Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows xp runs very slow on internet only.


  • Please log in to reply

#1
oneshot5072

oneshot5072

    New Member

  • Member
  • Pip
  • 4 posts

Good Morning,I'm trying to figure this out. This computer works great, until you get on the internet. The wife only uses this for surfing and checking her accts. I have run mbam, spybot, and comodo and can find nothing. I have noticed one thing, when I tried to go into safe mode, it would not let me. I could not move the curser with the arrow keys. The lights on the keyboard were not lit. I am a novice at best and any help keeping this old bugger going would be greatly appreciated. This computer has windows xp pro sp3, uses firefox browser, has ie8, and has all updates prior to support end. Also, spent a little time on this computer this am and noticed ads coming from left side and bottom of screen when I visited my regular news sites. Thanks.

OTL logfile created on: 2/10/2015 12:29:31 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Lisa\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
511.48 Mb Total Physical Memory | 202.60 Mb Available Physical Memory | 39.61% Memory free
1.97 Gb Paging File | 1.37 Gb Available in Paging File | 69.39% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.55 Gb Total Space | 61.44 Gb Free Space | 82.42% Space Free | Partition Type: NTFS
 
Computer Name: MOMS | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/02/10 00:26:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa\My Documents\Downloads\OTL.exe
PRC - [2015/02/09 19:46:09 | 001,885,400 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
PRC - [2015/02/09 19:45:25 | 007,827,160 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cis.exe
PRC - [2015/02/09 19:45:25 | 001,243,864 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
PRC - [2015/02/09 19:45:18 | 005,868,440 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2015/02/01 08:29:36 | 000,338,032 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/10/23 06:15:31 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2009/03/27 21:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/10/31 09:51:52 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/02/01 08:29:27 | 003,925,104 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2005/05/03 06:38:42 | 000,064,512 | ---- | M] () -- C:\WINDOWS\system32\P17.dll
MOD - [2004/06/10 18:46:34 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2015/02/09 19:45:22 | 001,664,216 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV - [2015/02/09 19:45:18 | 005,868,440 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (CmdAgent)
SRV - [2015/02/01 16:56:19 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/10/23 06:15:31 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/11/16 01:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2009/03/27 21:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2015/01/30 07:27:52 | 000,105,560 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2015/01/30 07:27:52 | 000,029,912 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2015/01/30 07:27:51 | 000,620,120 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2015/01/30 07:27:51 | 000,015,576 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2009/08/13 14:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/08 14:48:38 | 000,308,096 | ---- | M] (CamVendor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cam3820a.sys -- (Cam3820)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/06/15 01:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005/01/10 09:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 09:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/06/10 18:57:04 | 000,746,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/10/20 22:23:00 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2003/10/20 22:20:56 | 000,104,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2003/01/29 02:29:34 | 000,008,703 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2002/04/03 18:33:18 | 000,045,568 | ---- | M] (CNet Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2001/08/17 11:50:40 | 000,041,216 | ---- | M] (S3 Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3mt3d.sys -- (S3Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.charter.n...le/index.php?q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/...6EQLLuTwEdG2vAI
IE - HKCU\..\SearchScopes,DefaultScope = {D014A440-4234-4CF1-BA85-86294B2CD65F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{D014A440-4234-4CF1-BA85-86294B2CD65F}: "URL" = http://www.google.co...&rlz=1I7ADSA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2015/02/01 08:28:58 | 000,000,000 | ---D | M]
 
[2012/07/05 01:43:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Extensions
[2015/02/01 08:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\iniqwvx4.default-1422796315265\extensions
[2012/09/20 09:31:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\vfjce5tv.default\extensions
[2013/02/18 10:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\vfjce5tv.default\extensions\[email protected]
[2015/02/01 08:28:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015/02/01 08:29:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2012/02/06 17:31:36 | 000,441,096 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15164 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains:   ([]msn in My Computer)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1284943085028 (WUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...pdetect114a.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.71.2)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.71.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10C157B7-B8D2-4319-B061-4907CC790366}: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10C157B7-B8D2-4319-B061-4907CC790366}: NameServer = 156.154.70.22,156.154.71.22
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Lisa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Lisa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/19 19:14:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/02/09 19:50:35 | 000,000,000 | -H-D | C] -- C:\VTRoot
[2015/02/09 18:43:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lisa\Recent
[2015/02/01 08:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2015/01/23 13:53:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Shared Space
[2015/01/23 13:07:31 | 226,075,376 | ---- | C] (COMODO) -- C:\Documents and Settings\Lisa\My Documents\cav_installer_3264_29
[2015/01/23 11:37:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2015/01/22 15:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa\Local Settings\Application Data\tjnet
[2015/01/21 18:43:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2015/01/21 18:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa\Local Settings\Application Data\magicJack
[2015/01/21 18:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lisa\Application Data\mjusbsp
[2015/01/16 22:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox.bak
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/02/10 00:35:10 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
[2015/02/10 00:34:29 | 000,671,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2015/02/10 00:15:04 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
[2015/02/10 00:06:03 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
[2015/02/10 00:06:03 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
[2015/02/10 00:05:11 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2015/02/10 00:04:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2015/02/10 00:04:48 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2015/02/09 22:57:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2015/02/09 22:31:24 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2015/02/09 21:50:01 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1085031214-813497703-725345543-1004UA.job
[2015/02/09 20:31:30 | 000,000,999 | ---- | M] () -- C:\Documents and Settings\Lisa\Desktop\magicJack.lnk
[2015/02/09 19:51:31 | 000,004,410 | ---- | M] () -- C:\WINDOWS\System32\drivers\fvstore.dat
[2015/02/09 19:50:25 | 000,508,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2015/02/09 19:50:25 | 000,091,198 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2015/02/09 19:49:46 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2015/02/09 19:35:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2015/02/09 09:50:00 | 000,000,972 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1085031214-813497703-725345543-1004Core.job
[2015/02/08 15:00:00 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2015/02/05 02:38:23 | 000,007,486 | ---- | M] () -- C:\Documents and Settings\Lisa\My Documents\cc_20150205_023812.reg
[2015/02/05 02:36:05 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2015/01/30 07:27:52 | 000,105,560 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2015/01/30 07:27:52 | 000,029,912 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2015/01/30 07:27:51 | 000,620,120 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2015/01/30 07:27:51 | 000,015,576 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2015/01/30 07:27:46 | 000,033,520 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2015/01/30 07:27:45 | 000,386,768 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2015/01/30 07:27:35 | 000,286,424 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdvrt32.dll
[2015/01/30 07:27:34 | 000,040,664 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdkbd32.dll
[2015/01/23 13:46:44 | 000,000,780 | ---- | M] () -- C:\WINDOWS\System32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2015/01/23 13:36:48 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2015/01/23 13:08:23 | 226,075,376 | ---- | M] (COMODO) -- C:\Documents and Settings\Lisa\My Documents\cav_installer_3264_29
[2015/01/23 12:06:03 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2015/01/23 11:02:25 | 000,480,580 | ---- | M] () -- C:\Documents and Settings\Lisa\My Documents\cc_20150123_110205.reg
[2015/01/23 00:23:09 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Lisa\Desktop\Shortcut to Internet.lnk
[2015/01/22 23:56:08 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\Lisa\Desktop\Malwarebytes Anti-Malware.lnk
[2015/01/22 23:55:34 | 000,000,945 | ---- | M] () -- C:\Documents and Settings\Lisa\Desktop\Spybot - Search & Destroy.lnk
[2015/01/22 23:54:49 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Lisa\Desktop\Defraggler.lnk
[2015/01/22 23:42:58 | 000,001,532 | ---- | M] () -- C:\Documents and Settings\Lisa\Desktop\Disk Cleanup.lnk
[2015/01/22 23:42:29 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Lisa\Desktop\CCleaner.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/02/09 19:50:27 | 000,004,410 | ---- | C] () -- C:\WINDOWS\System32\drivers\fvstore.dat
[2015/02/05 02:38:21 | 000,007,486 | ---- | C] () -- C:\Documents and Settings\Lisa\My Documents\cc_20150205_023812.reg
[2015/01/23 23:18:00 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Lisa\Desktop\Internet Explorer.lnk
[2015/01/23 13:57:05 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
[2015/01/23 13:57:05 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
[2015/01/23 13:57:05 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
[2015/01/23 13:57:04 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
[2015/01/23 13:55:33 | 000,671,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2015/01/23 13:53:43 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2015/01/23 13:46:44 | 000,000,780 | ---- | C] () -- C:\WINDOWS\System32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2015/01/23 11:02:11 | 000,480,580 | ---- | C] () -- C:\Documents and Settings\Lisa\My Documents\cc_20150123_110205.reg
[2015/01/23 00:23:09 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Lisa\Desktop\Shortcut to Internet.lnk
[2015/01/22 23:56:08 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\Lisa\Desktop\Malwarebytes Anti-Malware.lnk
[2015/01/22 23:55:34 | 000,000,945 | ---- | C] () -- C:\Documents and Settings\Lisa\Desktop\Spybot - Search & Destroy.lnk
[2015/01/22 23:54:49 | 000,001,592 | ---- | C] () -- C:\Documents and Settings\Lisa\Desktop\Defraggler.lnk
[2015/01/22 23:42:58 | 000,001,532 | ---- | C] () -- C:\Documents and Settings\Lisa\Desktop\Disk Cleanup.lnk
[2015/01/22 23:42:29 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Lisa\Desktop\CCleaner.lnk
[2015/01/22 18:35:02 | 000,000,999 | ---- | C] () -- C:\Documents and Settings\Lisa\Desktop\magicJack.lnk
[2015/01/21 18:42:49 | 000,001,005 | ---- | C] () -- C:\Documents and Settings\Lisa\Start Menu\Programs\magicJack.lnk
[2013/10/31 16:40:03 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2013/10/14 23:06:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/10/14 18:40:41 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\KmRemove.exe
 
========== ZeroAccess Check ==========
 
[2010/09/19 23:25:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/09/28 16:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Tool
[2012/09/20 09:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GFI Software
[2015/01/21 18:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2015/01/23 13:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Shared Space
[2011/04/01 23:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2014/07/07 02:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{C585085B-79A8-423C-B04B-77DD30E9C195}
[2012/08/31 06:40:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Ad-Aware Antivirus
[2013/10/14 18:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\ElevatedDiagnostics
[2010/09/21 15:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\InterTrust
[2015/02/09 20:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\mjusbsp
[2011/09/28 16:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\ooVoo Details
[2014/07/07 12:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\Oracle
[2015/01/22 15:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\SoftGrid Client
[2011/01/16 22:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\TP
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\System32\MRT.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\System32\MpSigStub.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\System32\FlashPlayerApp.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\System32\drivers\USBAUDIO.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\WINDOWS\System32\dllcache\usbaudio.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Documents and Settings\Lisa\My Documents\cav_installer_3264_29:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Documents and Settings\Lisa\Application Data\mjusbsp\cdloader2.exe:$CmdTcID
@Alternate Data Stream - 26 bytes -> C:\Documents and Settings\Lisa\My Documents\cav_installer_3264_29:$CmdZnID
 
< End of report >

Attached Files

  • Attached File  OTL.Txt   56.91KB   41 downloads

Edited by RKinner, 14 February 2015 - 12:58 PM.

  • 0

Advertisements


#2
oneshot5072

oneshot5072

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

.


Edited by oneshot5072, 10 February 2015 - 02:21 PM.

  • 0

#3
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  

    • 0

    #4
    oneshot5072

    oneshot5072

      New Member

    • Topic Starter
    • Member
    • Pip
    • 4 posts

    Thanks RKinner....I ran the programs like you requested. But I can't find the FRST logs. Looked everywhere. But like I said, I'm a novice at best. Anyways, here's the logs I can find....# AdwCleaner v4.110 - Logfile created 16/02/2015 at 13:58:55
    # Updated 05/02/2015 by Xplode
    # Database : 2015-02-14.2 [Server]
    # Operating system : Microsoft Windows XP Service Pack 3 (x86)
    # Username : Lisa - MOMS
    # Running from : C:\Documents and Settings\Lisa\Desktop\AdwCleaner.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****

    Shortcut Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Scheduled Tasks.lnk

    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Mozilla Firefox v35.0.1 (x86 en-US)


    *************************

    AdwCleaner[R0].txt - [1243 bytes] - [16/02/2015 13:49:06]
    AdwCleaner[S0].txt - [1303 bytes] - [16/02/2015 13:58:55]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1362  bytes] ##########

      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.2 (02.02.2015:1)
    OS: Microsoft Windows XP x86
    Ran by Lisa on Mon 02/16/2015 at 14:29:03.71
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Documents and Settings\Lisa\Local Settings\Application Data\adawarebp"





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 02/16/2015 at 14:45:43.70
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     


    • 0

    #5
    oneshot5072

    oneshot5072

      New Member

    • Topic Starter
    • Member
    • Pip
    • 4 posts

    O.K. I ran FRST again and this is what was produced.....Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
    Ran by Lisa (administrator) on MOMS on 16-02-2015 21:40:42
    Running from C:\Documents and Settings\Lisa\Desktop
    Loaded Profiles: Lisa (Available profiles: Lisa)
    Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () C:\WINDOWS\system32\ati2evxx.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    () C:\WINDOWS\system32\ati2evxx.exe
    (Creative Technology Ltd) C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    (ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    (LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    (magicJack L.P.) C:\Documents and Settings\Lisa\Application Data\mjusbsp\magicJack.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe

      Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
    Ran by Lisa (administrator) on MOMS on 16-02-2015 21:40:42
    Running from C:\Documents and Settings\Lisa\Desktop
    Loaded Profiles: Lisa (Available profiles: Lisa)
    Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () C:\WINDOWS\system32\ati2evxx.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    () C:\WINDOWS\system32\ati2evxx.exe
    (Creative Technology Ltd) C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    (ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
    (LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    (magicJack L.P.) C:\Documents and Settings\Lisa\Application Data\mjusbsp\magicJack.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [CTSysVol] => C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [57344 2005-10-31] (Creative Technology Ltd)
    HKLM\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
    HKLM\...\Run: [P17Helper] => Rundll32 P17.dll,P17Helper
    HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [335872 2003-11-25] (ATI Technologies, Inc.)
    HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1243864 2015-02-09] (COMODO)
    Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll ()
    HKU\S-1-5-21-1085031214-813497703-725345543-1004\...\Run: [cdloader] => C:\Documents and Settings\Lisa\Application Data\mjusbsp\cdloader2.exe [51592 2015-02-16] (magicJack L.P.)
    HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [519584 2010-02-28] (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1085031214-813497703-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/...6EQLLuTwEdG2vAI
    HKU\S-1-5-21-1085031214-813497703-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.charter.n...le/index.php?q=
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...ols/pcmatic.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1284943085028
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...pdetect114a.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 172.16.0.1
    Tcpip\..\Interfaces\{10C157B7-B8D2-4319-B061-4907CC790366}: [NameServer] 156.154.70.22,156.154.71.22

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Lisa\Application Data\Mozilla\Firefox\Profiles\iniqwvx4.default-1422796315265
    FF DefaultSearchEngine: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-09-19]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
    U2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [376832 2004-06-10] ()
    U2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2003-12-02] () [File not signed]
    U2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5868440 2015-02-09] (COMODO)
    U3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664216 2015-02-09] (COMODO)
    U2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-23] (Oracle Corporation)
    U3 LPDSVC; C:\WINDOWS\System32\tcpsvcs.exe [19456 2002-08-29] (Microsoft Corporation)
    U2 Net Driver HPZ12; C:\WINDOWS\System32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
    U2 Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
    U3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U3 atinrvxx; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [104960 2003-10-20] (ATI Technologies Inc.)
    U3 Cam3820; C:\WINDOWS\System32\Drivers\cam3820a.sys [308096 2009-07-08] (CamVendor) [File not signed]
    U3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
    U1 cmderd; C:\WINDOWS\System32\DRIVERS\cmderd.sys [15576 2015-01-30] (COMODO)
    U1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [620120 2015-01-30] (COMODO)
    U1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [29912 2015-01-30] (COMODO)
    U2 EIO; C:\WINDOWS\system32\drivers\EIO.sys [8703 2003-01-29] (ASUSTeK Computer Inc.) [File not signed]
    U3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
    U3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-10-30] (HP)
    U3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-10-30] (HP)
    U3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-10-30] (HP)
    U0 Inspect; C:\WINDOWS\System32\DRIVERS\inspect.sys [105560 2015-01-30] (COMODO)
    U2 MVDCODEC; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [13824 2003-10-20] (ATI Technologies Inc.)
    U3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
    U3 P17; C:\WINDOWS\System32\drivers\P17.sys [1127936 2007-06-15] (Creative Technology Ltd.)
    U3 rtl8139; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [45568 2002-04-03] (CNet Technology Inc.)
    U3 S3Inc; C:\WINDOWS\System32\DRIVERS\s3mt3d.sys [41216 2001-08-17] (S3 Incorporated)
    U4 IntelIde; No ImagePath
    U1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
    U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-16 15:02 - 2015-02-16 15:05 - 00014363 _____ () C:\Documents and Settings\Lisa\Desktop\Addition.txt
    2015-02-16 15:00 - 2015-02-16 21:41 - 00010202 _____ () C:\Documents and Settings\Lisa\Desktop\FRST.txt
    2015-02-16 14:59 - 2015-02-16 21:40 - 00000000 ____D () C:\FRST
    2015-02-16 14:57 - 2015-02-16 14:57 - 01125888 _____ (Farbar) C:\Documents and Settings\Lisa\Desktop\FRST.exe
    2015-02-16 14:45 - 2015-02-16 14:49 - 00000697 _____ () C:\Documents and Settings\Lisa\Desktop\JRT.txt
    2015-02-16 14:27 - 2015-02-16 14:27 - 01388274 _____ (Thisisu) C:\Documents and Settings\Lisa\Desktop\JRT.exe
    2015-02-16 14:17 - 2015-02-16 14:17 - 00001442 _____ () C:\Documents and Settings\Lisa\Desktop\AdwCleaner[S0].txt
    2015-02-16 13:48 - 2015-02-16 13:59 - 00000000 ____D () C:\AdwCleaner
    2015-02-16 13:47 - 2015-02-16 13:47 - 02112512 _____ () C:\Documents and Settings\Lisa\Desktop\AdwCleaner.exe
    2015-02-10 01:06 - 2012-02-06 17:31 - 00441096 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20150210-010638.backup
    2015-02-10 00:46 - 2015-02-10 00:46 - 00058278 _____ () C:\Documents and Settings\Lisa\Desktop\OTL.Txt
    2015-02-09 19:50 - 2015-02-16 21:32 - 00051562 _____ () C:\WINDOWS\system32\Drivers\fvstore.dat
    2015-02-09 19:50 - 2015-02-09 19:50 - 00000000 ___HD () C:\VTRoot
    2015-02-01 08:28 - 2015-02-01 08:29 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-01-23 23:18 - 2012-02-20 10:55 - 00000803 _____ () C:\Documents and Settings\Lisa\Desktop\Internet Explorer.lnk
    2015-01-23 13:57 - 2015-02-16 21:10 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9}.job
    2015-01-23 13:57 - 2015-02-16 19:57 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
    2015-01-23 13:57 - 2015-02-16 14:42 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
    2015-01-23 13:57 - 2015-02-16 14:01 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22}.job
    2015-01-23 13:55 - 2015-02-16 21:31 - 00671456 _____ () C:\WINDOWS\system32\Drivers\sfi.dat
    2015-01-23 13:53 - 2015-02-09 19:49 - 00001878 _____ () C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
    2015-01-23 13:53 - 2015-01-23 13:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Shared Space
    2015-01-23 13:46 - 2015-01-23 13:46 - 00000780 _____ () C:\WINDOWS\system32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
    2015-01-23 13:07 - 2015-01-23 13:08 - 226075376 _____ (COMODO) C:\Documents and Settings\Lisa\My Documents\cav_installer_3264_29
    2015-01-23 11:37 - 2015-02-11 14:15 - 00000000 ____D () C:\WINDOWS\pss
    2015-01-23 00:23 - 2015-01-23 00:23 - 00000104 _____ () C:\Documents and Settings\Lisa\Desktop\Shortcut to Internet.lnk
    2015-01-22 23:56 - 2015-01-22 23:56 - 00000789 _____ () C:\Documents and Settings\Lisa\Desktop\Malwarebytes Anti-Malware.lnk
    2015-01-22 23:55 - 2015-01-22 23:55 - 00000945 _____ () C:\Documents and Settings\Lisa\Desktop\Spybot - Search & Destroy.lnk
    2015-01-22 23:54 - 2015-01-22 23:54 - 00001592 _____ () C:\Documents and Settings\Lisa\Desktop\Defraggler.lnk
    2015-01-22 23:42 - 2015-01-22 23:42 - 00001532 _____ () C:\Documents and Settings\Lisa\Desktop\Disk Cleanup.lnk
    2015-01-22 23:42 - 2015-01-22 23:42 - 00000694 _____ () C:\Documents and Settings\Lisa\Desktop\CCleaner.lnk
    2015-01-22 18:35 - 2015-02-16 14:19 - 00000999 _____ () C:\Documents and Settings\Lisa\Desktop\magicJack.lnk
    2015-01-22 15:13 - 2015-01-22 15:13 - 00000000 ____D () C:\Documents and Settings\Lisa\Local Settings\Application Data\tjnet
    2015-01-21 18:43 - 2015-01-21 18:43 - 00000000 ____D () C:\Documents and Settings\Lisa\Local Settings\Application Data\magicJack
    2015-01-21 18:43 - 2015-01-21 18:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\magicJack
    2015-01-21 18:42 - 2015-02-16 14:19 - 00001005 _____ () C:\Documents and Settings\Lisa\Start Menu\Programs\magicJack.lnk
    2015-01-21 18:39 - 2015-02-16 14:19 - 00000000 ____D () C:\Documents and Settings\Lisa\Application Data\mjusbsp

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-16 21:32 - 2012-01-21 19:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2015-02-16 21:31 - 2010-09-19 19:22 - 00000000 ____D () C:\Documents and Settings\Lisa\Local Settings\Temp
    2015-02-16 21:31 - 2010-09-19 19:22 - 00000000 ____D () C:\Documents and Settings\Lisa
    2015-02-16 20:57 - 2011-12-14 18:53 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-16 18:50 - 2011-09-28 17:39 - 00000994 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1085031214-813497703-725345543-1004UA.job
    2015-02-16 14:02 - 2010-09-19 19:38 - 01773679 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-02-16 14:01 - 2011-12-14 18:53 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-16 14:01 - 2010-09-19 19:14 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-02-16 14:01 - 2010-09-19 14:28 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2015-02-16 14:01 - 2010-09-19 14:28 - 00000049 _____ () C:\WINDOWS\wiaservc.log
    2015-02-16 14:01 - 2002-08-29 07:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
    2015-02-16 14:00 - 2010-09-19 19:22 - 00000178 ___SH () C:\Documents and Settings\Lisa\ntuser.ini
    2015-02-16 14:00 - 2010-09-19 19:17 - 00032574 _____ () C:\WINDOWS\SchedLgU.Txt
    2015-02-16 09:50 - 2011-09-28 17:38 - 00000972 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1085031214-813497703-725345543-1004Core.job
    2015-02-11 08:53 - 2013-08-17 17:03 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2015-02-11 08:45 - 2010-09-19 20:52 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-02-09 22:31 - 2014-06-27 12:03 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-02-09 21:17 - 2014-12-17 21:51 - 00000000 ____D () C:\Documents and Settings\Lisa\Local Settings\Application Data\Adobe
    2015-02-09 21:17 - 2012-06-08 20:08 - 00701616 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2015-02-09 21:17 - 2011-05-15 22:00 - 00071344 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2015-02-09 19:31 - 2010-09-21 14:54 - 00000000 ____D () C:\Program Files\COMODO
    2015-02-09 18:55 - 2012-12-31 12:19 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HP
    2015-02-09 18:52 - 2010-09-21 14:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
    2015-02-08 15:00 - 2014-06-27 11:44 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
    2015-02-06 08:43 - 2011-10-09 17:32 - 00000000 ____D () C:\Documents and Settings\Lisa\Desktop\Unused Desktop Shortcuts
    2015-02-06 08:39 - 2012-07-05 01:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2015-02-01 16:56 - 2015-01-16 22:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak
    2015-01-30 07:27 - 2014-12-09 00:20 - 00620120 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdGuard.sys
    2015-01-30 07:27 - 2014-12-09 00:20 - 00386768 _____ (COMODO) C:\WINDOWS\system32\guard32.dll
    2015-01-30 07:27 - 2014-12-09 00:20 - 00105560 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys
    2015-01-30 07:27 - 2014-12-09 00:20 - 00029912 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys
    2015-01-30 07:27 - 2014-12-09 00:20 - 00015576 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys
    2015-01-30 07:27 - 2014-06-27 10:51 - 00286424 _____ (COMODO) C:\WINDOWS\system32\cmdvrt32.dll
    2015-01-30 07:27 - 2014-06-27 10:51 - 00040664 _____ (COMODO) C:\WINDOWS\system32\cmdkbd32.dll
    2015-01-30 07:27 - 2011-10-22 16:17 - 00033520 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll
    2015-01-23 13:56 - 2010-09-21 14:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Comodo
    2015-01-23 13:36 - 2011-01-26 15:18 - 00001945 ____C () C:\WINDOWS\epplauncher.mif
    2015-01-23 12:06 - 2010-09-19 14:23 - 00000211 __RSH () C:\boot.ini
    2015-01-23 12:06 - 2002-08-29 07:00 - 00000801 _____ () C:\WINDOWS\win.ini
    2015-01-23 12:06 - 2002-08-29 07:00 - 00000227 _____ () C:\WINDOWS\system.ini
    2015-01-23 06:28 - 2010-09-19 19:17 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
    2015-01-22 15:09 - 2010-09-19 14:25 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
    2015-01-22 15:08 - 2011-01-16 22:04 - 00000000 ____D () C:\Documents and Settings\Lisa\Application Data\SoftGrid Client
    2015-01-22 09:33 - 2010-12-10 09:27 - 00000000 ____D () C:\WINDOWS\Minidump
    2015-01-21 17:58 - 2013-10-09 09:23 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
    2015-01-21 17:58 - 2013-10-09 09:23 - 00060160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys

    Some content of TEMP:
    ====================
    C:\Documents and Settings\Lisa\Local Settings\Temp\Quarantine.exe
    C:\Documents and Settings\Lisa\Local Settings\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End Of Log ============================ 


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP