0 - Hewlett-Packard) Hidden
Scrabble (HKLM\...\Scrabble) (Version: - )
Search Assist (HKLM\...\{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}) (Version: 1.00.0000 - Dell)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.4 - Tweaking.com)
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
WebCyberCoach 3.2 Dell (HKLM\...\WebCyberCoach_wtrb) (Version: - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Wellness (HKLM\...\{E7DB1937-44D9-4DD7-9704-46BDCACD9DD0}) (Version: 4.5 - Zentrum Publishing)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0018.5 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20061107.210142 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinZip (HKLM\...\WinZip) (Version: 9.0 (6028) - WinZip Computing, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Katy\Application Data\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Katy\Application Data\Dropbox\bin\Dropbox.exe /wiacallback No File

==================== Restore Points =========================

07-12-2014 03:01:58 System Checkpoint
09-12-2014 10:03:13 System Checkpoint
10-12-2014 09:51:25 Software Distribution Service 3.0
15-12-2014 11:19:34 System Checkpoint
17-12-2014 18:45:45 System Checkpoint
19-12-2014 10:27:10 System Checkpoint
21-12-2014 14:34:04 System Checkpoint
22-12-2014 13:51:03 Restore Operation
22-12-2014 13:58:35 Software Distribution Service 3.0
22-12-2014 15:46:26 Restore Operation
26-12-2014 18:52:22 Removed Across Lite
31-12-2014 13:27:45 System Checkpoint
03-01-2015 09:34:01 System Checkpoint
05-01-2015 08:42:34 System Checkpoint
06-01-2015 09:38:57 System Checkpoint
09-01-2015 15:00:45 System Checkpoint
10-01-2015 13:22:58 Installed HP Support Solutions Framework
10-01-2015 13:54:01 Printer Driver HP Officejet 5600 series fax Installed
11-01-2015 10:19:22 Removed HP Software Update
12-01-2015 21:00:19 Installed HP Product Assistant
13-01-2015 20:16:10 Restore Operation
13-01-2015 20:22:04 Software Distribution Service 3.0
14-01-2015 12:51:09 Removed HP Support Solutions Framework
14-01-2015 12:53:52 Removed HP Update.
15-01-2015 09:59:35 Restore Operation
15-01-2015 10:14:15 Software Distribution Service 3.0
17-01-2015 05:06:29 System Checkpoint
18-01-2015 19:42:15 Installed HP Support Solutions Framework
18-01-2015 20:14:22 Printer Driver hp officejet 4200 series fax Installed
19-01-2015 08:38:01 Restore Operation
19-01-2015 08:51:23 Restore Operation
19-01-2015 09:06:37 Software Distribution Service 3.0
19-01-2015 10:13:08 Restore Operation
20-01-2015 10:58:48 System Checkpoint
20-01-2015 12:28:41 Installed HP Support Solutions Framework
22-01-2015 07:48:36 System Checkpoint
23-01-2015 08:24:59 Restore Operation
23-01-2015 08:49:34 Software Distribution Service 3.0
23-01-2015 10:34:38 Restore Operation
25-01-2015 16:13:08 System Checkpoint
26-01-2015 18:38:05 System Checkpoint
28-01-2015 08:10:41 System Checkpoint
29-01-2015 09:41:49 System Checkpoint
31-01-2015 21:26:22 System Checkpoint
02-02-2015 05:55:58 System Checkpoint
04-02-2015 11:26:21 System Checkpoint
04-02-2015 12:35:08 Installed Microsoft Office 2000 Professional
04-02-2015 12:44:38 Restore Operation
04-02-2015 13:27:59 avast! antivirus system restore point
04-02-2015 18:10:51 avast! antivirus system restore point
04-02-2015 18:21:41 Restore Operation
04-02-2015 18:25:35 Restore Operation
04-02-2015 18:30:26 Restore Operation
04-02-2015 18:36:50 Restore Operation
04-02-2015 18:44:03 Restore Operation
04-02-2015 18:48:52 Restore Operation
04-02-2015 18:55:33 Restore Operation
04-02-2015 19:01:06 Restore Operation
04-02-2015 19:07:03 Restore Operation
04-02-2015 19:15:28 LavasoftWeCompanion
04-02-2015 20:30:31 LavasoftWeCompanion

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-10 12:51 - 2015-02-01 15:38 - 00450775 ___RC C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 1spybot.com
127.0.0.1 www.1spybot.com
127.0.0.1 1stantivirus.com
127.0.0.1 www.1stantivirus.com
127.0.0.1 1stpagehere.com
127.0.0.1 www.1stpagehere.com
127.0.0.1 1stsearchportal.com
127.0.0.1 www.1stsearchportal.com
127.0.0.1 2-2005-search.com
127.0.0.1 www.2-2005-search.com
127.0.0.1 2.82211.net
127.0.0.1 2006ooo.com
127.0.0.1 www.2006ooo.com
127.0.0.1 2007-download.com
127.0.0.1 www.2007-download.com
127.0.0.1 2008-search-destroy.com
127.0.0.1 www.2008-search-destroy.com
127.0.0.1 2008-viewer.com
127.0.0.1 www.2008-viewer.com
127.0.0.1 2008firefox.com
127.0.0.1 www.2008firefox.com
127.0.0.1 2008search-destroy.com
127.0.0.1 www.2008search-destroy.com
127.0.0.1 2009--access.com
127.0.0.1 www.2009--access.com
127.0.0.1 2009-edition.com
127.0.0.1 www.2009-edition.com
127.0.0.1 2009-phone.com
127.0.0.1 www.2009-phone.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\PHRDQX.job => C:\Documents and Settings\Katy\Application Data\PHRDQX.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\SHGGIKJF.job => C:\Documents and Settings\Katy\Application Data\SHGGIKJF.exe
Task: C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
Task: C:\WINDOWS\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job => C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{FF912A38-04AF-4DEA-99F3-FBFD6C3CAF34}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\WebReg officejet 4200 series.job => C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe

==================== Loaded Modules (whitelisted) ==============


==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\explorer.exe:SummaryInformation
AlternateDataStreams: C:\WINDOWS\explorer.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\wmp11Uninst.log:SummaryInformation
AlternateDataStreams: C:\WINDOWS\wmp11Uninst.log:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2BDCFAD6
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:2D5907B8
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D158BAF9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Katy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1226216386-1621485569-1288477537-500 - Administrator - Enabled)
Guest (S-1-5-21-1226216386-1621485569-1288477537-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1226216386-1621485569-1288477537-1005 - Limited - Disabled)
Katy (S-1-5-21-1226216386-1621485569-1288477537-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Katy
SUPPORT_388945a0 (S-1-5-21-1226216386-1621485569-1288477537-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/05/2015 01:09:03 PM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.

Error: (02/05/2015 07:24:06 AM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.

Error: (02/04/2015 08:58:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application gentlemjmp_ieeuu.tmp, version 51.52.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/04/2015 07:16:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 35.0.1.5500, faulting module mozalloc.dll, version 35.0.1.5500, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (02/04/2015 07:13:35 PM) (Source: Ci) (EventID: 4118) (User: )
Description: A content scan could not be completed on c:\.

Error: (02/04/2015 07:06:49 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
The content index cannot be read. (0xc0041800)

Error: (02/04/2015 07:06:49 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index cannot be read. (0xc0041800)

Error: (02/04/2015 07:06:49 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index cannot be read. (0xc0041800)

Error: (02/04/2015 07:06:49 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.

Context: Windows Application, SystemIndex Catalog


Details:
0xc0041801 (0xc0041801)

Error: (02/04/2015 06:48:41 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
The content index cannot be read. (0xc0041800)


System errors:
=============
Error: (02/05/2015 01:24:59 PM) (Source: WPDMTPDriver) (EventID: 15300) (User: )
Description: MTP WPD Driver has failed to start. Error 0x8007048f.

Error: (02/05/2015 01:08:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx86
ccSet_NIS
SymIRON
SYMTDI
wpnfd_1_10_0_6

Error: (02/05/2015 01:05:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Start Menu Video Camera service failed to start due to the following error:
%%2

Error: (02/05/2015 01:05:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The JO Service component service failed to start due to the following error:
%%2

Error: (02/05/2015 01:05:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (02/05/2015 01:05:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (02/05/2015 01:05:14 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Norton Internet Security service terminated with service-specific error 4294967295 (0xFFFFFFFF).

Error: (02/05/2015 01:05:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%1053

Error: (02/05/2015 01:05:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the HP Support Solutions Framework Service service to connect.

Error: (02/05/2015 01:05:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The globalUpdate Update Service (globalUpdate) service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (02/05/2015 01:09:03 PM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\

Error: (02/05/2015 07:24:06 AM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\

Error: (02/04/2015 08:58:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: gentlemjmp_ieeuu.tmp51.52.0.0hungapp0.0.0.000000000

Error: (02/04/2015 07:16:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.5500mozalloc.dll35.0.1.550000001425

Error: (02/04/2015 07:13:35 PM) (Source: Ci) (EventID: 4118) (User: )
Description: c:\

Error: (02/04/2015 07:06:49 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application


Details:
The content index cannot be read. (0xc0041800)

Error: (02/04/2015 07:06:49 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index cannot be read. (0xc0041800)

Error: (02/04/2015 07:06:49 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index cannot be read. (0xc0041800)
Search.TripoliIndexer

Error: (02/04/2015 07:06:49 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
0xc0041801 (0xc0041801)

Error: (02/04/2015 06:48:41 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application


Details:
The content index cannot be read. (0xc0041800)


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 2.53GHz
Percentage of memory in use: 30%
Total physical RAM: 2045.98 MB
Available physical RAM: 1423.86 MB
Total Pagefile: 3431.36 MB
Available Pagefile: 2921.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1928.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:52.7 GB) (Free:31.16 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Backup) (Fixed) (Total:18.61 GB) (Free:18.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=52.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.1 GB) - (Type=DB)

==================== End Of Log ============================
 
Hi Katy1,

As you are well aware you are running an out dated operating system (Windows XP). You also have an older computer with a slower processor 2.53GHz and a minimal amount of RAM : 2045.98 MB (Random Access Memory). These are the primary contributing factors that are contributing to the slowness of your computer.

If it is in your budget an new computer would be your best avenue to take. If it's not, the if your computer's RAM can be expanded you could always add some new RAM modules which is rather affordable these days. If you would like some additional information on this let me know.

You did also stated that you do not have the Windows XP installation disks, correct?

=========================

Multiple Anti-Virus Programs Installed

I notice that you have both AVG Anti-Virus Free and Norton Internet Security installed at the same time. Having more than one antivirus program running at the same time can seriously degrade the performance of your system.

Please uninstall either AVG Anti-Virus Free or Norton Internet Security (which ever you prefer) using either the provided uninstall feature that is part of the antivirus program or through Add/Remove Programs (for Vista and Win 7 users to go to Programs and Features in the Control Panel). As a rule of thumb one should run one firewall, one antivirus program in memory, and one anti-spyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.

=========================

FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

Code: 
Start
CloseProcesses:
HKLM\...\Run: [gmsd_us_178] => [X]
HKLM\...\Run: [upgmsd_us_178.exe] => C:\Documents and Settings\Katy\Local Settings\Application Data\gmsd_us_178\upgmsd_us_178.exe -runhelper
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKU\S-1-5-21-1226216386-1621485569-1288477537-1006\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> DefaultScope URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> DefaultScope {7ad9fd96-42e6-497b-8495-a40df0cc61e2} URL = http://www.bing.com/search?pc=COSP&ptag=D020515-AC44713A88D0B45FFA7F&form=CONBDF&conlogo=CT3331981&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1226216386-1621485569-1288477537-1006 -> {7ad9fd96-42e6-497b-8495-a40df0cc61e2} URL = http://www.bing.com/search?pc=COSP&ptag=D020515-AC44713A88D0B45FFA7F&form=CONBDF&conlogo=CT3331981&q={searchTerms}
2015-02-04 19:42 - 2015-02-05 13:09 - 00001370 _____ () C:\WINDOWS\Tasks\PHRDQX.job
2015-02-04 19:42 - 2015-02-04 19:42 - 01513432 _____ (Cinema PlusV04.02) C:\Documents and Settings\Katy\Application Data\PHRDQX.exe
2015-02-04 19:41 - 2015-02-05 13:09 - 00001718 _____ () C:\WINDOWS\Tasks\SHGGIKJF.job
2015-02-04 19:41 - 2015-02-05 13:01 - 00000956 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-02-04 19:41 - 2015-02-05 07:46 - 00000960 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-02-04 19:41 - 2015-02-04 19:41 - 02002392 _____ (Cinema PlusV04.02) C:\Documents and Settings\Katy\Application Data\SHGGIKJF.exe
2015-02-04 19:41 - 2015-02-04 19:41 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\globalUpdate
2015-02-04 19:37 - 2015-02-04 20:22 - 00000000 ____D () C:\Documents and Settings\Katy\Local Settings\Application Data\gmsd_us_178
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\PHRDQX.job => C:\Documents and Settings\Katy\Application Data\PHRDQX.exe
C:\Documents and Settings\Katy\Application Data\PHRDQX.exe
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

Re-run Farbar Recovery Scan Tool it should be on your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================

In your next post please provide the following:
  • Fixlog.txt
  • new FRST.txt
  • Any change in performance?
 
Hi OCD, :)

- No I do not have XP installation disks.

- AVG and Norton are not in my Add/Remove files. AVG gave me a lot of problems years ago and I thought I deleted it; same with Norton. I thought Norton was supplanted by PC Tools and later Spybot (?)

- FRST Fix script. Won't let me cut/paste text the code you provided for Fixlog.txt on notepad. I went down the list with my mouse, right clicked and got 'save page as, select all, view page source, page info, and inspect element (O).

I'll stop and wait for next instruction.

Katy
 
Hi Katy1,

Below is parts of the Security Check and FRST - addition.txt logs. I have highlighted the security software that you currently have installed on your machine. Just because the program doesn't show in your Add/Remove program menu doesn't necessarily mean they still aren't present on your computer.

These show that you have Windows Firewall disabled, AVG Anti-virus disabled, Norton Anti-virus disabled and Norton Firewall disabled. And for general information SpyBot does not contain an anti-virus component unless you have the paid version.

Are these all disabled because you were running the scan or do you no longer use them?
Results of screen317's Security Check version 0.99.95
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Java 7 Update 71
Java 64-bit 8 Update 31
Adobe Flash Player 16.0.0.296
Adobe Reader XI
Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

=========================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-01-2015 01
Ran by Katy at 2015-01-28 21:36:30
Running from C:\Documents and Settings\Katy\Desktop
Boot Mode: Normal

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Anti-Virus Free (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
Click to expand...

=========================

Please re-enable the Windows Firewall now.

Enable Windows Firewall in XP

  • Click Start, click Run, type Firewall.cpl, and then click OK.
  • On the General tab, click On (recommended).
  • Click OK.
=========================

Next, install a Free Anti-Virus
=========================

FRST Fix script. Won't let me cut/paste text the code you provided for Fixlog.txt on notepad. I went down the list with my mouse, right clicked and got 'save page as, select all, view page source, page info, and inspect element (O).
Click to expand...

You have done this step before, have you changed how you do it?

Try this:
  • Open Notepad. Navigate to the FRST script I posted for you.
  • Next, in the "code box" above Left click the word "Start" and hold the mouse button down.
  • Drag the mouse down the text (within the code box) until you get to the word "End", release the mouse button.
  • All the text should now be highlighted.
  • Right click the highlighted text and choose "Copy"
  • Go to the open Notepad window, right click anywhere in the "white space" and choose "Paste"
  • Now save that Notepad file as "fixlist.txt" to your Desktop and follow the remainder of the instructions to process the FRST script fix.
=========================

In your next post please provide the following:
  • Fixlog.txt
  • new FRST.txt
 
Hi OCD,

-I don't know why the antiviruses are on my machine. I only use Spybot paid home version with antivirus.

-Enabled windows firewall. Thank you!

- did not download a free antivirus because I use Spybots.

- (lol) I don't understand why I can't highlight the code you sent; I did it before of course, but it won't let me now. Tried repeatedly. Nada.

Next? Thank you.

Katy
 
Hi Katy1,

This has to do with some application that's having a lock over the Windows
Clipboard. David Candy's application should determine the Process that's
causing the problem.

Download GetOpenClipboardWindow.zip from here:
http://windowsxp.mvps.org/temp/GetOp...oardWindow.zip

Unzip and run the tool. Post back what it reports. For best results, run
this utility during the time you encounter the Copy<=>Paste problem.

=========================

NEW STEPS ADDED TO INITIAL POST

=========================

We are encountering a lot of issues that we shouldn't be. Let's try and repair some of those issues so we can complete our other tasks easier.

Save these instructions to wordpad/notepad or print them out, while some of the fix will have to be done in safemode this page will not be available for you to follow.

Reboot Windows XP in Safe Mode w/ Networking
  • Restart your computer.
  • When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
  • Select the option for Safe Mode w/ Networking using the arrow keys.
  • Then press enter on your keyboard to boot into Safe Mode w/ Networking.

=========================

I previously had you download Tweaking All in One , please open the program again.

Locate the Repairs tab



Next click Open Repairs



Select only the options as outlined in the image. Others may be selected by default



=========================

Reboot into Normal Mode

=========================

Your hard drive is severly fragmented.

Run the Windows Defrag Tool now.
  • Open My Computer.
  • Right-click the local disk volume that you want to defragment, and then click Properties.
  • On the Tools tab, click Defragment Now.
  • Click Defragment.

=========================

Reboot when it has completed.

=========================

After the above steps have completed go back to post #36 http://forums.spybot.info/showthrea...ly-removed-(-)&p=461837&viewfull=1#post461837 and complete the tasks requested
 
Last edited:
Status
Not open for further replies.
Back
Top