Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Antivirus Keeps Reporting an Infection but Can't Delete It! [S

Started by 4leafclover , Oct 10 2015 01:58 AM

  • This topic is locked This topic is locked

#1
4leafclover
Posted 10 October 2015 - 01:58 AM

4leafclover

    Member

  • Member
  • PipPip
  • 20 posts

Hi

 

I tried downloading a song but then I got bombarded by pop up messages and my computer became very slow. My antivirus was reporting some viruses but when I hit delete or clean nothing happens. I ran Malewarbytes and found over 1000 issues. I clicked on remove but the pop ups are still there when I restarted the computer.  NOD32 still reports on a virus once in a while but not removing it.

 

Thank you for reading this and please help if you can!


  • 0

Advertisements

#2
Essexboy
Posted 10 October 2015 - 05:19 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I will need to look at the system first

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
4leafclover
Posted 10 October 2015 - 09:37 AM

4leafclover

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Thank you so much for your response! Here is the log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:08-10-2015
Ran by XP POWER (administrator) on XP-FC210920B0A5 (10-10-2015 08:29:50)
Running from C:\Documents and Settings\XP POWER\My Documents\Downloads
Loaded Profiles: XP POWER (Available Profiles: XP POWER & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Digidesign, A Division of Avid Technology, Inc.) C:\Program Files\Digidesign\Drivers\MMERefresh.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
(Aiptek) C:\WINDOWS\system32\atwtusb.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18085888 2009-02-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Share-to-Web Namespace Daemon] => C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [69632 2002-04-17] (Hewlett-Packard)
HKLM\...\Run: [atwtusb] => atwtusb.exe beta
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1989920 2013-08-26] (Wondershare)
HKLM\...\Run: [DelaypluginInstall] => C:\Documents and Settings\All Users\Application Data\Wondershare\AllMyTube\DelayPluginI.exe [1960336 2015-05-22] ()
HKLM\...\Run: [DigidesignMMERefresh] => C:\Program Files\Digidesign\Drivers\MMERefresh.exe [61440 2006-11-14] (Digidesign, A Division of Avid Technology, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2054360 2009-09-29] (ESET)
HKU\S-1-5-21-1993962763-287218729-682003330-1003\...\Run: [Pinger] => C:\Program Files\Pinger\Pinger.exe [10581504 2013-08-23] ()
HKU\S-1-5-21-1993962763-287218729-682003330-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53735968 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-1993962763-287218729-682003330-1003\...\Run: [KSS] => C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe [919296 2015-06-03] (Kaspersky Lab ZAO)
SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{27B13FA3-5F0A-4F81-920D-F18E90055E9D}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1993962763-287218729-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1993962763-287218729-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1993962763-287218729-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-23] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-23] (Oracle Corporation)
Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 -  No File
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-23] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: Eset Plugin - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2015-10-09]
FF Extension: No Name - C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default\extensions\[email protected] [not found]
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (EasyCalendar) - C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk [2015-10-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-09]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-09]
CHR Extension: (Bitdefender QuickScan) - C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-10-09]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DigiRefresh; C:\Program Files\Digidesign\Drivers\MMERefresh.exe [61440 2006-11-14] (Digidesign, A Division of Avid Technology, Inc.) [File not signed]
S3 digiSPTIService; C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe [122880 2006-11-13] (Digidesign, A Division of Avid Technology, Inc.) [File not signed]
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [20680 2009-09-29] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [735960 2009-09-29] (ESET)
S2 kss; C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe [919296 2015-06-03] (Kaspersky Lab ZAO)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 spupdsvc; C:\WINDOWS\system32\spupdsvc.exe [26488 2007-07-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
S1 aiptektp; C:\WINDOWS\System32\DRIVERS\aiptektp.sys [22272 2004-07-07] (AIPTEK International Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R0 DigiFilter; C:\WINDOWS\System32\drivers\DigiFilt.sys [16384 2006-11-13] (Digidesign, A Division of Avid Technology, Inc.) [File not signed]
R2 DigiNet; C:\WINDOWS\System32\DRIVERS\diginet.sys [11776 2006-11-13] (Digidesign, A Division of Avid Technology, Inc.) [File not signed]
R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [116008 2009-09-29] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [108792 2009-09-29] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [96408 2009-09-29] (ESET)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2015-04-01] ()
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [32384 2015-10-09] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [14184 2013-11-17] (Marvell Semiconductor Inc.)
R0 mv64xxmm; C:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2013-11-17] (Marvell Semiconductor Inc.) [File not signed]
R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [14184 2013-11-17] (Marvell Semiconductor Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-08] (NVIDIA Corporation)
R0 nvlegacy; C:\WINDOWS\system32\Drivers\nvlegacy.sys [100736 2013-11-17] (NVIDIA Corporation) [File not signed]
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
S3 RTL8192cu; C:\WINDOWS\System32\DRIVERS\RTL8192cu.sys [894696 2010-07-13] (Realtek Semiconductor Corporation                           )
R0 TPkd; C:\WINDOWS\system32\Drivers\TPkd.sys [72608 2006-10-05] (PACE Anti-Piracy, Inc.) [File not signed]
S3 zghsdiag; C:\WINDOWS\System32\DRIVERS\zghsdiag.sys [113688 2011-08-22] (ZTE Incorporated)
S3 catchme; \??\C:\DOCUME~1\XPPOWE~1\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-10 08:29 - 2015-10-10 08:29 - 00000000 ____D C:\FRST
2015-10-10 03:09 - 2015-10-10 03:09 - 00005657 _____ C:\WINDOWS\KB2378111.log
2015-10-10 03:06 - 2015-10-10 03:06 - 00000000 ____D C:\WINDOWS\LastGood
2015-10-10 00:29 - 2015-10-10 00:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Security Scan
2015-10-10 00:29 - 2015-10-10 00:28 - 00000802 _____ C:\Documents and Settings\All Users\Desktop\Kaspersky Security Scan.lnk
2015-10-10 00:28 - 2015-10-10 00:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2015-10-10 00:28 - 2015-10-10 00:28 - 00000000 ____D C:\Program Files\Kaspersky Lab
2015-10-10 00:01 - 2015-10-10 00:01 - 00173281 _____ C:\Documents and Settings\XP POWER\Desktop\runscanner.run
2015-10-10 00:01 - 2015-10-10 00:01 - 00021712 _____ C:\Documents and Settings\XP POWER\Desktop\runscanner.log
2015-10-09 23:59 - 2015-10-09 23:59 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\Runscanner.net
2015-10-09 23:51 - 2015-10-09 23:51 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\QuickScan
2015-10-09 17:45 - 2015-10-09 17:45 - 00000000 ____D C:\Documents and Settings\XP POWER\My Documents\ESET NOD 32 Anti-Virus 4.0.468.0
2015-10-09 17:45 - 2015-10-09 17:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ESET
2015-10-09 17:39 - 2015-10-09 17:39 - 00013663 _____ C:\ComboFix.txt
2015-10-09 17:39 - 2015-10-09 17:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-10-09 17:39 - 2015-10-09 17:39 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2015-10-09 17:39 - 2015-10-09 17:39 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-10-09 17:34 - 2015-10-09 17:34 - 00000000 _RSHD C:\cmdcons
2015-10-09 16:52 - 2015-10-05 14:23 - 01801288 _____ (Malwarebytes) C:\Documents and Settings\XP POWER\Desktop\JRT.exe
2015-10-09 16:09 - 2015-10-09 16:09 - 00032384 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-10-09 16:08 - 2015-10-09 16:08 - 00220530 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-10-09 16:08 - 2015-10-09 16:08 - 00220530 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1993962763-287218729-682003330-1003-0.dat
2015-10-09 16:06 - 2015-10-09 16:06 - 00236394 _____ C:\WINDOWS\system32\.crusader
2015-10-09 15:49 - 2015-10-09 16:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2015-10-09 15:29 - 2015-10-09 16:47 - 00000824 _____ C:\Documents and Settings\XP POWER\Desktop\Simple Media Player.lnk
2015-10-09 15:29 - 2015-10-09 15:29 - 00000000 ____D C:\Program Files\Simple Media Player
2015-10-09 15:29 - 2015-10-09 15:29 - 00000000 ____D C:\Documents and Settings\XP POWER\Start Menu\Programs\Simple Media Player
2015-10-09 15:28 - 2015-10-09 17:16 - 00000000 ____D C:\Program Files\Feed Notifier
2015-10-09 15:28 - 2015-10-09 17:16 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\NetService
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Program Files\OnePCOptimizer
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Program Files\jogotempo
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DataFile
2015-10-09 15:28 - 2015-10-09 16:20 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\RunDir
2015-10-09 15:28 - 2015-10-09 15:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\one pc optimizer
2015-10-09 15:27 - 2015-10-09 16:06 - 00004696 _____ C:\WINDOWS\system32\Diixexeqw.ini
2015-10-09 15:27 - 2015-10-09 16:06 - 00002408 _____ C:\WINDOWS\system32\DiixexeqwOff.ini
2015-10-09 15:27 - 2015-10-09 15:27 - 00000000 ____D C:\WINDOWS\system32\gyo
2015-10-09 15:27 - 2015-10-09 15:27 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Tempfolder
2015-10-09 15:25 - 2015-10-09 15:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\28341ff220e0446c9fff27c4493d622e
2015-10-09 15:22 - 2015-10-09 15:53 - 00000004 _____ C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
2015-10-09 15:16 - 2015-10-09 16:06 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Application Data\F004D280-1444403761-1013-9F4B-82111D8F605B
2015-10-09 15:15 - 2015-04-01 19:22 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-10-09 15:08 - 2015-10-09 15:08 - 00013100 _____ C:\WINDOWS\iis6.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00012367 _____ C:\WINDOWS\FaxSetup.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00008166 _____ C:\WINDOWS\MSCompPackV1.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00007160 _____ C:\WINDOWS\ocgen.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00005642 _____ C:\WINDOWS\tsoc.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00003990 _____ C:\WINDOWS\comsetup.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00003686 _____ C:\WINDOWS\msmqinst.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00002424 _____ C:\WINDOWS\ntdtcsetup.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00002166 _____ C:\WINDOWS\netfxocm.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00001374 _____ C:\WINDOWS\imsins.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00001374 _____ C:\WINDOWS\imsins.BAK
2015-10-09 15:08 - 2015-10-09 15:08 - 00000850 _____ C:\WINDOWS\MedCtrOC.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00000622 _____ C:\WINDOWS\tabletoc.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallMSCompPackV1$
2015-10-09 15:08 - 2007-07-27 23:11 - 00016760 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2015-10-09 15:07 - 2015-10-10 03:09 - 00013578 _____ C:\WINDOWS\spupdsvc.log
2015-10-09 15:07 - 2015-10-09 15:08 - 00033210 _____ C:\WINDOWS\wmp11.log
2015-10-09 15:07 - 2015-10-09 15:07 - 00001313 _____ C:\WINDOWS\updspapi.log
2015-10-09 15:07 - 2015-10-09 15:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallwmp11$
2015-10-09 15:07 - 2015-10-09 15:07 - 00000000 ____D C:\Program Files\Windows Media Connect 2
2015-10-09 15:07 - 2008-04-14 04:00 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpns.dll
2015-10-09 15:06 - 2015-10-09 15:07 - 00023667 _____ C:\WINDOWS\WMFDist11.log
2015-10-09 15:05 - 2015-10-10 03:09 - 00007488 _____ C:\WINDOWS\wmsetup.log
2015-10-08 06:35 - 2015-10-08 06:35 - 00186880 _____ (TODO: <Company name>) C:\WINDOWS\system32\rsrcs.dll
2015-10-07 07:13 - 2015-10-07 07:13 - 00023552 _____ C:\WINDOWS\system32\HardwareInformation.exe
2015-10-02 15:48 - 2015-10-05 09:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-24 10:34 - 2015-09-24 10:34 - 00000000 ____D C:\Program Files\WinRAR
2015-09-24 10:34 - 2015-09-24 10:34 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\WinRAR
2015-09-24 10:34 - 2015-09-24 10:34 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
2015-09-24 09:48 - 2015-09-24 10:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WinZip
2015-09-22 10:38 - 2015-09-22 10:39 - 00000356 _____ C:\WINDOWS\WINNT32.LOG
2015-09-19 17:40 - 2015-09-19 17:40 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-09-19 17:40 - 2015-09-19 17:40 - 00000000 ____D C:\Program Files\InterLok
2015-09-19 17:40 - 2006-11-13 21:38 - 00016384 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\WINDOWS\system32\Drivers\DigiFilt.sys
2015-09-19 17:39 - 2015-09-19 17:39 - 00000000 ____D C:\Program Files\Common Files\PACE Anti-Piracy
2015-09-19 17:39 - 2015-09-19 17:39 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Application Data\PACE Anti-Piracy
2015-09-19 17:39 - 2015-09-19 17:39 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\PACE Anti-Piracy
2015-09-19 17:39 - 2015-09-19 17:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2015-09-19 17:39 - 2006-11-14 00:05 - 00126976 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\WINDOWS\system32\Digi32.dll
2015-09-19 17:38 - 2015-10-09 16:47 - 00001656 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Pro Tools LE.lnk
2015-09-19 17:38 - 2015-10-09 16:47 - 00001650 _____ C:\Documents and Settings\All Users\Desktop\Pro Tools LE.lnk
2015-09-19 17:38 - 2015-09-19 17:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Digidesign
2015-09-19 17:38 - 2006-11-13 21:38 - 00017408 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\WINDOWS\system32\Drivers\dgfwboot.sys
2015-09-19 17:38 - 2006-09-19 22:17 - 00638976 ____N (PACE Anti-Piracy) C:\WINDOWS\system32\ilinet.dll
2015-09-19 17:38 - 2006-03-29 14:11 - 00233472 ____N (Propellerhead Software AB) C:\WINDOWS\system32\REX Shared Library.dll
2015-09-19 17:38 - 2001-06-27 09:13 - 00217088 _____ C:\WINDOWS\system32\qtmlClient.dll
2015-09-19 17:37 - 2015-09-19 17:39 - 00000000 ____D C:\Program Files\Digidesign
2015-09-19 17:37 - 2015-09-19 17:37 - 00000000 ____D C:\Program Files\Common Files\Digidesign
2015-09-19 17:37 - 2006-11-14 05:12 - 03638655 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\WINDOWS\system32\DirectIO.dll
2015-09-19 17:37 - 2006-11-13 22:07 - 00090112 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\WINDOWS\system32\WinMMFix.dll
2015-09-19 17:37 - 2006-11-13 21:38 - 00015872 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\WINDOWS\system32\digicoin.dll
2015-09-19 17:37 - 2006-11-13 21:38 - 00011776 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\WINDOWS\system32\Drivers\diginet.sys
2015-09-19 17:37 - 2006-11-13 21:37 - 00483328 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\WINDOWS\system32\DSI.dll
2015-09-19 17:37 - 2006-11-13 21:37 - 00118784 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\WINDOWS\system32\Diomidi.DLL
2015-09-19 17:37 - 2006-11-13 21:35 - 01900132 _____ C:\WINDOWS\system32\ExpansionHD_Firmware.bin
2015-09-19 17:37 - 2006-11-13 21:35 - 00192512 _____ C:\WINDOWS\system32\DigiPlatformSupport.dll
2015-09-19 14:23 - 2008-04-14 05:41 - 00021504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidserv.dll
2015-09-19 14:23 - 2008-04-14 05:41 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2015-09-19 14:23 - 2008-04-14 00:09 - 00014592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhid.sys
2015-09-19 14:23 - 2008-04-14 00:09 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-09-17 16:55 - 2015-09-17 16:55 - 00055376 _____ C:\Documents and Settings\XP POWER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-09-17 10:38 - 2015-09-17 12:17 - 00000000 ____D C:\Documents and Settings\XP POWER\Desktop\New Folder
2015-09-13 13:17 - 2015-10-09 16:47 - 00000740 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-13 13:17 - 2015-10-09 16:47 - 00000734 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-09-13 13:17 - 2015-10-09 16:09 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-13 12:54 - 2015-09-13 12:54 - 00242752 _____ C:\Documents and Settings\XP POWER\My Documents\Firefox Setup Stub 40.0.3.exe
2015-09-13 12:02 - 2015-10-09 17:46 - 00053503 _____ C:\WINDOWS\setupapi.log
2015-09-13 12:02 - 2015-10-05 14:51 - 00001367 _____ C:\WINDOWS\setupact.log
2015-09-13 12:02 - 2015-09-13 12:02 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-13 10:33 - 2015-10-10 05:55 - 00694283 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-13 10:33 - 2015-10-09 20:21 - 00032572 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-13 10:33 - 2015-10-09 18:09 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-09-13 10:33 - 2015-10-09 18:09 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-09-13 10:33 - 2015-09-13 10:33 - 00219248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-13 10:33 - 2015-09-13 10:33 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2015-09-13 08:24 - 2015-09-13 08:24 - 00000000 ___RD C:\Program Files\Skype
2015-09-13 08:24 - 2015-09-13 08:24 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-09-13 08:24 - 2015-09-13 08:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2015-09-11 15:02 - 2015-09-11 15:02 - 00000000 ____D C:\Documents and Settings\XP POWER\My Documents\windows key words
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-10 08:30 - 2015-04-01 19:23 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\temp
2015-10-10 08:21 - 2015-02-19 20:54 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-10 08:18 - 2015-03-13 12:50 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\Skype
2015-10-10 03:14 - 2015-02-19 20:43 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-10-10 03:11 - 2015-02-19 08:30 - 00568092 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-09 18:09 - 2015-02-19 20:54 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-09 18:09 - 2015-02-19 17:40 - 00000228 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-10-09 18:09 - 2015-02-19 16:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-09 18:06 - 2015-05-31 08:53 - 00001823 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-10-09 17:45 - 2015-04-01 14:25 - 00000000 ____D C:\Program Files\ESET
2015-10-09 17:39 - 2015-04-01 19:15 - 00000000 ____D C:\Qoobox
2015-10-09 17:38 - 2008-04-14 04:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-10-09 17:34 - 2015-02-19 08:29 - 00000327 __RSH C:\boot.ini
2015-10-09 17:32 - 2015-04-01 19:19 - 00000327 _____ C:\Boot.bak
2015-10-09 17:28 - 2015-04-01 14:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ESET
2015-10-09 17:00 - 2015-04-01 14:13 - 00000000 ____D C:\AdwCleaner
2015-10-09 16:49 - 2015-02-19 08:27 - 00000000 ____D C:\WINDOWS\java
2015-10-09 16:47 - 2015-08-04 08:48 - 00000729 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2015-10-09 16:47 - 2015-08-02 21:50 - 00001112 _____ C:\Documents and Settings\All Users\Desktop\Wondershare Free YouTube Downloader.lnk
2015-10-09 16:47 - 2015-07-22 19:47 - 00001863 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth.lnk
2015-10-09 16:47 - 2015-07-04 09:50 - 00000712 _____ C:\Documents and Settings\All Users\Desktop\Photobie.lnk
2015-10-09 16:47 - 2015-06-22 21:38 - 00000835 _____ C:\Documents and Settings\XP POWER\Desktop\Portrait Professional Max.lnk
2015-10-09 16:47 - 2015-04-10 12:27 - 00002415 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2015-10-09 16:47 - 2015-04-03 11:05 - 00001397 _____ C:\Documents and Settings\All Users\Desktop\R-Wipe&Clean.lnk
2015-10-09 16:47 - 2015-04-01 19:00 - 00000787 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-09 16:47 - 2015-03-05 17:30 - 00001612 _____ C:\Documents and Settings\All Users\Desktop\Readiris Pro 8.lnk
2015-10-09 16:47 - 2015-03-05 17:26 - 00000861 _____ C:\Documents and Settings\All Users\Desktop\HP Photo & Imaging.lnk
2015-10-09 16:47 - 2015-03-05 17:26 - 00000791 _____ C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2015-10-09 16:47 - 2015-03-01 19:47 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2015-10-09 16:47 - 2015-02-24 15:13 - 00000704 _____ C:\Documents and Settings\XP POWER\Desktop\Pinger.lnk
2015-10-09 16:47 - 2015-02-19 20:48 - 00000911 _____ C:\Documents and Settings\All Users\Desktop\Snagit 11 Editor.lnk
2015-10-09 16:47 - 2015-02-19 20:48 - 00000867 _____ C:\Documents and Settings\All Users\Desktop\Snagit 11.lnk
2015-10-09 16:47 - 2015-02-19 20:05 - 00001823 _____ C:\Documents and Settings\All Users\Desktop\Homestead SiteBuilder.lnk
2015-10-09 16:47 - 2015-02-19 18:46 - 00001553 _____ C:\Documents and Settings\XP POWER\Desktop\Microsoft Picture It! Photo 2001.lnk
2015-10-09 16:47 - 2015-02-19 18:03 - 00000927 _____ C:\Documents and Settings\XP POWER\Desktop\Revo Uninstaller.lnk
2015-10-09 16:47 - 2015-02-19 16:47 - 00000796 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
2015-10-09 16:37 - 2015-04-01 19:01 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-09 16:09 - 2015-04-01 08:38 - 00000000 ____D C:\Program Files\7-Zip
2015-10-09 16:09 - 2015-02-19 16:48 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2015-10-09 16:09 - 2015-02-19 16:48 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2015-10-09 16:09 - 2008-04-14 04:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-10-09 15:31 - 2015-02-19 08:30 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-10-09 15:27 - 2015-02-19 16:51 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-10-09 15:07 - 2015-02-19 08:27 - 00000000 ____D C:\WINDOWS\Help
2015-10-09 15:07 - 2008-04-14 04:00 - 00000603 _____ C:\WINDOWS\win.ini
2015-10-09 15:06 - 2015-02-27 08:33 - 00017200 ____C C:\WINDOWS\Wudf01000Inst.log
2015-10-09 13:25 - 2015-02-19 18:43 - 00000000 ____D C:\Program Files\Microsoft Picture It! PhotoPub
2015-10-09 00:38 - 2015-08-04 08:49 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\vlc
2015-10-08 15:23 - 2015-02-19 17:40 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-09-19 17:39 - 2015-07-01 21:32 - 00000000 ___HD C:\Documents and Settings\XP POWER\Local Settings\Application Data\ZRwS98uqM
2015-09-19 17:39 - 2015-02-19 16:46 - 00000000 ____D C:\Program Files\Common Files\System
2015-09-19 17:39 - 2013-12-11 16:03 - 00000000 ___HD C:\Documents and Settings\XP POWER\Local Settings\Application Data\jQtHVdKPJs
2015-09-19 17:38 - 2015-02-27 08:30 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-09-13 12:28 - 2015-02-19 17:00 - 00000000 __SHD C:\Documents and Settings\XP POWER\PrivacIE
2015-09-13 10:43 - 2015-07-08 16:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\R-Wipe&Clean
2015-09-13 10:43 - 2015-04-03 11:05 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\R-Wipe&Clean
2015-09-13 08:24 - 2015-03-13 12:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2015-09-11 11:02 - 2015-02-19 20:54 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google
 
==================== Files in the root of some directories =======
 
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\2DvsHKa4N
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\838w6fuWq9mlst
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\CM8G96KmgcfxB9FWM2i2jFL3
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\hTmLu7END
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\lwwYCLdvcFaBsAGu8H9qXFhu3
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\m09PmwEyEPlH8DJPaf0
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\p4lyApZNzpLUL7Og720FLvePKCM
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\UJdRn6iCLf98arYbdbTzVF
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\yLRTdARaq631ddySmyG0VyMwfnX
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\yUFcWfJev7
2015-02-19 20:42 - 2015-08-26 07:00 - 0014848 _____ () C:\Documents and Settings\XP POWER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================

  • 0

#4
Essexboy
Posted 10 October 2015 - 09:47 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I see you have run combofix, could you post the log please

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1993962763-287218729-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 - No File
FF Extension: No Name - C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default\extensions\[email protected] [not found]
S3 catchme; \??\C:\DOCUME~1\XPPOWE~1\LOCALS~1\Temp\catchme.sys [X]
2015-10-09 15:28 - 2015-10-09 17:16 - 00000000 ____D C:\Program Files\Feed Notifier
2015-10-09 15:28 - 2015-10-09 17:16 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\NetService
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Program Files\OnePCOptimizer
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Program Files\jogotempo
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DataFile
2015-10-09 15:28 - 2015-10-09 16:20 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\RunDir
2015-10-09 15:28 - 2015-10-09 15:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\one pc optimizer
2015-10-09 15:27 - 2015-10-09 16:06 - 00004696 _____ C:\WINDOWS\system32\Diixexeqw.ini
2015-10-09 15:27 - 2015-10-09 16:06 - 00002408 _____ C:\WINDOWS\system32\DiixexeqwOff.ini
2015-10-09 15:27 - 2015-10-09 15:27 - 00000000 ____D C:\WINDOWS\system32\gyo
2015-10-09 15:27 - 2015-10-09 15:27 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Tempfolder
2015-10-09 15:25 - 2015-10-09 15:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\28341ff220e0446c9fff27c4493d622e
2015-10-09 15:22 - 2015-10-09 15:53 - 00000004 _____ C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
2015-10-09 15:16 - 2015-10-09 16:06 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Application Data\F004D280-1444403761-1013-9F4B-82111D8F605B
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\2DvsHKa4N
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\838w6fuWq9mlst
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\CM8G96KmgcfxB9FWM2i2jFL3
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\hTmLu7END
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\lwwYCLdvcFaBsAGu8H9qXFhu3
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\m09PmwEyEPlH8DJPaf0
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\p4lyApZNzpLUL7Og720FLvePKCM
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\UJdRn6iCLf98arYbdbTzVF
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\yLRTdARaq631ddySmyG0VyMwfnX
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\yUFcWfJev7
2015-02-19 20:42 - 2015-08-26 07:00 - 0014848 _____ () C:\Documents and Settings\XP POWER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#5
4leafclover
Posted 10 October 2015 - 11:25 AM

4leafclover

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Ah, yes..I googled a message that the antivirus gives and that's how I got to this forum. I found the post from somebody that had a similar program and that's how I got Combofix and Malewarebytes. Then some download links didn't work and I realized it was a really old post(from 2009). Sorry I forgot to mention that.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-10-2015
Ran by XP POWER (administrator) on XP-FC210920B0A5 (10-10-2015 10:24:31)
Running from C:\Documents and Settings\XP POWER\My Documents\Downloads
Loaded Profiles: XP POWER (Available Profiles: XP POWER & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Digidesign, A Division of Avid Technology, Inc.) C:\Program Files\Digidesign\Drivers\MMERefresh.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
(Aiptek) C:\WINDOWS\system32\atwtusb.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18085888 2009-02-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Share-to-Web Namespace Daemon] => C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [69632 2002-04-17] (Hewlett-Packard)
HKLM\...\Run: [atwtusb] => atwtusb.exe beta
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1989920 2013-08-26] (Wondershare)
HKLM\...\Run: [DelaypluginInstall] => C:\Documents and Settings\All Users\Application Data\Wondershare\AllMyTube\DelayPluginI.exe [1960336 2015-05-22] ()
HKLM\...\Run: [DigidesignMMERefresh] => C:\Program Files\Digidesign\Drivers\MMERefresh.exe [61440 2006-11-14] (Digidesign, A Division of Avid Technology, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2054360 2009-09-29] (ESET)
HKU\S-1-5-21-1993962763-287218729-682003330-1003\...\Run: [Pinger] => C:\Program Files\Pinger\Pinger.exe [10581504 2013-08-23] ()
HKU\S-1-5-21-1993962763-287218729-682003330-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53735968 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-1993962763-287218729-682003330-1003\...\Run: [KSS] => C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe [919296 2015-06-03] (Kaspersky Lab ZAO)
SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{27B13FA3-5F0A-4F81-920D-F18E90055E9D}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1993962763-287218729-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1993962763-287218729-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1993962763-287218729-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-23] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-23] (Oracle Corporation)
Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 -  No File
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-23] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: Eset Plugin - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2015-10-09]
FF Extension: No Name - C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default\extensions\[email protected] [not found]
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (EasyCalendar) - C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk [2015-10-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-09]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-09]
CHR Extension: (Bitdefender QuickScan) - C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-10-09]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DigiRefresh; C:\Program Files\Digidesign\Drivers\MMERefresh.exe [61440 2006-11-14] (Digidesign, A Division of Avid Technology, Inc.) [File not signed]
S3 digiSPTIService; C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe [122880 2006-11-13] (Digidesign, A Division of Avid Technology, Inc.) [File not signed]
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [20680 2009-09-29] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [735960 2009-09-29] (ESET)
S2 kss; C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe [919296 2015-06-03] (Kaspersky Lab ZAO)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 spupdsvc; C:\WINDOWS\system32\spupdsvc.exe [26488 2007-07-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
S1 aiptektp; C:\WINDOWS\System32\DRIVERS\aiptektp.sys [22272 2004-07-07] (AIPTEK International Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R0 DigiFilter; C:\WINDOWS\System32\drivers\DigiFilt.sys [16384 2006-11-13] (Digidesign, A Division of Avid Technology, Inc.) [File not signed]
R2 DigiNet; C:\WINDOWS\System32\DRIVERS\diginet.sys [11776 2006-11-13] (Digidesign, A Division of Avid Technology, Inc.) [File not signed]
R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [116008 2009-09-29] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [108792 2009-09-29] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [96408 2009-09-29] (ESET)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2015-04-01] ()
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [32384 2015-10-09] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [14184 2013-11-17] (Marvell Semiconductor Inc.)
R0 mv64xxmm; C:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2013-11-17] (Marvell Semiconductor Inc.) [File not signed]
R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [14184 2013-11-17] (Marvell Semiconductor Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-08] (NVIDIA Corporation)
R0 nvlegacy; C:\WINDOWS\system32\Drivers\nvlegacy.sys [100736 2013-11-17] (NVIDIA Corporation) [File not signed]
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
S3 RTL8192cu; C:\WINDOWS\System32\DRIVERS\RTL8192cu.sys [894696 2010-07-13] (Realtek Semiconductor Corporation                           )
R0 TPkd; C:\WINDOWS\system32\Drivers\TPkd.sys [72608 2006-10-05] (PACE Anti-Piracy, Inc.) [File not signed]
S3 zghsdiag; C:\WINDOWS\System32\DRIVERS\zghsdiag.sys [113688 2011-08-22] (ZTE Incorporated)
S3 catchme; \??\C:\DOCUME~1\XPPOWE~1\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-10 10:24 - 2015-04-01 14:13 - 02208768 _____ C:\Documents and Settings\XP POWER\Desktop\adwcleaner_4.200.exe
2015-10-10 08:29 - 2015-10-10 10:24 - 00000000 ____D C:\FRST
2015-10-10 03:09 - 2015-10-10 03:09 - 00005657 _____ C:\WINDOWS\KB2378111.log
2015-10-10 03:06 - 2015-10-10 03:06 - 00000000 ____D C:\WINDOWS\LastGood
2015-10-10 00:29 - 2015-10-10 00:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Security Scan
2015-10-10 00:29 - 2015-10-10 00:28 - 00000802 _____ C:\Documents and Settings\All Users\Desktop\Kaspersky Security Scan.lnk
2015-10-10 00:28 - 2015-10-10 00:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2015-10-10 00:28 - 2015-10-10 00:28 - 00000000 ____D C:\Program Files\Kaspersky Lab
2015-10-10 00:01 - 2015-10-10 00:01 - 00173281 _____ C:\Documents and Settings\XP POWER\Desktop\runscanner.run
2015-10-09 23:59 - 2015-10-09 23:59 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\Runscanner.net
2015-10-09 23:51 - 2015-10-09 23:51 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\QuickScan
2015-10-09 17:45 - 2015-10-09 17:45 - 00000000 ____D C:\Documents and Settings\XP POWER\My Documents\ESET NOD 32 Anti-Virus 4.0.468.0
2015-10-09 17:45 - 2015-10-09 17:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ESET
2015-10-09 17:39 - 2015-10-09 17:39 - 00013663 _____ C:\ComboFix.txt
2015-10-09 17:39 - 2015-10-09 17:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-10-09 17:39 - 2015-10-09 17:39 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2015-10-09 17:39 - 2015-10-09 17:39 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-10-09 17:34 - 2015-10-09 17:34 - 00000000 _RSHD C:\cmdcons
2015-10-09 16:52 - 2015-10-05 14:23 - 01801288 _____ (Malwarebytes) C:\Documents and Settings\XP POWER\Desktop\JRT.exe
2015-10-09 16:09 - 2015-10-09 16:09 - 00032384 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-10-09 16:08 - 2015-10-09 16:08 - 00220530 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-10-09 16:08 - 2015-10-09 16:08 - 00220530 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1993962763-287218729-682003330-1003-0.dat
2015-10-09 16:06 - 2015-10-09 16:06 - 00236394 _____ C:\WINDOWS\system32\.crusader
2015-10-09 15:49 - 2015-10-09 16:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2015-10-09 15:29 - 2015-10-09 16:47 - 00000824 _____ C:\Documents and Settings\XP POWER\Desktop\Simple Media Player.lnk
2015-10-09 15:29 - 2015-10-09 15:29 - 00000000 ____D C:\Program Files\Simple Media Player
2015-10-09 15:29 - 2015-10-09 15:29 - 00000000 ____D C:\Documents and Settings\XP POWER\Start Menu\Programs\Simple Media Player
2015-10-09 15:28 - 2015-10-09 17:16 - 00000000 ____D C:\Program Files\Feed Notifier
2015-10-09 15:28 - 2015-10-09 17:16 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\NetService
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Program Files\OnePCOptimizer
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Program Files\jogotempo
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DataFile
2015-10-09 15:28 - 2015-10-09 16:20 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\RunDir
2015-10-09 15:28 - 2015-10-09 15:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\one pc optimizer
2015-10-09 15:27 - 2015-10-09 16:06 - 00004696 _____ C:\WINDOWS\system32\Diixexeqw.ini
2015-10-09 15:27 - 2015-10-09 16:06 - 00002408 _____ C:\WINDOWS\system32\DiixexeqwOff.ini
2015-10-09 15:27 - 2015-10-09 15:27 - 00000000 ____D C:\WINDOWS\system32\gyo
2015-10-09 15:27 - 2015-10-09 15:27 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Tempfolder
2015-10-09 15:25 - 2015-10-09 15:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\28341ff220e0446c9fff27c4493d622e
2015-10-09 15:22 - 2015-10-09 15:53 - 00000004 _____ C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
2015-10-09 15:16 - 2015-10-09 16:06 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Application Data\F004D280-1444403761-1013-9F4B-82111D8F605B
2015-10-09 15:15 - 2015-04-01 19:22 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-10-09 15:08 - 2015-10-09 15:08 - 00013100 _____ C:\WINDOWS\iis6.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00012367 _____ C:\WINDOWS\FaxSetup.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00008166 _____ C:\WINDOWS\MSCompPackV1.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00007160 _____ C:\WINDOWS\ocgen.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00005642 _____ C:\WINDOWS\tsoc.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00003990 _____ C:\WINDOWS\comsetup.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00003686 _____ C:\WINDOWS\msmqinst.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00002424 _____ C:\WINDOWS\ntdtcsetup.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00002166 _____ C:\WINDOWS\netfxocm.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00001374 _____ C:\WINDOWS\imsins.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00001374 _____ C:\WINDOWS\imsins.BAK
2015-10-09 15:08 - 2015-10-09 15:08 - 00000850 _____ C:\WINDOWS\MedCtrOC.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00000622 _____ C:\WINDOWS\tabletoc.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallMSCompPackV1$
2015-10-09 15:08 - 2007-07-27 23:11 - 00016760 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2015-10-09 15:07 - 2015-10-10 03:09 - 00013578 _____ C:\WINDOWS\spupdsvc.log
2015-10-09 15:07 - 2015-10-09 15:08 - 00033210 _____ C:\WINDOWS\wmp11.log
2015-10-09 15:07 - 2015-10-09 15:07 - 00001313 _____ C:\WINDOWS\updspapi.log
2015-10-09 15:07 - 2015-10-09 15:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallwmp11$
2015-10-09 15:07 - 2015-10-09 15:07 - 00000000 ____D C:\Program Files\Windows Media Connect 2
2015-10-09 15:07 - 2008-04-14 04:00 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpns.dll
2015-10-09 15:06 - 2015-10-09 15:07 - 00023667 _____ C:\WINDOWS\WMFDist11.log
2015-10-09 15:05 - 2015-10-10 03:09 - 00007488 _____ C:\WINDOWS\wmsetup.log
2015-10-08 06:35 - 2015-10-08 06:35 - 00186880 _____ (TODO: <Company name>) C:\WINDOWS\system32\rsrcs.dll
2015-10-07 07:13 - 2015-10-07 07:13 - 00023552 _____ C:\WINDOWS\system32\HardwareInformation.exe
2015-10-02 15:48 - 2015-10-05 09:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-24 10:34 - 2015-09-24 10:34 - 00000000 ____D C:\Program Files\WinRAR
2015-09-24 10:34 - 2015-09-24 10:34 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\WinRAR
2015-09-24 10:34 - 2015-09-24 10:34 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
2015-09-24 09:48 - 2015-09-24 10:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WinZip
2015-09-22 10:38 - 2015-09-22 10:39 - 00000356 _____ C:\WINDOWS\WINNT32.LOG
2015-09-19 17:40 - 2015-09-19 17:40 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-09-19 17:40 - 2015-09-19 17:40 - 00000000 ____D C:\Program Files\InterLok
2015-09-19 17:40 - 2006-11-13 21:38 - 00016384 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\WINDOWS\system32\Drivers\DigiFilt.sys
2015-09-19 17:39 - 2015-09-19 17:39 - 00000000 ____D C:\Program Files\Common Files\PACE Anti-Piracy
2015-09-19 17:39 - 2015-09-19 17:39 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Application Data\PACE Anti-Piracy
2015-09-19 17:39 - 2015-09-19 17:39 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\PACE Anti-Piracy
2015-09-19 17:39 - 2015-09-19 17:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2015-09-19 17:39 - 2006-11-14 00:05 - 00126976 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\WINDOWS\system32\Digi32.dll
2015-09-19 17:38 - 2015-10-09 16:47 - 00001656 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Pro Tools LE.lnk
2015-09-19 17:38 - 2015-10-09 16:47 - 00001650 _____ C:\Documents and Settings\All Users\Desktop\Pro Tools LE.lnk
2015-09-19 17:38 - 2015-09-19 17:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Digidesign
2015-09-19 17:38 - 2006-11-13 21:38 - 00017408 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\WINDOWS\system32\Drivers\dgfwboot.sys
2015-09-19 17:38 - 2006-09-19 22:17 - 00638976 ____N (PACE Anti-Piracy) C:\WINDOWS\system32\ilinet.dll
2015-09-19 17:38 - 2006-03-29 14:11 - 00233472 ____N (Propellerhead Software AB) C:\WINDOWS\system32\REX Shared Library.dll
2015-09-19 17:38 - 2001-06-27 09:13 - 00217088 _____ C:\WINDOWS\system32\qtmlClient.dll
2015-09-19 17:37 - 2015-09-19 17:39 - 00000000 ____D C:\Program Files\Digidesign
2015-09-19 17:37 - 2015-09-19 17:37 - 00000000 ____D C:\Program Files\Common Files\Digidesign
2015-09-19 17:37 - 2006-11-14 05:12 - 03638655 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\WINDOWS\system32\DirectIO.dll
2015-09-19 17:37 - 2006-11-13 22:07 - 00090112 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\WINDOWS\system32\WinMMFix.dll
2015-09-19 17:37 - 2006-11-13 21:38 - 00015872 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\WINDOWS\system32\digicoin.dll
2015-09-19 17:37 - 2006-11-13 21:38 - 00011776 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\WINDOWS\system32\Drivers\diginet.sys
2015-09-19 17:37 - 2006-11-13 21:37 - 00483328 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\WINDOWS\system32\DSI.dll
2015-09-19 17:37 - 2006-11-13 21:37 - 00118784 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\WINDOWS\system32\Diomidi.DLL
2015-09-19 17:37 - 2006-11-13 21:35 - 01900132 _____ C:\WINDOWS\system32\ExpansionHD_Firmware.bin
2015-09-19 17:37 - 2006-11-13 21:35 - 00192512 _____ C:\WINDOWS\system32\DigiPlatformSupport.dll
2015-09-19 14:23 - 2008-04-14 05:41 - 00021504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidserv.dll
2015-09-19 14:23 - 2008-04-14 05:41 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2015-09-19 14:23 - 2008-04-14 00:09 - 00014592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhid.sys
2015-09-19 14:23 - 2008-04-14 00:09 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-09-17 16:55 - 2015-09-17 16:55 - 00055376 _____ C:\Documents and Settings\XP POWER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-09-17 10:38 - 2015-09-17 12:17 - 00000000 ____D C:\Documents and Settings\XP POWER\Desktop\New Folder
2015-09-13 13:17 - 2015-10-09 16:47 - 00000740 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-13 13:17 - 2015-10-09 16:47 - 00000734 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-09-13 13:17 - 2015-10-09 16:09 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-13 12:54 - 2015-09-13 12:54 - 00242752 _____ C:\Documents and Settings\XP POWER\My Documents\Firefox Setup Stub 40.0.3.exe
2015-09-13 12:02 - 2015-10-09 17:46 - 00053503 _____ C:\WINDOWS\setupapi.log
2015-09-13 12:02 - 2015-10-05 14:51 - 00001367 _____ C:\WINDOWS\setupact.log
2015-09-13 12:02 - 2015-09-13 12:02 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-13 10:33 - 2015-10-10 05:55 - 00694283 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-13 10:33 - 2015-10-09 20:21 - 00032572 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-13 10:33 - 2015-10-09 18:09 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-09-13 10:33 - 2015-10-09 18:09 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-09-13 10:33 - 2015-09-13 10:33 - 00219248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-13 10:33 - 2015-09-13 10:33 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2015-09-13 08:24 - 2015-09-13 08:24 - 00000000 ___RD C:\Program Files\Skype
2015-09-13 08:24 - 2015-09-13 08:24 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-09-13 08:24 - 2015-09-13 08:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2015-09-11 15:02 - 2015-09-11 15:02 - 00000000 ____D C:\Documents and Settings\XP POWER\My Documents\windows key words
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-10 10:24 - 2015-04-01 19:23 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\temp
2015-10-10 10:24 - 2015-03-13 12:50 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\Skype
2015-10-10 10:21 - 2015-02-19 20:54 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-10 10:21 - 2015-02-19 20:54 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-10 03:14 - 2015-02-19 20:43 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-10-10 03:11 - 2015-02-19 08:30 - 00568092 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-09 18:09 - 2015-02-19 17:40 - 00000228 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-10-09 18:09 - 2015-02-19 16:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-09 18:06 - 2015-05-31 08:53 - 00001823 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-10-09 17:45 - 2015-04-01 14:25 - 00000000 ____D C:\Program Files\ESET
2015-10-09 17:39 - 2015-04-01 19:15 - 00000000 ____D C:\Qoobox
2015-10-09 17:38 - 2008-04-14 04:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-10-09 17:34 - 2015-02-19 08:29 - 00000327 __RSH C:\boot.ini
2015-10-09 17:32 - 2015-04-01 19:19 - 00000327 _____ C:\Boot.bak
2015-10-09 17:28 - 2015-04-01 14:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ESET
2015-10-09 17:00 - 2015-04-01 14:13 - 00000000 ____D C:\AdwCleaner
2015-10-09 16:49 - 2015-02-19 08:27 - 00000000 ____D C:\WINDOWS\java
2015-10-09 16:47 - 2015-08-04 08:48 - 00000729 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2015-10-09 16:47 - 2015-08-02 21:50 - 00001112 _____ C:\Documents and Settings\All Users\Desktop\Wondershare Free YouTube Downloader.lnk
2015-10-09 16:47 - 2015-07-22 19:47 - 00001863 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth.lnk
2015-10-09 16:47 - 2015-07-04 09:50 - 00000712 _____ C:\Documents and Settings\All Users\Desktop\Photobie.lnk
2015-10-09 16:47 - 2015-06-22 21:38 - 00000835 _____ C:\Documents and Settings\XP POWER\Desktop\Portrait Professional Max.lnk
2015-10-09 16:47 - 2015-04-10 12:27 - 00002415 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2015-10-09 16:47 - 2015-04-03 11:05 - 00001397 _____ C:\Documents and Settings\All Users\Desktop\R-Wipe&Clean.lnk
2015-10-09 16:47 - 2015-04-01 19:00 - 00000787 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-09 16:47 - 2015-03-05 17:30 - 00001612 _____ C:\Documents and Settings\All Users\Desktop\Readiris Pro 8.lnk
2015-10-09 16:47 - 2015-03-05 17:26 - 00000861 _____ C:\Documents and Settings\All Users\Desktop\HP Photo & Imaging.lnk
2015-10-09 16:47 - 2015-03-05 17:26 - 00000791 _____ C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2015-10-09 16:47 - 2015-03-01 19:47 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2015-10-09 16:47 - 2015-02-24 15:13 - 00000704 _____ C:\Documents and Settings\XP POWER\Desktop\Pinger.lnk
2015-10-09 16:47 - 2015-02-19 20:48 - 00000911 _____ C:\Documents and Settings\All Users\Desktop\Snagit 11 Editor.lnk
2015-10-09 16:47 - 2015-02-19 20:48 - 00000867 _____ C:\Documents and Settings\All Users\Desktop\Snagit 11.lnk
2015-10-09 16:47 - 2015-02-19 20:05 - 00001823 _____ C:\Documents and Settings\All Users\Desktop\Homestead SiteBuilder.lnk
2015-10-09 16:47 - 2015-02-19 18:46 - 00001553 _____ C:\Documents and Settings\XP POWER\Desktop\Microsoft Picture It! Photo 2001.lnk
2015-10-09 16:47 - 2015-02-19 18:03 - 00000927 _____ C:\Documents and Settings\XP POWER\Desktop\Revo Uninstaller.lnk
2015-10-09 16:47 - 2015-02-19 16:47 - 00000796 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
2015-10-09 16:37 - 2015-04-01 19:01 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-09 16:09 - 2015-04-01 08:38 - 00000000 ____D C:\Program Files\7-Zip
2015-10-09 16:09 - 2015-02-19 16:48 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2015-10-09 16:09 - 2015-02-19 16:48 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2015-10-09 16:09 - 2008-04-14 04:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-10-09 15:31 - 2015-02-19 08:30 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-10-09 15:27 - 2015-02-19 16:51 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-10-09 15:07 - 2015-02-19 08:27 - 00000000 ____D C:\WINDOWS\Help
2015-10-09 15:07 - 2008-04-14 04:00 - 00000603 _____ C:\WINDOWS\win.ini
2015-10-09 15:06 - 2015-02-27 08:33 - 00017200 ____C C:\WINDOWS\Wudf01000Inst.log
2015-10-09 13:25 - 2015-02-19 18:43 - 00000000 ____D C:\Program Files\Microsoft Picture It! PhotoPub
2015-10-09 00:38 - 2015-08-04 08:49 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\vlc
2015-10-08 15:23 - 2015-02-19 17:40 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-09-19 17:39 - 2015-07-01 21:32 - 00000000 ___HD C:\Documents and Settings\XP POWER\Local Settings\Application Data\ZRwS98uqM
2015-09-19 17:39 - 2015-02-19 16:46 - 00000000 ____D C:\Program Files\Common Files\System
2015-09-19 17:39 - 2013-12-11 16:03 - 00000000 ___HD C:\Documents and Settings\XP POWER\Local Settings\Application Data\jQtHVdKPJs
2015-09-19 17:38 - 2015-02-27 08:30 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-09-13 12:28 - 2015-02-19 17:00 - 00000000 __SHD C:\Documents and Settings\XP POWER\PrivacIE
2015-09-13 10:43 - 2015-07-08 16:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\R-Wipe&Clean
2015-09-13 10:43 - 2015-04-03 11:05 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\R-Wipe&Clean
2015-09-13 08:24 - 2015-03-13 12:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2015-09-11 11:02 - 2015-02-19 20:54 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google
 
==================== Files in the root of some directories =======
 
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\2DvsHKa4N
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\838w6fuWq9mlst
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\CM8G96KmgcfxB9FWM2i2jFL3
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\hTmLu7END
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\lwwYCLdvcFaBsAGu8H9qXFhu3
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\m09PmwEyEPlH8DJPaf0
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\p4lyApZNzpLUL7Og720FLvePKCM
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\UJdRn6iCLf98arYbdbTzVF
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\yLRTdARaq631ddySmyG0VyMwfnX
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\yUFcWfJev7
2015-02-19 20:42 - 2015-08-26 07:00 - 0014848 _____ () C:\Documents and Settings\XP POWER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================

Edited by 4leafclover, 10 October 2015 - 11:27 AM.

  • 0

#6
4leafclover
Posted 10 October 2015 - 11:34 AM

4leafclover

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
# AdwCleaner v4.200 - Logfile created 10/10/2015 at 10:31:13
# Updated 29/03/2015 by Xplode
# Database : 2015-10-09.3 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : XP POWER - XP-FC210920B0A5
# Running from : C:\Documents and Settings\XP POWER\Desktop\adwcleaner_4.200.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_kaspersky-security-scan.en.softonic.com_0.localstorage
File Deleted : C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_kaspersky-security-scan.en.softonic.com_0.localstorage-journal
File Deleted : C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.tradeadexchange.com_0.localstorage
File Deleted : C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.tradeadexchange.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CRSBRWSHTML
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v41.0.1 (x86 en-US)
 
 
-\\ Google Chrome v45.0.2454.101
 
 
*************************
 
AdwCleaner[R4].txt - [1443 bytes] - [13/09/2015 08:15:14]
AdwCleaner[R5].txt - [4508 bytes] - [09/10/2015 16:58:10]
AdwCleaner[R6].txt - [1841 bytes] - [10/10/2015 10:29:52]
AdwCleaner[S3].txt - [1517 bytes] - [13/09/2015 08:20:24]
AdwCleaner[S4].txt - [4646 bytes] - [09/10/2015 17:00:45]
AdwCleaner[S5].txt - [1776 bytes] - [10/10/2015 10:31:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1835  bytes] ##########

  • 0

#7
Essexboy
Posted 10 October 2015 - 12:00 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you post the FRST fixlog please and let me know how the computer is now
  • 0

#8
4leafclover
Posted 10 October 2015 - 05:58 PM

4leafclover

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

The computer is doing better, no more random pop-ups but that message from NOD32 still pops up once in a while. I have to click on clean or delete few times and then it goes away.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-10-2015
Ran by XP POWER (administrator) on XP-FC210920B0A5 (10-10-2015 10:24:31)
Running from C:\Documents and Settings\XP POWER\My Documents\Downloads
Loaded Profiles: XP POWER (Available Profiles: XP POWER & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Digidesign, A Division of Avid Technology, Inc.) C:\Program Files\Digidesign\Drivers\MMERefresh.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
(Aiptek) C:\WINDOWS\system32\atwtusb.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18085888 2009-02-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Share-to-Web Namespace Daemon] => C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [69632 2002-04-17] (Hewlett-Packard)
HKLM\...\Run: [atwtusb] => atwtusb.exe beta
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1989920 2013-08-26] (Wondershare)
HKLM\...\Run: [DelaypluginInstall] => C:\Documents and Settings\All Users\Application Data\Wondershare\AllMyTube\DelayPluginI.exe [1960336 2015-05-22] ()
HKLM\...\Run: [DigidesignMMERefresh] => C:\Program Files\Digidesign\Drivers\MMERefresh.exe [61440 2006-11-14] (Digidesign, A Division of Avid Technology, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2054360 2009-09-29] (ESET)
HKU\S-1-5-21-1993962763-287218729-682003330-1003\...\Run: [Pinger] => C:\Program Files\Pinger\Pinger.exe [10581504 2013-08-23] ()
HKU\S-1-5-21-1993962763-287218729-682003330-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53735968 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-1993962763-287218729-682003330-1003\...\Run: [KSS] => C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe [919296 2015-06-03] (Kaspersky Lab ZAO)
SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{27B13FA3-5F0A-4F81-920D-F18E90055E9D}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1993962763-287218729-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1993962763-287218729-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1993962763-287218729-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-23] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-23] (Oracle Corporation)
Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 -  No File
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-23] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: Eset Plugin - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2015-10-09]
FF Extension: No Name - C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default\extensions\[email protected] [not found]
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (EasyCalendar) - C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk [2015-10-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-09]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-09]
CHR Extension: (Bitdefender QuickScan) - C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-10-09]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DigiRefresh; C:\Program Files\Digidesign\Drivers\MMERefresh.exe [61440 2006-11-14] (Digidesign, A Division of Avid Technology, Inc.) [File not signed]
S3 digiSPTIService; C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe [122880 2006-11-13] (Digidesign, A Division of Avid Technology, Inc.) [File not signed]
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [20680 2009-09-29] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [735960 2009-09-29] (ESET)
S2 kss; C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe [919296 2015-06-03] (Kaspersky Lab ZAO)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 spupdsvc; C:\WINDOWS\system32\spupdsvc.exe [26488 2007-07-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
S1 aiptektp; C:\WINDOWS\System32\DRIVERS\aiptektp.sys [22272 2004-07-07] (AIPTEK International Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R0 DigiFilter; C:\WINDOWS\System32\drivers\DigiFilt.sys [16384 2006-11-13] (Digidesign, A Division of Avid Technology, Inc.) [File not signed]
R2 DigiNet; C:\WINDOWS\System32\DRIVERS\diginet.sys [11776 2006-11-13] (Digidesign, A Division of Avid Technology, Inc.) [File not signed]
R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [116008 2009-09-29] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [108792 2009-09-29] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [96408 2009-09-29] (ESET)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2015-04-01] ()
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [32384 2015-10-09] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [14184 2013-11-17] (Marvell Semiconductor Inc.)
R0 mv64xxmm; C:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2013-11-17] (Marvell Semiconductor Inc.) [File not signed]
R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [14184 2013-11-17] (Marvell Semiconductor Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-08] (NVIDIA Corporation)
R0 nvlegacy; C:\WINDOWS\system32\Drivers\nvlegacy.sys [100736 2013-11-17] (NVIDIA Corporation) [File not signed]
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
S3 RTL8192cu; C:\WINDOWS\System32\DRIVERS\RTL8192cu.sys [894696 2010-07-13] (Realtek Semiconductor Corporation                           )
R0 TPkd; C:\WINDOWS\system32\Drivers\TPkd.sys [72608 2006-10-05] (PACE Anti-Piracy, Inc.) [File not signed]
S3 zghsdiag; C:\WINDOWS\System32\DRIVERS\zghsdiag.sys [113688 2011-08-22] (ZTE Incorporated)
S3 catchme; \??\C:\DOCUME~1\XPPOWE~1\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-10 10:24 - 2015-04-01 14:13 - 02208768 _____ C:\Documents and Settings\XP POWER\Desktop\adwcleaner_4.200.exe
2015-10-10 08:29 - 2015-10-10 10:24 - 00000000 ____D C:\FRST
2015-10-10 03:09 - 2015-10-10 03:09 - 00005657 _____ C:\WINDOWS\KB2378111.log
2015-10-10 03:06 - 2015-10-10 03:06 - 00000000 ____D C:\WINDOWS\LastGood
2015-10-10 00:29 - 2015-10-10 00:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Security Scan
2015-10-10 00:29 - 2015-10-10 00:28 - 00000802 _____ C:\Documents and Settings\All Users\Desktop\Kaspersky Security Scan.lnk
2015-10-10 00:28 - 2015-10-10 00:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2015-10-10 00:28 - 2015-10-10 00:28 - 00000000 ____D C:\Program Files\Kaspersky Lab
2015-10-10 00:01 - 2015-10-10 00:01 - 00173281 _____ C:\Documents and Settings\XP POWER\Desktop\runscanner.run
2015-10-09 23:59 - 2015-10-09 23:59 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\Runscanner.net
2015-10-09 23:51 - 2015-10-09 23:51 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\QuickScan
2015-10-09 17:45 - 2015-10-09 17:45 - 00000000 ____D C:\Documents and Settings\XP POWER\My Documents\ESET NOD 32 Anti-Virus 4.0.468.0
2015-10-09 17:45 - 2015-10-09 17:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ESET
2015-10-09 17:39 - 2015-10-09 17:39 - 00013663 _____ C:\ComboFix.txt
2015-10-09 17:39 - 2015-10-09 17:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-10-09 17:39 - 2015-10-09 17:39 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2015-10-09 17:39 - 2015-10-09 17:39 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-10-09 17:34 - 2015-10-09 17:34 - 00000000 _RSHD C:\cmdcons
2015-10-09 16:52 - 2015-10-05 14:23 - 01801288 _____ (Malwarebytes) C:\Documents and Settings\XP POWER\Desktop\JRT.exe
2015-10-09 16:09 - 2015-10-09 16:09 - 00032384 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-10-09 16:08 - 2015-10-09 16:08 - 00220530 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-10-09 16:08 - 2015-10-09 16:08 - 00220530 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1993962763-287218729-682003330-1003-0.dat
2015-10-09 16:06 - 2015-10-09 16:06 - 00236394 _____ C:\WINDOWS\system32\.crusader
2015-10-09 15:49 - 2015-10-09 16:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2015-10-09 15:29 - 2015-10-09 16:47 - 00000824 _____ C:\Documents and Settings\XP POWER\Desktop\Simple Media Player.lnk
2015-10-09 15:29 - 2015-10-09 15:29 - 00000000 ____D C:\Program Files\Simple Media Player
2015-10-09 15:29 - 2015-10-09 15:29 - 00000000 ____D C:\Documents and Settings\XP POWER\Start Menu\Programs\Simple Media Player
2015-10-09 15:28 - 2015-10-09 17:16 - 00000000 ____D C:\Program Files\Feed Notifier
2015-10-09 15:28 - 2015-10-09 17:16 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\NetService
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Program Files\OnePCOptimizer
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Program Files\jogotempo
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DataFile
2015-10-09 15:28 - 2015-10-09 16:20 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\RunDir
2015-10-09 15:28 - 2015-10-09 15:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\one pc optimizer
2015-10-09 15:27 - 2015-10-09 16:06 - 00004696 _____ C:\WINDOWS\system32\Diixexeqw.ini
2015-10-09 15:27 - 2015-10-09 16:06 - 00002408 _____ C:\WINDOWS\system32\DiixexeqwOff.ini
2015-10-09 15:27 - 2015-10-09 15:27 - 00000000 ____D C:\WINDOWS\system32\gyo
2015-10-09 15:27 - 2015-10-09 15:27 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Tempfolder
2015-10-09 15:25 - 2015-10-09 15:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\28341ff220e0446c9fff27c4493d622e
2015-10-09 15:22 - 2015-10-09 15:53 - 00000004 _____ C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
2015-10-09 15:16 - 2015-10-09 16:06 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Application Data\F004D280-1444403761-1013-9F4B-82111D8F605B
2015-10-09 15:15 - 2015-04-01 19:22 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-10-09 15:08 - 2015-10-09 15:08 - 00013100 _____ C:\WINDOWS\iis6.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00012367 _____ C:\WINDOWS\FaxSetup.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00008166 _____ C:\WINDOWS\MSCompPackV1.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00007160 _____ C:\WINDOWS\ocgen.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00005642 _____ C:\WINDOWS\tsoc.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00003990 _____ C:\WINDOWS\comsetup.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00003686 _____ C:\WINDOWS\msmqinst.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00002424 _____ C:\WINDOWS\ntdtcsetup.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00002166 _____ C:\WINDOWS\netfxocm.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00001374 _____ C:\WINDOWS\imsins.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00001374 _____ C:\WINDOWS\imsins.BAK
2015-10-09 15:08 - 2015-10-09 15:08 - 00000850 _____ C:\WINDOWS\MedCtrOC.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00000622 _____ C:\WINDOWS\tabletoc.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallMSCompPackV1$
2015-10-09 15:08 - 2007-07-27 23:11 - 00016760 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2015-10-09 15:07 - 2015-10-10 03:09 - 00013578 _____ C:\WINDOWS\spupdsvc.log
2015-10-09 15:07 - 2015-10-09 15:08 - 00033210 _____ C:\WINDOWS\wmp11.log
2015-10-09 15:07 - 2015-10-09 15:07 - 00001313 _____ C:\WINDOWS\updspapi.log
2015-10-09 15:07 - 2015-10-09 15:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallwmp11$
2015-10-09 15:07 - 2015-10-09 15:07 - 00000000 ____D C:\Program Files\Windows Media Connect 2
2015-10-09 15:07 - 2008-04-14 04:00 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpns.dll
2015-10-09 15:06 - 2015-10-09 15:07 - 00023667 _____ C:\WINDOWS\WMFDist11.log
2015-10-09 15:05 - 2015-10-10 03:09 - 00007488 _____ C:\WINDOWS\wmsetup.log
2015-10-08 06:35 - 2015-10-08 06:35 - 00186880 _____ (TODO: <Company name>) C:\WINDOWS\system32\rsrcs.dll
2015-10-07 07:13 - 2015-10-07 07:13 - 00023552 _____ C:\WINDOWS\system32\HardwareInformation.exe
2015-10-02 15:48 - 2015-10-05 09:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-24 10:34 - 2015-09-24 10:34 - 00000000 ____D C:\Program Files\WinRAR
2015-09-24 10:34 - 2015-09-24 10:34 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\WinRAR
2015-09-24 10:34 - 2015-09-24 10:34 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
2015-09-24 09:48 - 2015-09-24 10:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WinZip
2015-09-22 10:38 - 2015-09-22 10:39 - 00000356 _____ C:\WINDOWS\WINNT32.LOG
2015-09-19 17:40 - 2015-09-19 17:40 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-09-19 17:40 - 2015-09-19 17:40 - 00000000 ____D C:\Program Files\InterLok
2015-09-19 17:40 - 2006-11-13 21:38 - 00016384 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\WINDOWS\system32\Drivers\DigiFilt.sys
2015-09-19 17:39 - 2015-09-19 17:39 - 00000000 ____D C:\Program Files\Common Files\PACE Anti-Piracy
2015-09-19 17:39 - 2015-09-19 17:39 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Application Data\PACE Anti-Piracy
2015-09-19 17:39 - 2015-09-19 17:39 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\PACE Anti-Piracy
2015-09-19 17:39 - 2015-09-19 17:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2015-09-19 17:39 - 2006-11-14 00:05 - 00126976 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\WINDOWS\system32\Digi32.dll
2015-09-19 17:38 - 2015-10-09 16:47 - 00001656 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Pro Tools LE.lnk
2015-09-19 17:38 - 2015-10-09 16:47 - 00001650 _____ C:\Documents and Settings\All Users\Desktop\Pro Tools LE.lnk
2015-09-19 17:38 - 2015-09-19 17:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Digidesign
2015-09-19 17:38 - 2006-11-13 21:38 - 00017408 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\WINDOWS\system32\Drivers\dgfwboot.sys
2015-09-19 17:38 - 2006-09-19 22:17 - 00638976 ____N (PACE Anti-Piracy) C:\WINDOWS\system32\ilinet.dll
2015-09-19 17:38 - 2006-03-29 14:11 - 00233472 ____N (Propellerhead Software AB) C:\WINDOWS\system32\REX Shared Library.dll
2015-09-19 17:38 - 2001-06-27 09:13 - 00217088 _____ C:\WINDOWS\system32\qtmlClient.dll
2015-09-19 17:37 - 2015-09-19 17:39 - 00000000 ____D C:\Program Files\Digidesign
2015-09-19 17:37 - 2015-09-19 17:37 - 00000000 ____D C:\Program Files\Common Files\Digidesign
2015-09-19 17:37 - 2006-11-14 05:12 - 03638655 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\WINDOWS\system32\DirectIO.dll
2015-09-19 17:37 - 2006-11-13 22:07 - 00090112 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\WINDOWS\system32\WinMMFix.dll
2015-09-19 17:37 - 2006-11-13 21:38 - 00015872 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\WINDOWS\system32\digicoin.dll
2015-09-19 17:37 - 2006-11-13 21:38 - 00011776 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\WINDOWS\system32\Drivers\diginet.sys
2015-09-19 17:37 - 2006-11-13 21:37 - 00483328 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\WINDOWS\system32\DSI.dll
2015-09-19 17:37 - 2006-11-13 21:37 - 00118784 _____ (Digidesign, A Division of Avid Technology, Inc.) C:\WINDOWS\system32\Diomidi.DLL
2015-09-19 17:37 - 2006-11-13 21:35 - 01900132 _____ C:\WINDOWS\system32\ExpansionHD_Firmware.bin
2015-09-19 17:37 - 2006-11-13 21:35 - 00192512 _____ C:\WINDOWS\system32\DigiPlatformSupport.dll
2015-09-19 14:23 - 2008-04-14 05:41 - 00021504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidserv.dll
2015-09-19 14:23 - 2008-04-14 05:41 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2015-09-19 14:23 - 2008-04-14 00:09 - 00014592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhid.sys
2015-09-19 14:23 - 2008-04-14 00:09 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-09-17 16:55 - 2015-09-17 16:55 - 00055376 _____ C:\Documents and Settings\XP POWER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-09-17 10:38 - 2015-09-17 12:17 - 00000000 ____D C:\Documents and Settings\XP POWER\Desktop\New Folder
2015-09-13 13:17 - 2015-10-09 16:47 - 00000740 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-13 13:17 - 2015-10-09 16:47 - 00000734 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-09-13 13:17 - 2015-10-09 16:09 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-13 12:54 - 2015-09-13 12:54 - 00242752 _____ C:\Documents and Settings\XP POWER\My Documents\Firefox Setup Stub 40.0.3.exe
2015-09-13 12:02 - 2015-10-09 17:46 - 00053503 _____ C:\WINDOWS\setupapi.log
2015-09-13 12:02 - 2015-10-05 14:51 - 00001367 _____ C:\WINDOWS\setupact.log
2015-09-13 12:02 - 2015-09-13 12:02 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-13 10:33 - 2015-10-10 05:55 - 00694283 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-13 10:33 - 2015-10-09 20:21 - 00032572 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-13 10:33 - 2015-10-09 18:09 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-09-13 10:33 - 2015-10-09 18:09 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-09-13 10:33 - 2015-09-13 10:33 - 00219248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-13 10:33 - 2015-09-13 10:33 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2015-09-13 08:24 - 2015-09-13 08:24 - 00000000 ___RD C:\Program Files\Skype
2015-09-13 08:24 - 2015-09-13 08:24 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-09-13 08:24 - 2015-09-13 08:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2015-09-11 15:02 - 2015-09-11 15:02 - 00000000 ____D C:\Documents and Settings\XP POWER\My Documents\windows key words
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-10 10:24 - 2015-04-01 19:23 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\temp
2015-10-10 10:24 - 2015-03-13 12:50 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\Skype
2015-10-10 10:21 - 2015-02-19 20:54 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-10 10:21 - 2015-02-19 20:54 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-10 03:14 - 2015-02-19 20:43 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-10-10 03:11 - 2015-02-19 08:30 - 00568092 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-09 18:09 - 2015-02-19 17:40 - 00000228 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-10-09 18:09 - 2015-02-19 16:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-09 18:06 - 2015-05-31 08:53 - 00001823 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-10-09 17:45 - 2015-04-01 14:25 - 00000000 ____D C:\Program Files\ESET
2015-10-09 17:39 - 2015-04-01 19:15 - 00000000 ____D C:\Qoobox
2015-10-09 17:38 - 2008-04-14 04:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-10-09 17:34 - 2015-02-19 08:29 - 00000327 __RSH C:\boot.ini
2015-10-09 17:32 - 2015-04-01 19:19 - 00000327 _____ C:\Boot.bak
2015-10-09 17:28 - 2015-04-01 14:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ESET
2015-10-09 17:00 - 2015-04-01 14:13 - 00000000 ____D C:\AdwCleaner
2015-10-09 16:49 - 2015-02-19 08:27 - 00000000 ____D C:\WINDOWS\java
2015-10-09 16:47 - 2015-08-04 08:48 - 00000729 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2015-10-09 16:47 - 2015-08-02 21:50 - 00001112 _____ C:\Documents and Settings\All Users\Desktop\Wondershare Free YouTube Downloader.lnk
2015-10-09 16:47 - 2015-07-22 19:47 - 00001863 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth.lnk
2015-10-09 16:47 - 2015-07-04 09:50 - 00000712 _____ C:\Documents and Settings\All Users\Desktop\Photobie.lnk
2015-10-09 16:47 - 2015-06-22 21:38 - 00000835 _____ C:\Documents and Settings\XP POWER\Desktop\Portrait Professional Max.lnk
2015-10-09 16:47 - 2015-04-10 12:27 - 00002415 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2015-10-09 16:47 - 2015-04-03 11:05 - 00001397 _____ C:\Documents and Settings\All Users\Desktop\R-Wipe&Clean.lnk
2015-10-09 16:47 - 2015-04-01 19:00 - 00000787 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-09 16:47 - 2015-03-05 17:30 - 00001612 _____ C:\Documents and Settings\All Users\Desktop\Readiris Pro 8.lnk
2015-10-09 16:47 - 2015-03-05 17:26 - 00000861 _____ C:\Documents and Settings\All Users\Desktop\HP Photo & Imaging.lnk
2015-10-09 16:47 - 2015-03-05 17:26 - 00000791 _____ C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2015-10-09 16:47 - 2015-03-01 19:47 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2015-10-09 16:47 - 2015-02-24 15:13 - 00000704 _____ C:\Documents and Settings\XP POWER\Desktop\Pinger.lnk
2015-10-09 16:47 - 2015-02-19 20:48 - 00000911 _____ C:\Documents and Settings\All Users\Desktop\Snagit 11 Editor.lnk
2015-10-09 16:47 - 2015-02-19 20:48 - 00000867 _____ C:\Documents and Settings\All Users\Desktop\Snagit 11.lnk
2015-10-09 16:47 - 2015-02-19 20:05 - 00001823 _____ C:\Documents and Settings\All Users\Desktop\Homestead SiteBuilder.lnk
2015-10-09 16:47 - 2015-02-19 18:46 - 00001553 _____ C:\Documents and Settings\XP POWER\Desktop\Microsoft Picture It! Photo 2001.lnk
2015-10-09 16:47 - 2015-02-19 18:03 - 00000927 _____ C:\Documents and Settings\XP POWER\Desktop\Revo Uninstaller.lnk
2015-10-09 16:47 - 2015-02-19 16:47 - 00000796 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
2015-10-09 16:37 - 2015-04-01 19:01 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-09 16:09 - 2015-04-01 08:38 - 00000000 ____D C:\Program Files\7-Zip
2015-10-09 16:09 - 2015-02-19 16:48 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2015-10-09 16:09 - 2015-02-19 16:48 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2015-10-09 16:09 - 2008-04-14 04:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-10-09 15:31 - 2015-02-19 08:30 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-10-09 15:27 - 2015-02-19 16:51 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-10-09 15:07 - 2015-02-19 08:27 - 00000000 ____D C:\WINDOWS\Help
2015-10-09 15:07 - 2008-04-14 04:00 - 00000603 _____ C:\WINDOWS\win.ini
2015-10-09 15:06 - 2015-02-27 08:33 - 00017200 ____C C:\WINDOWS\Wudf01000Inst.log
2015-10-09 13:25 - 2015-02-19 18:43 - 00000000 ____D C:\Program Files\Microsoft Picture It! PhotoPub
2015-10-09 00:38 - 2015-08-04 08:49 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\vlc
2015-10-08 15:23 - 2015-02-19 17:40 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-09-19 17:39 - 2015-07-01 21:32 - 00000000 ___HD C:\Documents and Settings\XP POWER\Local Settings\Application Data\ZRwS98uqM
2015-09-19 17:39 - 2015-02-19 16:46 - 00000000 ____D C:\Program Files\Common Files\System
2015-09-19 17:39 - 2013-12-11 16:03 - 00000000 ___HD C:\Documents and Settings\XP POWER\Local Settings\Application Data\jQtHVdKPJs
2015-09-19 17:38 - 2015-02-27 08:30 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-09-13 12:28 - 2015-02-19 17:00 - 00000000 __SHD C:\Documents and Settings\XP POWER\PrivacIE
2015-09-13 10:43 - 2015-07-08 16:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\R-Wipe&Clean
2015-09-13 10:43 - 2015-04-03 11:05 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\R-Wipe&Clean
2015-09-13 08:24 - 2015-03-13 12:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2015-09-11 11:02 - 2015-02-19 20:54 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google
 
==================== Files in the root of some directories =======
 
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\2DvsHKa4N
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\838w6fuWq9mlst
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\CM8G96KmgcfxB9FWM2i2jFL3
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\hTmLu7END
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\lwwYCLdvcFaBsAGu8H9qXFhu3
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\m09PmwEyEPlH8DJPaf0
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\p4lyApZNzpLUL7Og720FLvePKCM
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\UJdRn6iCLf98arYbdbTzVF
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\yLRTdARaq631ddySmyG0VyMwfnX
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\yUFcWfJev7
2015-02-19 20:42 - 2015-08-26 07:00 - 0014848 _____ () C:\Documents and Settings\XP POWER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================

  • 0

#9
4leafclover
Posted 10 October 2015 - 05:59 PM

4leafclover

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

I only see one FRST file. And here is the mesage I've been getting:

 

10-10-2015 5-44-12 PM.jpg


Edited by 4leafclover, 10 October 2015 - 07:42 PM.

  • 0

#10
Essexboy
Posted 11 October 2015 - 03:42 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You posted the initial FRST scan :)

OK lets do it a different way, first clearing the quarantines and system restore ( where the infection is )

Download and run Delfix
Select the options as shown
delfix.JPG


THEN

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

Advertisements

#11
4leafclover
Posted 11 October 2015 - 09:56 AM

4leafclover

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Here is the FRST scan:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-10-2015 01
Ran by XP POWER (administrator) on XP-FC210920B0A5 (11-10-2015 08:55:28)
Running from C:\Documents and Settings\XP POWER\Desktop
Loaded Profiles: XP POWER (Available Profiles: XP POWER & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
(Aiptek) C:\WINDOWS\system32\atwtusb.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18085888 2009-02-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Share-to-Web Namespace Daemon] => C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [69632 2002-04-17] (Hewlett-Packard)
HKLM\...\Run: [atwtusb] => atwtusb.exe beta
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1989920 2013-08-26] (Wondershare)
HKLM\...\Run: [DelaypluginInstall] => C:\Documents and Settings\All Users\Application Data\Wondershare\AllMyTube\DelayPluginI.exe [1960336 2015-05-22] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2054360 2009-09-29] (ESET)
HKU\S-1-5-21-1993962763-287218729-682003330-1003\...\Run: [Pinger] => C:\Program Files\Pinger\Pinger.exe [10581504 2013-08-23] ()
HKU\S-1-5-21-1993962763-287218729-682003330-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53735968 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-1993962763-287218729-682003330-1003\...\Run: [KSS] => C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe [919296 2015-06-03] (Kaspersky Lab ZAO)
SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{27B13FA3-5F0A-4F81-920D-F18E90055E9D}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1993962763-287218729-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1993962763-287218729-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1993962763-287218729-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-23] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-23] (Oracle Corporation)
Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 -  No File
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-23] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: Eset Plugin - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2015-10-09]
FF Extension: No Name - C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default\extensions\[email protected] [not found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR Profile: C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (EasyCalendar) - C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk [2015-10-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-09]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-09]
CHR Extension: (Bitdefender QuickScan) - C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-10-09]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [20680 2009-09-29] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [735960 2009-09-29] (ESET)
R2 kss; C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe [919296 2015-06-03] (Kaspersky Lab ZAO)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
S1 aiptektp; C:\WINDOWS\System32\DRIVERS\aiptektp.sys [22272 2004-07-07] (AIPTEK International Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [116008 2009-09-29] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [108792 2009-09-29] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [96408 2009-09-29] (ESET)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2015-04-01] ()
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [32384 2015-10-09] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [14184 2013-11-17] (Marvell Semiconductor Inc.)
R0 mv64xxmm; C:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2013-11-17] (Marvell Semiconductor Inc.) [File not signed]
R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [14184 2013-11-17] (Marvell Semiconductor Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-08] (NVIDIA Corporation)
R0 nvlegacy; C:\WINDOWS\system32\Drivers\nvlegacy.sys [100736 2013-11-17] (NVIDIA Corporation) [File not signed]
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
S3 RTL8192cu; C:\WINDOWS\System32\DRIVERS\RTL8192cu.sys [894696 2010-07-13] (Realtek Semiconductor Corporation                           )
R0 TPkd; C:\WINDOWS\system32\Drivers\TPkd.sys [72608 2006-10-05] (PACE Anti-Piracy, Inc.) [File not signed]
S3 zghsdiag; C:\WINDOWS\System32\DRIVERS\zghsdiag.sys [113688 2011-08-22] (ZTE Incorporated)
S3 catchme; \??\C:\DOCUME~1\XPPOWE~1\LOCALS~1\Temp\catchme.sys [X]
S0 DigiFilter; system32\drivers\DigiFilt.sys [X]
S2 DigiNet; system32\DRIVERS\diginet.sys [X]
S4 IntelIde; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-11 08:55 - 2015-10-11 08:55 - 00012385 _____ C:\Documents and Settings\XP POWER\Desktop\FRST.txt
2015-10-11 08:55 - 2015-10-11 08:55 - 00000000 ____D C:\FRST
2015-10-11 08:55 - 2015-10-11 08:54 - 01699328 _____ (Farbar) C:\Documents and Settings\XP POWER\Desktop\FRST.exe
2015-10-11 08:52 - 2015-10-11 08:53 - 00004824 _____ C:\DelFix.txt
2015-10-11 08:52 - 2015-10-11 08:52 - 00000000 ____D C:\WINDOWS\ERUNT
2015-10-11 03:00 - 2015-10-11 03:00 - 00017014 _____ C:\WINDOWS\KB939683.log
2015-10-11 03:00 - 2015-10-11 03:00 - 00014282 _____ C:\WINDOWS\KB954154.log
2015-10-11 03:00 - 2015-10-11 03:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB954154_WM11$
2015-10-11 03:00 - 2015-10-11 03:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB939683$
2015-10-10 03:09 - 2015-10-10 03:09 - 00005657 _____ C:\WINDOWS\KB2378111.log
2015-10-10 00:29 - 2015-10-10 00:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Security Scan
2015-10-10 00:29 - 2015-10-10 00:28 - 00000802 _____ C:\Documents and Settings\All Users\Desktop\Kaspersky Security Scan.lnk
2015-10-10 00:28 - 2015-10-10 00:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2015-10-10 00:28 - 2015-10-10 00:28 - 00000000 ____D C:\Program Files\Kaspersky Lab
2015-10-10 00:01 - 2015-10-10 00:01 - 00173281 _____ C:\Documents and Settings\XP POWER\Desktop\runscanner.run
2015-10-09 23:59 - 2015-10-09 23:59 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\Runscanner.net
2015-10-09 23:51 - 2015-10-10 10:56 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\QuickScan
2015-10-09 17:45 - 2015-10-09 17:45 - 00000000 ____D C:\Documents and Settings\XP POWER\My Documents\ESET NOD 32 Anti-Virus 4.0.468.0
2015-10-09 17:45 - 2015-10-09 17:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ESET
2015-10-09 17:39 - 2015-10-09 17:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-10-09 17:39 - 2015-10-09 17:39 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2015-10-09 17:39 - 2015-10-09 17:39 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-10-09 17:34 - 2015-10-09 17:34 - 00000000 _RSHD C:\cmdcons
2015-10-09 16:09 - 2015-10-09 16:09 - 00032384 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-10-09 16:08 - 2015-10-11 03:20 - 00220530 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-10-09 16:08 - 2015-10-09 16:08 - 00220530 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1993962763-287218729-682003330-1003-0.dat
2015-10-09 16:06 - 2015-10-09 16:06 - 00236394 _____ C:\WINDOWS\system32\.crusader
2015-10-09 15:49 - 2015-10-09 16:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2015-10-09 15:29 - 2015-10-09 16:47 - 00000824 _____ C:\Documents and Settings\XP POWER\Desktop\Simple Media Player.lnk
2015-10-09 15:29 - 2015-10-09 15:29 - 00000000 ____D C:\Program Files\Simple Media Player
2015-10-09 15:29 - 2015-10-09 15:29 - 00000000 ____D C:\Documents and Settings\XP POWER\Start Menu\Programs\Simple Media Player
2015-10-09 15:28 - 2015-10-09 17:16 - 00000000 ____D C:\Program Files\Feed Notifier
2015-10-09 15:28 - 2015-10-09 17:16 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\NetService
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Program Files\OnePCOptimizer
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Program Files\jogotempo
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DataFile
2015-10-09 15:28 - 2015-10-09 16:20 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\RunDir
2015-10-09 15:28 - 2015-10-09 15:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\one pc optimizer
2015-10-09 15:27 - 2015-10-09 16:06 - 00004696 _____ C:\WINDOWS\system32\Diixexeqw.ini
2015-10-09 15:27 - 2015-10-09 16:06 - 00002408 _____ C:\WINDOWS\system32\DiixexeqwOff.ini
2015-10-09 15:27 - 2015-10-09 15:27 - 00000000 ____D C:\WINDOWS\system32\gyo
2015-10-09 15:27 - 2015-10-09 15:27 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Tempfolder
2015-10-09 15:25 - 2015-10-09 15:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\28341ff220e0446c9fff27c4493d622e
2015-10-09 15:22 - 2015-10-09 15:53 - 00000004 _____ C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
2015-10-09 15:16 - 2015-10-09 16:06 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Application Data\F004D280-1444403761-1013-9F4B-82111D8F605B
2015-10-09 15:15 - 2015-04-01 19:22 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-10-09 15:08 - 2015-10-11 03:00 - 00026380 _____ C:\WINDOWS\iis6.log
2015-10-09 15:08 - 2015-10-11 03:00 - 00024734 _____ C:\WINDOWS\FaxSetup.log
2015-10-09 15:08 - 2015-10-11 03:00 - 00014320 _____ C:\WINDOWS\ocgen.log
2015-10-09 15:08 - 2015-10-11 03:00 - 00011284 _____ C:\WINDOWS\tsoc.log
2015-10-09 15:08 - 2015-10-11 03:00 - 00008045 _____ C:\WINDOWS\comsetup.log
2015-10-09 15:08 - 2015-10-11 03:00 - 00007412 _____ C:\WINDOWS\msmqinst.log
2015-10-09 15:08 - 2015-10-11 03:00 - 00004884 _____ C:\WINDOWS\ntdtcsetup.log
2015-10-09 15:08 - 2015-10-11 03:00 - 00004332 _____ C:\WINDOWS\netfxocm.log
2015-10-09 15:08 - 2015-10-11 03:00 - 00001700 _____ C:\WINDOWS\MedCtrOC.log
2015-10-09 15:08 - 2015-10-11 03:00 - 00001393 _____ C:\WINDOWS\imsins.log
2015-10-09 15:08 - 2015-10-11 03:00 - 00001393 _____ C:\WINDOWS\imsins.BAK
2015-10-09 15:08 - 2015-10-11 03:00 - 00001244 _____ C:\WINDOWS\tabletoc.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00008166 _____ C:\WINDOWS\MSCompPackV1.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallMSCompPackV1$
2015-10-09 15:08 - 2007-07-27 10:41 - 00016760 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2015-10-09 15:07 - 2015-10-10 10:33 - 00014479 _____ C:\WINDOWS\spupdsvc.log
2015-10-09 15:07 - 2015-10-09 15:08 - 00033210 _____ C:\WINDOWS\wmp11.log
2015-10-09 15:07 - 2015-10-09 15:07 - 00001313 _____ C:\WINDOWS\updspapi.log
2015-10-09 15:07 - 2015-10-09 15:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallwmp11$
2015-10-09 15:07 - 2015-10-09 15:07 - 00000000 ____D C:\Program Files\Windows Media Connect 2
2015-10-09 15:07 - 2008-04-14 04:00 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpns.dll
2015-10-09 15:06 - 2015-10-09 15:07 - 00023667 _____ C:\WINDOWS\WMFDist11.log
2015-10-09 15:05 - 2015-10-10 03:09 - 00007488 _____ C:\WINDOWS\wmsetup.log
2015-10-08 06:35 - 2015-10-08 06:35 - 00186880 _____ (TODO: <Company name>) C:\WINDOWS\system32\rsrcs.dll
2015-10-07 07:13 - 2015-10-07 07:13 - 00023552 _____ C:\WINDOWS\system32\HardwareInformation.exe
2015-10-02 15:48 - 2015-10-05 09:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-24 10:34 - 2015-09-24 10:34 - 00000000 ____D C:\Program Files\WinRAR
2015-09-24 10:34 - 2015-09-24 10:34 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\WinRAR
2015-09-24 10:34 - 2015-09-24 10:34 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
2015-09-24 09:48 - 2015-09-24 10:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WinZip
2015-09-22 10:38 - 2015-09-22 10:39 - 00000356 _____ C:\WINDOWS\WINNT32.LOG
2015-09-19 17:40 - 2015-09-19 17:40 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-09-19 17:40 - 2015-09-19 17:40 - 00000000 ____D C:\Program Files\InterLok
2015-09-19 17:39 - 2015-09-19 17:39 - 00000000 ____D C:\Program Files\Common Files\PACE Anti-Piracy
2015-09-19 17:39 - 2015-09-19 17:39 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Application Data\PACE Anti-Piracy
2015-09-19 17:39 - 2015-09-19 17:39 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\PACE Anti-Piracy
2015-09-19 17:39 - 2015-09-19 17:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2015-09-19 17:38 - 2006-09-19 22:17 - 00638976 ____N (PACE Anti-Piracy) C:\WINDOWS\system32\ilinet.dll
2015-09-19 17:38 - 2006-03-29 14:11 - 00233472 ____N (Propellerhead Software AB) C:\WINDOWS\system32\REX Shared Library.dll
2015-09-19 17:38 - 2001-06-27 09:13 - 00217088 _____ C:\WINDOWS\system32\qtmlClient.dll
2015-09-19 17:37 - 2015-09-19 17:37 - 00000000 ____D C:\Program Files\Common Files\Digidesign
2015-09-19 14:23 - 2008-04-14 05:41 - 00021504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidserv.dll
2015-09-19 14:23 - 2008-04-14 05:41 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2015-09-19 14:23 - 2008-04-14 00:09 - 00014592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhid.sys
2015-09-19 14:23 - 2008-04-14 00:09 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-09-17 16:55 - 2015-09-17 16:55 - 00055376 _____ C:\Documents and Settings\XP POWER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-09-17 10:38 - 2015-09-17 12:17 - 00000000 ____D C:\Documents and Settings\XP POWER\Desktop\New Folder
2015-09-13 13:17 - 2015-10-09 16:47 - 00000740 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-13 13:17 - 2015-10-09 16:47 - 00000734 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-09-13 13:17 - 2015-10-09 16:09 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-13 12:54 - 2015-09-13 12:54 - 00242752 _____ C:\Documents and Settings\XP POWER\My Documents\Firefox Setup Stub 40.0.3.exe
2015-09-13 12:02 - 2015-10-11 03:00 - 00066364 _____ C:\WINDOWS\setupapi.log
2015-09-13 12:02 - 2015-10-11 00:17 - 00002498 _____ C:\WINDOWS\setupact.log
2015-09-13 12:02 - 2015-09-13 12:02 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-13 10:33 - 2015-10-11 03:50 - 00762241 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-13 10:33 - 2015-10-11 03:22 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-09-13 10:33 - 2015-10-11 03:22 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-09-13 10:33 - 2015-10-11 03:21 - 00032572 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-13 10:33 - 2015-09-13 10:33 - 00219248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-13 10:33 - 2015-09-13 10:33 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2015-09-13 08:24 - 2015-09-13 08:24 - 00000000 ___RD C:\Program Files\Skype
2015-09-13 08:24 - 2015-09-13 08:24 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-09-13 08:24 - 2015-09-13 08:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2015-09-11 15:02 - 2015-09-11 15:02 - 00000000 ____D C:\Documents and Settings\XP POWER\My Documents\windows key words
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-11 08:55 - 2015-04-01 19:23 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\temp
2015-10-11 08:47 - 2015-03-13 12:50 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\Skype
2015-10-11 08:21 - 2015-02-19 20:54 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-11 03:22 - 2015-02-19 20:54 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-11 03:22 - 2015-02-19 17:40 - 00000228 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-10-11 03:22 - 2015-02-19 16:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-11 03:07 - 2015-02-19 20:43 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-10-11 03:05 - 2015-02-19 08:30 - 00568092 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-10 10:59 - 2015-02-27 08:30 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-10-10 10:59 - 2015-02-19 16:46 - 00000000 ____D C:\Program Files\Common Files\System
2015-10-09 18:06 - 2015-05-31 08:53 - 00001823 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-10-09 17:45 - 2015-04-01 14:25 - 00000000 ____D C:\Program Files\ESET
2015-10-09 17:38 - 2008-04-14 04:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-10-09 17:34 - 2015-02-19 08:29 - 00000327 __RSH C:\boot.ini
2015-10-09 17:32 - 2015-04-01 19:19 - 00000327 _____ C:\Boot.bak
2015-10-09 17:28 - 2015-04-01 14:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ESET
2015-10-09 16:49 - 2015-02-19 08:27 - 00000000 ____D C:\WINDOWS\java
2015-10-09 16:47 - 2015-08-04 08:48 - 00000729 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2015-10-09 16:47 - 2015-08-02 21:50 - 00001112 _____ C:\Documents and Settings\All Users\Desktop\Wondershare Free YouTube Downloader.lnk
2015-10-09 16:47 - 2015-07-22 19:47 - 00001863 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth.lnk
2015-10-09 16:47 - 2015-07-04 09:50 - 00000712 _____ C:\Documents and Settings\All Users\Desktop\Photobie.lnk
2015-10-09 16:47 - 2015-06-22 21:38 - 00000835 _____ C:\Documents and Settings\XP POWER\Desktop\Portrait Professional Max.lnk
2015-10-09 16:47 - 2015-04-10 12:27 - 00002415 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2015-10-09 16:47 - 2015-04-03 11:05 - 00001397 _____ C:\Documents and Settings\All Users\Desktop\R-Wipe&Clean.lnk
2015-10-09 16:47 - 2015-04-01 19:00 - 00000787 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-09 16:47 - 2015-03-05 17:30 - 00001612 _____ C:\Documents and Settings\All Users\Desktop\Readiris Pro 8.lnk
2015-10-09 16:47 - 2015-03-05 17:26 - 00000861 _____ C:\Documents and Settings\All Users\Desktop\HP Photo & Imaging.lnk
2015-10-09 16:47 - 2015-03-05 17:26 - 00000791 _____ C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2015-10-09 16:47 - 2015-03-01 19:47 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2015-10-09 16:47 - 2015-02-24 15:13 - 00000704 _____ C:\Documents and Settings\XP POWER\Desktop\Pinger.lnk
2015-10-09 16:47 - 2015-02-19 20:48 - 00000911 _____ C:\Documents and Settings\All Users\Desktop\Snagit 11 Editor.lnk
2015-10-09 16:47 - 2015-02-19 20:48 - 00000867 _____ C:\Documents and Settings\All Users\Desktop\Snagit 11.lnk
2015-10-09 16:47 - 2015-02-19 20:05 - 00001823 _____ C:\Documents and Settings\All Users\Desktop\Homestead SiteBuilder.lnk
2015-10-09 16:47 - 2015-02-19 18:46 - 00001553 _____ C:\Documents and Settings\XP POWER\Desktop\Microsoft Picture It! Photo 2001.lnk
2015-10-09 16:47 - 2015-02-19 18:03 - 00000927 _____ C:\Documents and Settings\XP POWER\Desktop\Revo Uninstaller.lnk
2015-10-09 16:47 - 2015-02-19 16:47 - 00000796 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
2015-10-09 16:37 - 2015-04-01 19:01 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-09 16:09 - 2015-04-01 08:38 - 00000000 ____D C:\Program Files\7-Zip
2015-10-09 16:09 - 2015-02-19 16:48 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2015-10-09 16:09 - 2015-02-19 16:48 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2015-10-09 16:09 - 2008-04-14 04:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-10-09 15:31 - 2015-02-19 08:30 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-10-09 15:27 - 2015-02-19 16:51 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-10-09 15:07 - 2015-02-19 08:27 - 00000000 ____D C:\WINDOWS\Help
2015-10-09 15:07 - 2008-04-14 04:00 - 00000603 _____ C:\WINDOWS\win.ini
2015-10-09 15:06 - 2015-02-27 08:33 - 00017200 ____C C:\WINDOWS\Wudf01000Inst.log
2015-10-09 13:25 - 2015-02-19 18:43 - 00000000 ____D C:\Program Files\Microsoft Picture It! PhotoPub
2015-10-09 00:38 - 2015-08-04 08:49 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\vlc
2015-10-08 15:23 - 2015-02-19 17:40 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-09-19 17:39 - 2015-07-01 21:32 - 00000000 ___HD C:\Documents and Settings\XP POWER\Local Settings\Application Data\ZRwS98uqM
2015-09-19 17:39 - 2013-12-11 16:03 - 00000000 ___HD C:\Documents and Settings\XP POWER\Local Settings\Application Data\jQtHVdKPJs
2015-09-13 12:28 - 2015-02-19 17:00 - 00000000 __SHD C:\Documents and Settings\XP POWER\PrivacIE
2015-09-13 10:43 - 2015-07-08 16:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\R-Wipe&Clean
2015-09-13 10:43 - 2015-04-03 11:05 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\R-Wipe&Clean
2015-09-13 08:24 - 2015-03-13 12:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2015-09-11 11:02 - 2015-02-19 20:54 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google
 
==================== Files in the root of some directories =======
 
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\2DvsHKa4N
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\838w6fuWq9mlst
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\CM8G96KmgcfxB9FWM2i2jFL3
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\hTmLu7END
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\lwwYCLdvcFaBsAGu8H9qXFhu3
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\m09PmwEyEPlH8DJPaf0
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\p4lyApZNzpLUL7Og720FLvePKCM
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\UJdRn6iCLf98arYbdbTzVF
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\yLRTdARaq631ddySmyG0VyMwfnX
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\yUFcWfJev7
2015-02-19 20:42 - 2015-08-26 07:00 - 0014848 _____ () C:\Documents and Settings\XP POWER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Some files in TEMP:
====================
C:\Documents and Settings\XP POWER\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\XP POWER\Local Settings\temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================

  • 0

#12
4leafclover
Posted 11 October 2015 - 09:58 AM

4leafclover

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
This time it created another .txt file? I am not sure if you need that on but here it is:
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-10-2015 01
Ran by XP POWER (2015-10-11 08:56:04)
Running from C:\Documents and Settings\XP POWER\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2015-02-19 23:50:32)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1993962763-287218729-682003330-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1993962763-287218729-682003330-1004 - Limited - Enabled)
Guest (S-1-5-21-1993962763-287218729-682003330-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1993962763-287218729-682003330-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1993962763-287218729-682003330-1002 - Limited - Disabled)
XP POWER (S-1-5-21-1993962763-287218729-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\XP POWER
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus 4.0 (Enabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.38 beta (HKLM\...\7-Zip) (Version:  - )
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
ArcSoft PhotoImpression 5 (HKLM\...\{93F599DF-519B-4706-A3F1-9530DF2590B4}) (Version:  - ArcSoft)
CinePlus-1.44V09.10 (HKLM\...\CinePlus-1.44V09.10) (Version: 1.36.01.22 - CinePlus-1.44V09.10) <==== ATTENTION
Digidesign Shared Plug-Ins 7.3 (HKLM\...\{AFE354A5-640F-4A23-94C8-0B441E8967CA}) (Version: 7.3 - Digidesign, A Division of Avid Technology, Inc.)
ESET NOD32 Antivirus (HKLM\...\{85C70286-A56F-4834-BD24-B34EB76A93A2}) (Version: 4.0.468.0 - ESET, spol s r. o.)
Feed Notifier 2.6 (HKLM\...\{6091F327-2B13-4193-A6F1-4B2271613A74}_is1) (Version:  - Michael Fogleman)
Free Bomb Factory Plug-Ins 7.3 (HKLM\...\{82D48AB1-8E7F-4AA5-A5FA-47FA58A48110}) (Version: 7.3 - Digidesign, A Division of Avid Technology, Inc.)
globalupdate Helper (Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Homestead SiteBuilder (HKLM\...\Homestead SiteBuilder) (Version:  - Homestead)
hp instant support (HKLM\...\hp instant support) (Version: 5.0.2.4.asst_classic.asst_install - Motive Communications, Inc.)
HP Memories Disc (HKLM\...\{B376402D-58EA-45EA-BD50-DD924EB67A70}) (Version: 1.0.4.805 - Hewlett-Packard Company)
HP Officejet 6700 Basic Device Software (HKLM\...\{020B8F22-46A5-44FE-89F3-5A8E131BFE4B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo and Imaging 2.3 - Scanjet 4600 Series (HKLM\...\{3E270C95-8327-4C2F-A8E1-902CC2604A20}) (Version: 2.3.0000 - {&Tahoma8}Hewlett-Packard)
HyperPen USB Manager (HKLM\...\Rmtablet) (Version:  - )
InterLok Driver Kit (HKLM\...\{A15B3CF2-7FB7-4102-BBC9-9680B7F0825F}) (Version: 5.4.1.2540 - PACE Anti-Piracy)
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kaspersky Security Scan (HKLM\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 15.0.0.740 - Kaspersky Lab)
Kaspersky Security Scan (Version: 15.0.0.740 - Kaspersky Lab) Hidden
LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Picture It! Photo 2001 (HKLM\...\{D28FDA7D-15C6-48A2-9868-6BCB28BE6254}) (Version: 5.0.0.0000 - Microsoft)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - NVIDIA Corporation)
Photobie -- photo editing software from Photobie Design (HKLM\...\Photobie) (Version:  - )
Pinger (HKU\S-1-5-21-1993962763-287218729-682003330-1003\...\Pinger 1.4.0.0) (Version: 1.4.0.0 - Pinger Inc.)
Pinger (Version: 1.4.0.0 - Pinger Inc.) Hidden
Portrait Professional Max 6.3 (HKLM\...\Portrait Professional Max 6_is1) (Version: 6.3 - Anthropics Technology Ltd.)
Readiris Pro 8 (HKLM\...\{9B93C2B3-D9E8-11D6-AB3E-000102B0F79A}) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
R-Wipe&Clean 9.5 (HKLM\...\R-Wipe&Clean_is1) (Version:  - R-tools Technology Inc.)
ShareIns (Version: 1.00.0000 - Hewlett-Packard) Hidden
Shockwave (HKLM\...\Shockwave) (Version:  - )
Simple Media Player 1.0 (HKLM\...\Simple Media Player) (Version: 1.0 - Simple Media Player)
Skype™ 7.8 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Snagit 11 (HKLM\...\{7CA5C4DF-8327-4035-AE2B-CA76336A04FD}) (Version: 11.0.0 - TechSmith Corporation)
System NotifierV09.10 (HKLM\...\System NotifierV09.10) (Version: 1.36.01.22 - HQ-VideoV09.10) <==== ATTENTION
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - Hewlett-Packard Image  (02/08/2007 9.0.0.83) (HKLM\...\F1DF012D10296DD449D50676D15F9EF8329B9EC4) (Version: 02/08/2007 9.0.0.83 - Hewlett-Packard)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
WinRAR 4.11 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Wondershare Free YouTube Downloader(Build 4.3.3.0) (HKLM\...\Wondershare Free YouTube Downloader_is1) (Version: 4.3.3.0 - Wondershare Software)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2066.1.A10B02 - ZTE Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1993962763-287218729-682003330-1003_Classes\CLSID\{17EF1FFB-0545-4C9A-BE64-78FF53338475}\localserver32 -> "C:\Documents and Settings\XP POWER\Local Settings\Application Data\BrowserAir\Application\44.4.3.3\ (the data entry has 32 more characters).
CustomCLSID: HKU\S-1-5-21-1993962763-287218729-682003330-1003_Classes\CLSID\{293600C7-E7B6-4f06-9329-D8522A33C7E8}\InprocServer32 -> C:\Documents and Settings\XP POWER\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{B9E98D7E-F599-469d-95A7-0B6F86D082A0}\CamtasiaOutput.dll (TechSmith Corporation)
CustomCLSID: HKU\S-1-5-21-1993962763-287218729-682003330-1003_Classes\CLSID\{B9E98D7E-F599-469d-95A7-0B6F86D082A0}\InprocServer32 -> C:\Documents and Settings\XP POWER\Local Settings\Application Data\TechSmith\SnagIt\Accessories\{B9E98D7E-F599-469d-95A7-0B6F86D082A0}\CamtasiaOutput.dll (TechSmith Corporation)
 
==================== Restore Points =========================
 
11-10-2015 08:52:55 System Checkpoint
11-10-2015 08:52:55 Revo Uninstaller's restore point - Mozilla Firefox 39.0 (x86 en-US)
11-10-2015 08:52:56 Revo Uninstaller's restore point - Mozilla Firefox 40.0.3 (x86 en-US)
11-10-2015 08:52:56 Revo Uninstaller's restore point - Mozilla Firefox 40.0.3 (x86 en-US)
11-10-2015 08:52:56 Revo Uninstaller's restore point - Mozilla Firefox 40.0.3 (x86 en-US)
11-10-2015 08:52:56 System Checkpoint
11-10-2015 08:52:56 System Checkpoint
11-10-2015 08:52:56 System Checkpoint
11-10-2015 08:52:56 Installed Pro Tools LE
11-10-2015 08:52:56 Installed Digidesign Shared Plug-Ins
11-10-2015 08:52:57 Installed Free Bomb Factory Plug-Ins
11-10-2015 08:52:57 System Checkpoint
11-10-2015 08:52:57 System Checkpoint
11-10-2015 08:52:57 System Checkpoint
11-10-2015 08:52:57 System Checkpoint
11-10-2015 08:52:57 Installed WinZip 15.0
11-10-2015 08:52:57 Revo Uninstaller's restore point - WinZip 15.0
11-10-2015 08:52:57 Removed WinZip 15.0
11-10-2015 08:52:58 System Checkpoint
11-10-2015 08:52:58 System Checkpoint
11-10-2015 08:52:58 System Checkpoint
11-10-2015 08:52:58 System Checkpoint
11-10-2015 08:52:58 System Checkpoint
11-10-2015 08:52:58 System Checkpoint
11-10-2015 08:52:58 System Checkpoint
11-10-2015 08:52:58 System Checkpoint
11-10-2015 08:52:59 System Checkpoint
11-10-2015 08:52:59 System Checkpoint
11-10-2015 08:52:59 System Checkpoint
11-10-2015 08:52:59 System Checkpoint
11-10-2015 08:52:59 System Checkpoint
11-10-2015 08:52:59 System Checkpoint
11-10-2015 08:52:59 Installed Windows Media Player 11
11-10-2015 08:52:59 Software Distribution Service 3.0
11-10-2015 08:53:00 Checkpoint by HitmanPro
11-10-2015 08:53:00 Checkpoint by HitmanPro
11-10-2015 08:53:01 JRT Pre-Junkware Removal
11-10-2015 08:53:01 Revo Uninstaller's restore point - ESET NOD32 Antivirus
11-10-2015 08:53:01 Removed ESET NOD32 Antivirus
11-10-2015 08:53:02 Installed ESET NOD32 Antivirus
11-10-2015 08:53:02 First Restore Point
11-10-2015 08:53:02 Software Distribution Service 3.0
11-10-2015 08:53:03 Removed Pro Tools LE
11-10-2015 08:53:03 Software Distribution Service 3.0
11-10-2015 08:53:08 End of disinfection
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2008-04-14 04:00 - 2015-10-09 17:38 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-03 13:44 - 2015-06-03 13:44 - 00315648 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2002-04-17 11:49 - 2002-04-17 11:49 - 00024576 _____ () C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
2015-08-02 21:51 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2008-04-14 04:00 - 2008-04-14 04:00 - 00192512 _____ () C:\WINDOWS\system32\qcap.dll
2013-01-01 22:48 - 2013-01-01 22:48 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2002-04-17 11:49 - 2002-04-17 11:49 - 00077824 _____ () C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
2015-06-03 13:50 - 2015-06-03 13:50 - 00267264 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\webcore.dll
2015-06-03 13:50 - 2015-06-03 13:50 - 41268224 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\libcef.dll
2015-03-14 15:41 - 2005-06-28 13:59 - 00053248 _____ () C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll
2015-02-20 09:24 - 2014-02-10 13:44 - 04592128 _____ () C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-02-20 09:24 - 2014-02-10 13:44 - 00112128 _____ () C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2015-09-24 10:34 - 2012-02-17 20:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Program Files\Common Files\System:qd78bsg6XZoCja2SskC
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:6ZRwS98uqMtwgsykl9DaG
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Microsoft:ufqDOcyMVT5gBp0gBGekCEk1GH
AlternateDataStreams: C:\Documents and Settings\XP POWER\Local Settings\Application Data:ntJpmNQ53ewY4SvTFiJa
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Diixexeqw => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1993962763-287218729-682003330-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\XP POWER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.254
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 6700\Bin\FaxApplications.exe] => :LocalSubNet:Enabled:HP Officejet 6700 FaxApplications
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 6700\Bin\DigitalWizards.exe] => :LocalSubNet:Enabled:HP Officejet 6700 DigitalWizards
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 6700\Bin\SendAFax.exe] => :LocalSubNet:Enabled:HP Officejet 6700 SendFaxAppExe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe] => :LocalSubNet:Enabled:HP Device Setup (HP Officejet 6700)
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe] => :LocalSubNet:Enabled:HP Network Communicator (HP Officejet 6700)
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe] => :LocalSubNet:Enabled:HP Network Communicator COM (HP Officejet 6700)
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Photobie\Photobie.exe] => Enabled:Photobie Design Studio
StandardProfile\AuthorizedApplications: [C:\Program Files\Wondershare\FreeYouTubeDownloader\FreeYouTubeDownloader.exe] => Enabled:Wondershare Free YouTube Downloader
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/09/2015 04:20:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application rbt.exe, version 0.0.0.0, faulting module rbt.exe, version 0.0.0.0, fault address 0x0000b9a2.
Processing media-specific event for [rbt.exe!ws!]
 
Error: (10/09/2015 04:07:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application MyBrowser.exe, version 39.5.2171.95, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (10/09/2015 03:26:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nsk70cd.tmp, version 0.0.0.0, faulting module nsk70cd.tmp, version 0.0.0.0, fault address 0x00005806.
Processing media-specific event for [nsk70cd.tmp!ws!]
 
Error: (10/09/2015 03:22:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application cibtd.tmp, version 51.52.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (10/09/2015 03:21:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SendBig.tmp, version 51.52.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (10/09/2015 03:13:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application setup__6092_il1855636.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [setup__6092_il1855636.exe!ws!]
 
Error: (10/03/2015 10:46:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application snagiteditor.exe, version 11.0.0.207, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (09/27/2015 03:53:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application pinger.exe, version 0.0.0.0, faulting module qtdeclarative4.dll, version 4.8.4.0, fault address 0x0008a176.
Processing media-specific event for [pinger.exe!ws!]
 
Error: (09/21/2015 02:52:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SiteBuilderLPX.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (09/17/2015 07:49:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application chrome.exe, version 45.0.2454.85, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
 
System errors:
=============
Error: (10/11/2015 03:22:50 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
DigiFilter
 
Error: (10/11/2015 03:22:23 AM) (Source: 0) (EventID: 4191) (User: )
Description: TCPIP\Parameters\Adapters\NDISWANIP
 
Error: (10/11/2015 03:22:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Digidesign Ethernet Support service failed to start due to the following error: 
%%2
 
Error: (10/10/2015 10:32:46 AM) (Source: 0) (EventID: 4191) (User: )
Description: TCPIP\Parameters\Adapters\NDISWANIP
 
Error: (10/10/2015 10:31:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/10/2015 10:31:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/10/2015 10:31:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Digidesign MME Refresh Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/10/2015 10:31:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/09/2015 06:09:39 PM) (Source: 0) (EventID: 4191) (User: )
Description: TCPIP\Parameters\Adapters\NDISWANIP
 
Error: (10/09/2015 05:42:10 PM) (Source: 0) (EventID: 4191) (User: )
Description: TCPIP\Parameters\Adapters\NDISWANIP
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ 64 X2 Dual Core Processor 6000+
Percentage of memory in use: 42%
Total physical RAM: 3070.4 MB
Available physical RAM: 1768.72 MB
Total Virtual: 5058.86 MB
Available Virtual: 3853.42 MB
 
==================== Drives ================================
 
Drive c: (NEW_VOLUME) (Fixed) (Total:298.09 GB) (Free:20.17 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: () (Fixed) (Total:335.34 GB) (Free:137.79 GB) NTFS ==>[drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 182EB6B1)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 335.4 GB) (Disk ID: 4F693998)
Partition 1: (Active) - (Size=335.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#13
Essexboy
Posted 11 October 2015 - 10:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run an ESET scan after this to ensure the alert is no longer present

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Download the attached fixlist.txt, to the same location as FRST.exe
Attached File  fixlist.txt   3.83KB   231 downloads
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#14
4leafclover
Posted 11 October 2015 - 05:27 PM

4leafclover

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

Hi again

I tried running ESET twice today after I ran FRST. Each time it ran for more then two hours and got stuck for an hour at 40%. So I stopped it. It found 11 infiltrations  but couldn't clean them automatically. Shoud I delete them manually?

Attached Thumbnails

  • 10-11-2015 4-21-37 PM.jpg

Edited by 4leafclover, 11 October 2015 - 06:27 PM.

  • 0

#15
4leafclover
Posted 11 October 2015 - 05:29 PM

4leafclover

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-10-2015 01
Ran by XP POWER (administrator) on XP-FC210920B0A5 (11-10-2015 11:58:08)
Running from C:\Documents and Settings\XP POWER\Desktop
Loaded Profiles: XP POWER (Available Profiles: XP POWER & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
(Aiptek) C:\WINDOWS\system32\atwtusb.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18085888 2009-02-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Share-to-Web Namespace Daemon] => C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [69632 2002-04-17] (Hewlett-Packard)
HKLM\...\Run: [atwtusb] => atwtusb.exe beta
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1989920 2013-08-26] (Wondershare)
HKLM\...\Run: [DelaypluginInstall] => C:\Documents and Settings\All Users\Application Data\Wondershare\AllMyTube\DelayPluginI.exe [1960336 2015-05-22] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2054360 2009-09-29] (ESET)
HKU\S-1-5-21-1993962763-287218729-682003330-1003\...\Run: [Pinger] => C:\Program Files\Pinger\Pinger.exe [10581504 2013-08-23] ()
HKU\S-1-5-21-1993962763-287218729-682003330-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53735968 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-1993962763-287218729-682003330-1003\...\Run: [KSS] => C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe [919296 2015-06-03] (Kaspersky Lab ZAO)
SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{27B13FA3-5F0A-4F81-920D-F18E90055E9D}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1993962763-287218729-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1993962763-287218729-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1993962763-287218729-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-23] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-23] (Oracle Corporation)
Handler: WSAllMyTubechrome - {0A0C95CF-A116-4C74 -  No File
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-23] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: Eset Plugin - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2015-10-09]
FF Extension: No Name - C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default\extensions\[email protected] [not found]
FF Extension: No Name - C:\Documents and Settings\XP POWER\Application Data\Mozilla\Firefox\Profiles\gf1nj1gf.default\extensions\[email protected] [not found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR Profile: C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (EasyCalendar) - C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk [2015-10-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-09]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-09]
CHR Extension: (Bitdefender QuickScan) - C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-10-09]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [20680 2009-09-29] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [735960 2009-09-29] (ESET)
R2 kss; C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe [919296 2015-06-03] (Kaspersky Lab ZAO)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
S1 aiptektp; C:\WINDOWS\System32\DRIVERS\aiptektp.sys [22272 2004-07-07] (AIPTEK International Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [116008 2009-09-29] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [108792 2009-09-29] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [96408 2009-09-29] (ESET)
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2015-04-01] ()
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [32384 2015-10-09] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [14184 2013-11-17] (Marvell Semiconductor Inc.)
R0 mv64xxmm; C:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2013-11-17] (Marvell Semiconductor Inc.) [File not signed]
R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [14184 2013-11-17] (Marvell Semiconductor Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [168040 2010-04-08] (NVIDIA Corporation)
R0 nvlegacy; C:\WINDOWS\system32\Drivers\nvlegacy.sys [100736 2013-11-17] (NVIDIA Corporation) [File not signed]
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
S3 RTL8192cu; C:\WINDOWS\System32\DRIVERS\RTL8192cu.sys [894696 2010-07-13] (Realtek Semiconductor Corporation                           )
R0 TPkd; C:\WINDOWS\system32\Drivers\TPkd.sys [72608 2006-10-05] (PACE Anti-Piracy, Inc.) [File not signed]
S3 zghsdiag; C:\WINDOWS\System32\DRIVERS\zghsdiag.sys [113688 2011-08-22] (ZTE Incorporated)
S3 catchme; \??\C:\DOCUME~1\XPPOWE~1\LOCALS~1\Temp\catchme.sys [X]
S0 DigiFilter; system32\drivers\DigiFilt.sys [X]
S2 DigiNet; system32\DRIVERS\diginet.sys [X]
S4 IntelIde; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-11 11:57 - 2015-10-11 11:57 - 00003921 _____ C:\Documents and Settings\XP POWER\Desktop\fixlist (1).txt
2015-10-11 08:56 - 2015-10-11 08:56 - 00023479 _____ C:\Documents and Settings\XP POWER\Desktop\Addition.txt
2015-10-11 08:55 - 2015-10-11 11:58 - 00012316 _____ C:\Documents and Settings\XP POWER\Desktop\FRST.txt
2015-10-11 08:55 - 2015-10-11 11:58 - 00000000 ____D C:\FRST
2015-10-11 08:55 - 2015-10-11 08:54 - 01699328 _____ (Farbar) C:\Documents and Settings\XP POWER\Desktop\FRST.exe
2015-10-11 08:52 - 2015-10-11 08:53 - 00004824 _____ C:\DelFix.txt
2015-10-11 08:52 - 2015-10-11 08:52 - 00000000 ____D C:\WINDOWS\ERUNT
2015-10-11 03:00 - 2015-10-11 03:00 - 00017014 _____ C:\WINDOWS\KB939683.log
2015-10-11 03:00 - 2015-10-11 03:00 - 00014282 _____ C:\WINDOWS\KB954154.log
2015-10-11 03:00 - 2015-10-11 03:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB954154_WM11$
2015-10-11 03:00 - 2015-10-11 03:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB939683$
2015-10-10 03:09 - 2015-10-10 03:09 - 00005657 _____ C:\WINDOWS\KB2378111.log
2015-10-10 00:29 - 2015-10-10 00:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Security Scan
2015-10-10 00:29 - 2015-10-10 00:28 - 00000802 _____ C:\Documents and Settings\All Users\Desktop\Kaspersky Security Scan.lnk
2015-10-10 00:28 - 2015-10-10 00:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2015-10-10 00:28 - 2015-10-10 00:28 - 00000000 ____D C:\Program Files\Kaspersky Lab
2015-10-10 00:01 - 2015-10-10 00:01 - 00173281 _____ C:\Documents and Settings\XP POWER\Desktop\runscanner.run
2015-10-09 23:59 - 2015-10-09 23:59 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\Runscanner.net
2015-10-09 23:51 - 2015-10-10 10:56 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\QuickScan
2015-10-09 17:45 - 2015-10-09 17:45 - 00000000 ____D C:\Documents and Settings\XP POWER\My Documents\ESET NOD 32 Anti-Virus 4.0.468.0
2015-10-09 17:45 - 2015-10-09 17:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ESET
2015-10-09 17:39 - 2015-10-09 17:39 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2015-10-09 17:39 - 2015-10-09 17:39 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2015-10-09 17:39 - 2015-10-09 17:39 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\temp
2015-10-09 17:34 - 2015-10-09 17:34 - 00000000 _RSHD C:\cmdcons
2015-10-09 16:09 - 2015-10-09 16:09 - 00032384 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-10-09 16:08 - 2015-10-11 03:20 - 00220530 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-10-09 16:08 - 2015-10-09 16:08 - 00220530 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1993962763-287218729-682003330-1003-0.dat
2015-10-09 16:06 - 2015-10-09 16:06 - 00236394 _____ C:\WINDOWS\system32\.crusader
2015-10-09 15:49 - 2015-10-09 16:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2015-10-09 15:29 - 2015-10-09 16:47 - 00000824 _____ C:\Documents and Settings\XP POWER\Desktop\Simple Media Player.lnk
2015-10-09 15:29 - 2015-10-09 15:29 - 00000000 ____D C:\Program Files\Simple Media Player
2015-10-09 15:29 - 2015-10-09 15:29 - 00000000 ____D C:\Documents and Settings\XP POWER\Start Menu\Programs\Simple Media Player
2015-10-09 15:28 - 2015-10-09 17:16 - 00000000 ____D C:\Program Files\Feed Notifier
2015-10-09 15:28 - 2015-10-09 17:16 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\NetService
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Program Files\OnePCOptimizer
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Program Files\jogotempo
2015-10-09 15:28 - 2015-10-09 16:30 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DataFile
2015-10-09 15:28 - 2015-10-09 16:20 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\RunDir
2015-10-09 15:28 - 2015-10-09 15:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\one pc optimizer
2015-10-09 15:27 - 2015-10-09 16:06 - 00004696 _____ C:\WINDOWS\system32\Diixexeqw.ini
2015-10-09 15:27 - 2015-10-09 16:06 - 00002408 _____ C:\WINDOWS\system32\DiixexeqwOff.ini
2015-10-09 15:27 - 2015-10-09 15:27 - 00000000 ____D C:\WINDOWS\system32\gyo
2015-10-09 15:27 - 2015-10-09 15:27 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Tempfolder
2015-10-09 15:25 - 2015-10-09 15:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\28341ff220e0446c9fff27c4493d622e
2015-10-09 15:22 - 2015-10-09 15:53 - 00000004 _____ C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
2015-10-09 15:16 - 2015-10-09 16:06 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Application Data\F004D280-1444403761-1013-9F4B-82111D8F605B
2015-10-09 15:15 - 2015-04-01 19:22 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-10-09 15:08 - 2015-10-11 03:00 - 00026380 _____ C:\WINDOWS\iis6.log
2015-10-09 15:08 - 2015-10-11 03:00 - 00024734 _____ C:\WINDOWS\FaxSetup.log
2015-10-09 15:08 - 2015-10-11 03:00 - 00014320 _____ C:\WINDOWS\ocgen.log
2015-10-09 15:08 - 2015-10-11 03:00 - 00011284 _____ C:\WINDOWS\tsoc.log
2015-10-09 15:08 - 2015-10-11 03:00 - 00008045 _____ C:\WINDOWS\comsetup.log
2015-10-09 15:08 - 2015-10-11 03:00 - 00007412 _____ C:\WINDOWS\msmqinst.log
2015-10-09 15:08 - 2015-10-11 03:00 - 00004884 _____ C:\WINDOWS\ntdtcsetup.log
2015-10-09 15:08 - 2015-10-11 03:00 - 00004332 _____ C:\WINDOWS\netfxocm.log
2015-10-09 15:08 - 2015-10-11 03:00 - 00001700 _____ C:\WINDOWS\MedCtrOC.log
2015-10-09 15:08 - 2015-10-11 03:00 - 00001393 _____ C:\WINDOWS\imsins.log
2015-10-09 15:08 - 2015-10-11 03:00 - 00001393 _____ C:\WINDOWS\imsins.BAK
2015-10-09 15:08 - 2015-10-11 03:00 - 00001244 _____ C:\WINDOWS\tabletoc.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00008166 _____ C:\WINDOWS\MSCompPackV1.log
2015-10-09 15:08 - 2015-10-09 15:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallMSCompPackV1$
2015-10-09 15:08 - 2007-07-27 10:41 - 00016760 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2015-10-09 15:07 - 2015-10-10 10:33 - 00014479 _____ C:\WINDOWS\spupdsvc.log
2015-10-09 15:07 - 2015-10-09 15:08 - 00033210 _____ C:\WINDOWS\wmp11.log
2015-10-09 15:07 - 2015-10-09 15:07 - 00001313 _____ C:\WINDOWS\updspapi.log
2015-10-09 15:07 - 2015-10-09 15:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallwmp11$
2015-10-09 15:07 - 2015-10-09 15:07 - 00000000 ____D C:\Program Files\Windows Media Connect 2
2015-10-09 15:07 - 2008-04-14 04:00 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpns.dll
2015-10-09 15:06 - 2015-10-09 15:07 - 00023667 _____ C:\WINDOWS\WMFDist11.log
2015-10-09 15:05 - 2015-10-10 03:09 - 00007488 _____ C:\WINDOWS\wmsetup.log
2015-10-08 06:35 - 2015-10-08 06:35 - 00186880 _____ (TODO: <Company name>) C:\WINDOWS\system32\rsrcs.dll
2015-10-07 07:13 - 2015-10-07 07:13 - 00023552 _____ C:\WINDOWS\system32\HardwareInformation.exe
2015-10-02 15:48 - 2015-10-05 09:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-24 10:34 - 2015-09-24 10:34 - 00000000 ____D C:\Program Files\WinRAR
2015-09-24 10:34 - 2015-09-24 10:34 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\WinRAR
2015-09-24 10:34 - 2015-09-24 10:34 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
2015-09-24 09:48 - 2015-09-24 10:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WinZip
2015-09-22 10:38 - 2015-09-22 10:39 - 00000356 _____ C:\WINDOWS\WINNT32.LOG
2015-09-19 17:40 - 2015-09-19 17:40 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-09-19 17:40 - 2015-09-19 17:40 - 00000000 ____D C:\Program Files\InterLok
2015-09-19 17:39 - 2015-09-19 17:39 - 00000000 ____D C:\Program Files\Common Files\PACE Anti-Piracy
2015-09-19 17:39 - 2015-09-19 17:39 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Application Data\PACE Anti-Piracy
2015-09-19 17:39 - 2015-09-19 17:39 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\PACE Anti-Piracy
2015-09-19 17:39 - 2015-09-19 17:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
2015-09-19 17:38 - 2006-09-19 22:17 - 00638976 ____N (PACE Anti-Piracy) C:\WINDOWS\system32\ilinet.dll
2015-09-19 17:38 - 2006-03-29 14:11 - 00233472 ____N (Propellerhead Software AB) C:\WINDOWS\system32\REX Shared Library.dll
2015-09-19 17:38 - 2001-06-27 09:13 - 00217088 _____ C:\WINDOWS\system32\qtmlClient.dll
2015-09-19 17:37 - 2015-09-19 17:37 - 00000000 ____D C:\Program Files\Common Files\Digidesign
2015-09-19 14:23 - 2008-04-14 05:41 - 00021504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidserv.dll
2015-09-19 14:23 - 2008-04-14 05:41 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2015-09-19 14:23 - 2008-04-14 00:09 - 00014592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhid.sys
2015-09-19 14:23 - 2008-04-14 00:09 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-09-17 16:55 - 2015-09-17 16:55 - 00055376 _____ C:\Documents and Settings\XP POWER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-09-17 10:38 - 2015-09-17 12:17 - 00000000 ____D C:\Documents and Settings\XP POWER\Desktop\New Folder
2015-09-13 13:17 - 2015-10-09 16:47 - 00000740 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-13 13:17 - 2015-10-09 16:47 - 00000734 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2015-09-13 13:17 - 2015-10-09 16:09 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-13 12:54 - 2015-09-13 12:54 - 00242752 _____ C:\Documents and Settings\XP POWER\My Documents\Firefox Setup Stub 40.0.3.exe
2015-09-13 12:02 - 2015-10-11 03:00 - 00066364 _____ C:\WINDOWS\setupapi.log
2015-09-13 12:02 - 2015-10-11 00:17 - 00002498 _____ C:\WINDOWS\setupact.log
2015-09-13 12:02 - 2015-09-13 12:02 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-13 10:33 - 2015-10-11 03:50 - 00762241 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-13 10:33 - 2015-10-11 03:22 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-09-13 10:33 - 2015-10-11 03:22 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-09-13 10:33 - 2015-10-11 03:21 - 00032572 _____ C:\WINDOWS\SchedLgU.Txt
2015-09-13 10:33 - 2015-09-13 10:33 - 00219248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-13 10:33 - 2015-09-13 10:33 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2015-09-13 08:24 - 2015-09-13 08:24 - 00000000 ___RD C:\Program Files\Skype
2015-09-13 08:24 - 2015-09-13 08:24 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-09-13 08:24 - 2015-09-13 08:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2015-09-11 15:02 - 2015-09-11 15:02 - 00000000 ____D C:\Documents and Settings\XP POWER\My Documents\windows key words
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-11 11:58 - 2015-04-01 19:23 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\temp
2015-10-11 11:49 - 2015-03-13 12:50 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\Skype
2015-10-11 11:21 - 2015-02-19 20:54 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-11 10:21 - 2015-02-19 20:54 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-11 10:13 - 2015-02-19 16:51 - 00000000 __SHD C:\Documents and Settings\NetworkService
2015-10-11 03:22 - 2015-02-19 17:40 - 00000228 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-10-11 03:22 - 2015-02-19 16:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-11 03:07 - 2015-02-19 20:43 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-10-11 03:05 - 2015-02-19 08:30 - 00568092 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-10 10:59 - 2015-02-27 08:30 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-10-10 10:59 - 2015-02-19 16:46 - 00000000 ____D C:\Program Files\Common Files\System
2015-10-09 18:06 - 2015-05-31 08:53 - 00001823 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-10-09 17:45 - 2015-04-01 14:25 - 00000000 ____D C:\Program Files\ESET
2015-10-09 17:38 - 2008-04-14 04:00 - 00000227 _____ C:\WINDOWS\system.ini
2015-10-09 17:34 - 2015-02-19 08:29 - 00000327 __RSH C:\boot.ini
2015-10-09 17:32 - 2015-04-01 19:19 - 00000327 _____ C:\Boot.bak
2015-10-09 17:28 - 2015-04-01 14:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ESET
2015-10-09 16:49 - 2015-02-19 08:27 - 00000000 ____D C:\WINDOWS\java
2015-10-09 16:47 - 2015-08-04 08:48 - 00000729 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2015-10-09 16:47 - 2015-08-02 21:50 - 00001112 _____ C:\Documents and Settings\All Users\Desktop\Wondershare Free YouTube Downloader.lnk
2015-10-09 16:47 - 2015-07-22 19:47 - 00001863 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth.lnk
2015-10-09 16:47 - 2015-07-04 09:50 - 00000712 _____ C:\Documents and Settings\All Users\Desktop\Photobie.lnk
2015-10-09 16:47 - 2015-06-22 21:38 - 00000835 _____ C:\Documents and Settings\XP POWER\Desktop\Portrait Professional Max.lnk
2015-10-09 16:47 - 2015-04-10 12:27 - 00002415 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2015-10-09 16:47 - 2015-04-03 11:05 - 00001397 _____ C:\Documents and Settings\All Users\Desktop\R-Wipe&Clean.lnk
2015-10-09 16:47 - 2015-04-01 19:00 - 00000787 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-09 16:47 - 2015-03-05 17:30 - 00001612 _____ C:\Documents and Settings\All Users\Desktop\Readiris Pro 8.lnk
2015-10-09 16:47 - 2015-03-05 17:26 - 00000861 _____ C:\Documents and Settings\All Users\Desktop\HP Photo & Imaging.lnk
2015-10-09 16:47 - 2015-03-05 17:26 - 00000791 _____ C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2015-10-09 16:47 - 2015-03-01 19:47 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2015-10-09 16:47 - 2015-02-24 15:13 - 00000704 _____ C:\Documents and Settings\XP POWER\Desktop\Pinger.lnk
2015-10-09 16:47 - 2015-02-19 20:48 - 00000911 _____ C:\Documents and Settings\All Users\Desktop\Snagit 11 Editor.lnk
2015-10-09 16:47 - 2015-02-19 20:48 - 00000867 _____ C:\Documents and Settings\All Users\Desktop\Snagit 11.lnk
2015-10-09 16:47 - 2015-02-19 20:05 - 00001823 _____ C:\Documents and Settings\All Users\Desktop\Homestead SiteBuilder.lnk
2015-10-09 16:47 - 2015-02-19 18:46 - 00001553 _____ C:\Documents and Settings\XP POWER\Desktop\Microsoft Picture It! Photo 2001.lnk
2015-10-09 16:47 - 2015-02-19 18:03 - 00000927 _____ C:\Documents and Settings\XP POWER\Desktop\Revo Uninstaller.lnk
2015-10-09 16:47 - 2015-02-19 16:47 - 00000796 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
2015-10-09 16:37 - 2015-04-01 19:01 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-09 16:09 - 2015-04-01 08:38 - 00000000 ____D C:\Program Files\7-Zip
2015-10-09 16:09 - 2015-02-19 16:48 - 00023392 _____ C:\WINDOWS\system32\nscompat.tlb
2015-10-09 16:09 - 2015-02-19 16:48 - 00016832 _____ C:\WINDOWS\system32\amcompat.tlb
2015-10-09 16:09 - 2008-04-14 04:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-10-09 15:31 - 2015-02-19 08:30 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-10-09 15:27 - 2015-02-19 16:51 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-10-09 15:07 - 2015-02-19 08:27 - 00000000 ____D C:\WINDOWS\Help
2015-10-09 15:07 - 2008-04-14 04:00 - 00000603 _____ C:\WINDOWS\win.ini
2015-10-09 15:06 - 2015-02-27 08:33 - 00017200 ____C C:\WINDOWS\Wudf01000Inst.log
2015-10-09 13:25 - 2015-02-19 18:43 - 00000000 ____D C:\Program Files\Microsoft Picture It! PhotoPub
2015-10-09 00:38 - 2015-08-04 08:49 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\vlc
2015-10-08 15:23 - 2015-02-19 17:40 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-09-19 17:39 - 2015-07-01 21:32 - 00000000 ___HD C:\Documents and Settings\XP POWER\Local Settings\Application Data\ZRwS98uqM
2015-09-19 17:39 - 2013-12-11 16:03 - 00000000 ___HD C:\Documents and Settings\XP POWER\Local Settings\Application Data\jQtHVdKPJs
2015-09-13 12:28 - 2015-02-19 17:00 - 00000000 __SHD C:\Documents and Settings\XP POWER\PrivacIE
2015-09-13 10:43 - 2015-07-08 16:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\R-Wipe&Clean
2015-09-13 10:43 - 2015-04-03 11:05 - 00000000 ____D C:\Documents and Settings\XP POWER\Application Data\R-Wipe&Clean
2015-09-13 08:24 - 2015-03-13 12:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2015-09-11 11:02 - 2015-02-19 20:54 - 00000000 ____D C:\Documents and Settings\XP POWER\Local Settings\Application Data\Google
 
==================== Files in the root of some directories =======
 
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\2DvsHKa4N
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\838w6fuWq9mlst
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\CM8G96KmgcfxB9FWM2i2jFL3
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\hTmLu7END
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\lwwYCLdvcFaBsAGu8H9qXFhu3
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\m09PmwEyEPlH8DJPaf0
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Documents and Settings\XP POWER\Application Data\p4lyApZNzpLUL7Og720FLvePKCM
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\UJdRn6iCLf98arYbdbTzVF
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\yLRTdARaq631ddySmyG0VyMwfnX
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Documents and Settings\XP POWER\Application Data\yUFcWfJev7
2015-02-19 20:42 - 2015-08-26 07:00 - 0014848 _____ () C:\Documents and Settings\XP POWER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Some files in TEMP:
====================
C:\Documents and Settings\XP POWER\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\XP POWER\Local Settings\temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP