Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I think my computer is infected

Started by gibbyjones , Jun 19 2015 11:43 AM

  • Please log in to reply

#1
gibbyjones
Posted 19 June 2015 - 11:43 AM

gibbyjones

    New Member

  • Member
  • Pip
  • 1 posts

I go to project free tv and watch shows but lately my computer has been running really slow. the shows are playing but they are choppy and the video is behind the voices. I've used ccleaner to try and fix the problem but it's not working.

There seems to be something running on my computer that I haven't opened and I can't see.

I need help in fixing this problem can someone tell me what the problem could be and how to fix it.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015
Ran by Robin (administrator) on MINE on 19-06-2015 13:19:10
Running from C:\Documents and Settings\Robin\My Documents\Downloads
Loaded Profiles: Robin (Available Profiles: Robin)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(AdFender, Inc.) C:\Program Files\AdFender\AdFender.exe
(Microsoft® Corporation) C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [2498560 2009-10-07] (Dell Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1982312 2013-01-31] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKU\S-1-5-21-117609710-179605362-839522115-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Del2490718] => cmd.exe /Q /D /c del "C:\WINDOWS\TEMP\0.del" <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del2914265] => cmd.exe /Q /D /c del "C:\WINDOWS\TEMP\0.del" <===== ATTENTION
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AdFender.lnk [2014-05-06]
ShortcutTarget: AdFender.lnk -> C:\Program Files\AdFender\AdFender.exe (AdFender, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk [2014-05-06]
ShortcutTarget: Microsoft Works Calendar Reminders.lnk -> C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk [2014-05-06]
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - c:\WINDOWS\$NTSER~1\upnpui.dll (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-117609710-179605362-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-117609710-179605362-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
BHO: SimpleAdblock Class -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll [2012-09-20] (Simple Adblock)
Toolbar: HKU\S-1-5-21-117609710-179605362-839522115-1003 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-117609710-179605362-839522115-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - c:\WINDOWS\$NtServicePackUninstall$\msvidctl.dll [2004-08-04] (Microsoft Corporation)
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\WINDOWS\$NtServicePackUninstall$\itss.dll [2004-08-04] (Microsoft Corporation)
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\WINDOWS\$NtServicePackUninstall$\itss.dll [2004-08-04] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-09-16] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\ie8\mshtml.dll [2014-02-04] (Microsoft Corporation)
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\WINDOWS\$NtServicePackUninstall$\msvidctl.dll [2004-08-04] (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -  No File
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - c:\WINDOWS\$NTSER~1\wiascr.dll [2004-08-04] (Microsoft Corporation)
ShellExecuteHooks: MSN DS Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\WINDOWS\$NtUninstallKB963093$\msnlnamespacemgr.dll [304128 2008-05-26] (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 142.166.166.166
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\Profiles\cryeubvs.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll No File
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2011-11-03] (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Extension: Pirrit Suggestor - C:\Documents and Settings\Robin\Application Data\Mozilla\Firefox\profiles\extensions\[email protected] [2014-04-12]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-10-05]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Robin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-17]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3273088 2013-09-16] (Skype Technologies S.A.)
R2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe [94208 2007-05-10] (SigmaTel, Inc.)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [2232320 2009-10-07] (Dell Inc.) [File not signed]
S3 WmdmPmSN; c:\WINDOWS\erdnt\cache\mspmsnsv.dll [27136 2006-10-18] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42272 2014-03-21] (AVG Technologies)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2649216 2009-10-07] (Broadcom Corporation)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
R3 guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [68696 2007-12-23] (O2Micro)
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [211200 2007-08-02] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [989952 2007-08-02] (Conexant Systems, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-06-19] (Malwarebytes Corporation)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project) [File not signed]
S3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [33512 2012-11-01] (AnchorFree Inc)
R3 ubohci; C:\WINDOWS\System32\DRIVERS\ubohci.sys [116736 2012-10-05] (Unibrain)
R2 ubsbm; C:\WINDOWS\System32\DRIVERS\ubsbm.sys [17408 2012-10-05] (Unibrain)
R2 ubumapi; C:\WINDOWS\System32\DRIVERS\ubumapi.sys [46592 2012-10-05] (Unibrain)
S3 catchme; \??\C:\DOCUME~1\Robin\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-19 13:17 - 2015-06-19 13:19 - 00000000 ____D C:\FRST
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-19 13:21 - 2014-03-30 13:13 - 00000000 ____D C:\Documents and Settings\Robin\Local Settings\temp
2015-06-19 12:51 - 2013-10-17 13:42 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-19 12:48 - 2012-08-14 15:31 - 00000830 ____C C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-06-19 12:46 - 2011-08-05 19:20 - 00602576 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-19 12:42 - 2014-06-21 01:03 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-19 12:42 - 2014-05-12 19:06 - 01906378 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-19 12:42 - 2011-10-03 17:10 - 00207801 ____C C:\WINDOWS\system32\nvModes.001
2015-06-19 12:42 - 2004-08-04 07:00 - 00002206 ____C C:\WINDOWS\system32\wpa.dbl
2015-06-19 12:41 - 2014-03-18 19:10 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-06-19 12:41 - 2013-10-17 13:42 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-19 12:41 - 2013-06-26 18:38 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-06-19 12:41 - 2013-06-26 18:38 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-06-19 12:41 - 2011-08-06 06:11 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2015-06-19 12:40 - 2011-08-06 06:12 - 00000178 __SHC C:\Documents and Settings\Robin\ntuser.ini
2015-06-19 12:40 - 2011-08-06 06:11 - 00032400 _____ C:\WINDOWS\SchedLgU.Txt
2015-06-19 12:24 - 2011-08-06 06:12 - 00000000 ____D C:\Documents and Settings\Robin
2015-06-16 00:11 - 2012-03-06 22:22 - 00041530 ____C C:\Documents and Settings\Robin\Desktop\My Bills.wks
2015-06-11 00:12 - 2013-07-15 23:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-11 00:08 - 2011-10-03 13:46 - 136900096 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-10 18:48 - 2012-04-12 15:16 - 00778416 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-06-10 18:48 - 2011-12-09 00:02 - 00142512 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-06-10 17:57 - 2012-10-10 14:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB929399$
2015-06-10 17:54 - 2014-05-12 20:28 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-06-10 17:26 - 2014-06-21 01:02 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-10 17:26 - 2014-06-21 01:02 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-10 17:26 - 2014-05-12 18:46 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-08 23:17 - 2014-03-18 19:10 - 00000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
 
==================== Files in the root of some directories =======
 
2014-03-31 19:28 - 2014-03-31 19:28 - 0005265 _____ () C:\Documents and Settings\Robin\Application Data\callbanner.png
2012-12-11 19:13 - 2012-12-11 19:13 - 0000664 ____C () C:\Documents and Settings\Robin\Local Settings\Application Data\d3d9caps.tmp
2011-12-09 17:00 - 2014-04-21 22:15 - 0196608 ____C () C:\Documents and Settings\Robin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-14 11:18 - 2014-03-14 11:18 - 0004178 _____ () C:\Documents and Settings\Robin\Local Settings\Application Data\recently-used.xbel
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of log ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015
Ran by Robin at 2015-06-19 13:21:54
Running from C:\Documents and Settings\Robin\My Documents\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-117609710-179605362-839522115-500 - Administrator - Enabled)
ASPNET (S-1-5-21-117609710-179605362-839522115-1004 - Limited - Enabled)
Guest (S-1-5-21-117609710-179605362-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-117609710-179605362-839522115-1000 - Limited - Disabled)
Robin (S-1-5-21-117609710-179605362-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Robin
SUPPORT_388945a0 (S-1-5-21-117609710-179605362-839522115-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Dell System Detect (HKU\S-1-5-21-117609710-179605362-839522115-1003\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
iTunes (HKLM\...\{0718A90E-93AA-49AF-A4FE-0165ACD91DF0}) (Version: 11.2.2.3 - Apple Inc.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version:  - )
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA nView 136.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.53 - NVIDIA Corporation)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.6 - Tweaking.com)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-117609710-179605362-839522115-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
25-03-2015 12:25:39 Software Distribution Service 3.0
30-03-2015 16:00:55 Software Distribution Service 3.0
14-04-2015 14:44:03 System Checkpoint
21-05-2015 20:45:03 Software Distribution Service 3.0
21-05-2015 21:59:28 Software Distribution Service 3.0
08-06-2015 23:18:55 Software Distribution Service 3.0
10-06-2015 20:30:16 System Checkpoint
11-06-2015 00:08:35 Software Distribution Service 3.0
12-06-2015 00:41:36 Software Distribution Service 3.0
12-06-2015 09:06:18 Software Distribution Service 3.0
14-06-2015 21:43:27 System Checkpoint
14-06-2015 23:15:26 Software Distribution Service 3.0
15-06-2015 23:29:06 System Checkpoint
16-06-2015 03:00:19 Software Distribution Service 3.0
16-06-2015 03:16:34 Software Distribution Service 3.0
16-06-2015 23:43:47 Software Distribution Service 3.0
18-06-2015 02:07:39 Software Distribution Service 3.0
19-06-2015 00:45:10 Software Distribution Service 3.0
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-04 07:00 - 2014-09-22 14:52 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-10-03 17:15 - 2009-10-07 16:01 - 00025088 _____ () C:\WINDOWS\System32\WLTRYSVC.EXE
2011-10-03 17:15 - 2009-10-07 16:01 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll
2013-01-23 20:57 - 2001-10-28 17:42 - 00116224 _____ () C:\WINDOWS\system32\pdfcmnnt.dll
2014-01-24 19:03 - 2013-01-31 08:22 - 01564008 _____ () C:\Program Files\NVIDIA Corporation\nview\nview.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-10-03 17:15 - 2009-10-07 16:01 - 00143360 _____ () C:\WINDOWS\system32\preflib.dll
2011-10-03 17:09 - 2008-11-22 02:07 - 00466944 _____ () C:\WINDOWS\system32\nvshell.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-117609710-179605362-839522115-1003\...\dell.com -> dell.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-117609710-179605362-839522115-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Robin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.2.1 - 142.166.166.166
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
StandardProfile\AuthorizedApplications: [C:\WINDOWS\Network Diagnostic\xpnetdiag.exe] => Disabled:@xpsp3res.dll,-20000
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Disabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Adobe Download Assistant\Adobe Download Assistant.exe] => Enabled:Adobe Download Assistant
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Mozilla Firefox
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [7668:TCP] => Disabled:BitComet 7668 TCP
StandardProfile\GloballyOpenPorts: [7668:UDP] => Disabled:BitComet 7668 UDP
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management 
StandardProfile\GloballyOpenPorts: [1245:TCP] => Enabled:Akamai NetSession Interface
StandardProfile\GloballyOpenPorts: [5000:UDP] => Enabled:Akamai NetSession Interface
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom NetXtreme 57xx Gigabit Controller
Description: Broadcom NetXtreme 57xx Gigabit Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Broadcom
Service: b57w2k
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: TAP-Win32 Adapter V9
Description: TAP-Win32 Adapter V9
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: TAP-Win32 Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/11/2015 04:30:33 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 12674356.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.
 
Error: (06/11/2015 04:30:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 43.0.2357.124, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00012333.
Processing media-specific event for [chrome.exe!ws!]
 
Error: (03/04/2015 11:11:24 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 873376521.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.
 
Error: (03/04/2015 11:11:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 40.0.2214.115, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00012333.
Processing media-specific event for [chrome.exe!ws!]
 
Error: (10/20/2014 01:31:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application chrome.exe, version 37.0.2062.120, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00012333.
Processing media-specific event for [chrome.exe!ws!]
 
Error: (09/22/2014 10:39:39 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: This operation returned because the timeout period expired.
 
Error: (09/22/2014 02:54:10 PM) (Source: VSS) (EventID: 4099) (User: )
Description: Volume Shadow Copy Service error: Cannot install the component C:\Documents and Settings\Robin\Desktop\SWPRV.DLL into the COM+ application 'MS Software Shadow Copy Provider' [0x80110401].
 
Error: (09/22/2014 02:42:57 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Failed to load MOF C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C512F55-DB56-4492-8BAB-6ABFB4FC5170}\RP4\A0000921.MOF while recovering repository file.
 
Error: (09/22/2014 02:42:57 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Failed to load MOF C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C512F55-DB56-4492-8BAB-6ABFB4FC5170}\RP4\A0000920.MOF while recovering repository file.
 
Error: (09/22/2014 02:42:57 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Failed to load MOF C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C512F55-DB56-4492-8BAB-6ABFB4FC5170}\RP4\A0000919.MOF while recovering repository file.
 
 
System errors:
=============
Error: (06/19/2015 00:42:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
 
Error: (06/19/2015 00:41:16 PM) (Source: 0) (EventID: 4311) (User: )
Description: 
 
Error: (06/19/2015 00:34:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (06/19/2015 00:33:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/19/2015 11:51:02 AM) (Source: 0) (EventID: 4311) (User: )
Description: 
 
Error: (06/19/2015 00:45:21 AM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Silverlight (KB2977218).
 
Error: (06/18/2015 08:25:16 AM) (Source: 0) (EventID: 4311) (User: )
Description: 
 
Error: (06/18/2015 02:07:47 AM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Silverlight (KB2977218).
 
Error: (06/17/2015 11:42:38 AM) (Source: 0) (EventID: 4311) (User: )
Description: 
 
Error: (06/16/2015 11:43:55 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Silverlight (KB2977218).
 
 
Microsoft Office:
=========================
Error: (06/11/2015 04:30:33 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: 12674356
 
Error: (06/11/2015 04:30:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe43.0.2357.124ntdll.dll5.1.2600.605500012333
 
Error: (03/04/2015 11:11:24 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: 873376521
 
Error: (03/04/2015 11:11:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe40.0.2214.115ntdll.dll5.1.2600.605500012333
 
Error: (10/20/2014 01:31:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe37.0.2062.120ntdll.dll5.1.2600.605500012333
 
Error: (09/22/2014 10:39:39 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download....rootseq.txtThisoperation returned because the timeout period expired.
 
Error: (09/22/2014 02:54:10 PM) (Source: VSS) (EventID: 4099) (User: )
Description: C:\Documents and Settings\Robin\Desktop\SWPRV.DLLMS Software Shadow Copy Provider0x80110401
 
Error: (09/22/2014 02:42:57 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C512F55-DB56-4492-8BAB-6ABFB4FC5170}\RP4\A0000921.MOF
 
Error: (09/22/2014 02:42:57 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C512F55-DB56-4492-8BAB-6ABFB4FC5170}\RP4\A0000920.MOF
 
Error: (09/22/2014 02:42:57 PM) (Source: WinMgmt) (EventID: 4) (User: )
Description: C:\SYSTEM VOLUME INFORMATION\_RESTORE{2C512F55-DB56-4492-8BAB-6ABFB4FC5170}\RP4\A0000919.MOF
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T7100 @ 1.80GHz
Percentage of memory in use: 31%
Total physical RAM: 3070.04 MB
Available physical RAM: 2102.59 MB
Total Pagefile: 7514.92 MB
Available Pagefile: 6680.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.15 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.79 GB) (Free:62.19 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 29B429B3)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
 
==================== End of log ============================

 


  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP