Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unable to run all antivirus and antimalware programs. [Closed]


  • This topic is locked This topic is locked

#1
BillyJones8904

BillyJones8904

    New Member

  • Member
  • Pip
  • 3 posts

Hello G2G!

 

I have not been able to install Malwarebytes, nor can I run any antimalware programs like tdsskiller or rouguekiller. I have tried to rename them.

 

I have attached my logs.

 

Thank you :)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-11-2015
Ran by Owner (administrator) on BACK_BEDROOM (24-11-2015 18:33:00)
Running from C:\
Loaded Profiles: Owner (Available Profiles: Owner & Steve & Sara)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Creative Technology Ltd) C:\WINDOWS\system32\CTsvcCDA.EXE
(Boingo Wireless, Inc.) C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
(LogMeIn, Inc.) C:\Documents and Settings\Owner\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0006.tmp\LMI_Rescue_srv.exe
(Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe
(Broadcom Corporation) C:\WINDOWS\BCMSMMSG.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd.exe
(Hewlett-Packard Company) C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
(RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Logitech Inc.) C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
(Microsoft Corp.) C:\Program Files\Microsoft Money\System\mnyexpr.exe
(LogMeIn, Inc.) C:\Documents and Settings\Owner\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0006.tmp\lmi_rescue.exe
(EarthLink, Inc.) C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Creative Technology Ltd) C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
(HP) C:\WINDOWS\system32\hpzipm12.exe
(LogMeIn, Inc.) C:\Documents and Settings\Owner\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0006.tmp\LMI_Rescue_srv.exe
(??????????? ???????????, 2007-2015) C:\avz4\avz.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Utility] => C:\WINDOWS\Logi_MwX.Exe [19968 2003-05-16] (Logitech Inc.)
HKLM\...\Run: [diagent] => C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [135264 2002-04-03] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [dla] => C:\WINDOWS\system32\dla\tfswctrl.exe [114741 2003-08-06] (Sonic Solutions)
HKLM\...\Run: [StorageGuard] => C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [155648 2003-02-13] (Sonic Solutions)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [BCMSMMSG] => C:\WINDOWS\BCMSMMSG.exe [122880 2003-08-29] (Broadcom Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd.exe [49152 2003-06-25] (Hewlett-Packard)
HKLM\...\Run: [HP Component Manager] => C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [241664 2004-05-12] (Hewlett-Packard Company)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [185872 2008-12-07] (RealNetworks, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998104 2015-07-07] (Adobe Systems Incorporated)
HKLM\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [840264 2015-11-20] (Webroot)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll [2003-10-02] (Intel Corporation)
HKLM\...\Policies\Explorer: [] 
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Run: [MoneyAgent] => C:\Program Files\Microsoft Money\System\mnyexpr.exe [200704 2003-06-18] (Microsoft Corp.)
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Run: [NBJ] => C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [1961984 2005-10-11] (Ahead Software AG)
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Run: [E6TaskPanel] => C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [942080 2005-09-01] (EarthLink, Inc.)
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\RunOnce: [*LogMeInRescue_301236020] => C:\Documents and Settings\Owner\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0006.tmp\lmi_rescue.exe [3983120 2015-11-24] (LogMeIn, Inc.)
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-583907252-412668190-839522115-1003\...\MountPoints2: {99c71520-566d-11e0-a613-000d565d02cf} - G:\LaunchU3.exe
HKU\S-1-5-21-583907252-412668190-839522115-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\rkill.scr [2019656 2015-11-24] (Bleeping Computer, LLC)
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2008-11-02]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-11-20]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-583907252-412668190-839522115-1003] => Proxy is enabled.
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{004D185E-55F2-4585-8104-6EBAA6426454}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.earthlink.net/partner/more/msie/button/search.html
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.earthlink.net/partner/more/msie/button/search.html
HKU\S-1-5-21-583907252-412668190-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.earthlink.net
HKU\S-1-5-21-583907252-412668190-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.earthlink.net/partner/more/msie/button/search.html
HKU\S-1-5-21-583907252-412668190-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://start.earthlink.net/AL/Search
URLSearchHook: [S-1-5-21-583907252-412668190-839522115-1003] ATTENTION => Default URLSearchHook is missing
URLSearchHook: HKU\S-1-5-21-583907252-412668190-839522115-1003 - SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll (EarthLink, Inc.)
SearchScopes: HKLM -> {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = hxxp://eimg.net/sw/toolbar/4/2/rd601.html?area=earthlink-ws-altsearchbox&channel=elnkdsearch&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = hxxp://eimg.net/sw/toolbar/4/2/rd601.html?area=earthlink-ws-altsearchbox&channel=elnkdsearch&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = hxxp://eimg.net/sw/toolbar/4/2/rd601.html?area=earthlink-ws-altsearchbox&channel=elnkdsearch&q={searchTerms}
SearchScopes: HKU\S-1-5-21-583907252-412668190-839522115-1003 -> DefaultScope {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = hxxp://eimg.net/sw/toolbar/4/2/rd601.html?area=earthlink-ws-altsearchbox&channel=elnkdsearch&q={searchTerms}
SearchScopes: HKU\S-1-5-21-583907252-412668190-839522115-1003 -> {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = hxxp://eimg.net/sw/toolbar/4/2/rd601.html?area=earthlink-ws-altsearchbox&channel=elnkdsearch&q={searchTerms}
BHO: ElnkPubBHO Class -> {512ACF1B-64D9-4928-B382-A80556F28DB4} -> C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPub.dll [2011-02-15] (EarthLink, Inc.)
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\system32\dla\tfswshx.dll [2003-08-06] (Sonic Solutions)
BHO: IE_PopupBlocker Class -> {656EC4B7-072B-4698-B504-2A414C1F0037} -> C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll [2005-02-02] (Propel Software Corporation)
BHO: ElnkProtectionBHO Class -> {9579D574-D4D8-4335-9560-FE8641A013BD} -> C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll [2011-02-15] (EarthLink, Inc.)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-11-03] (Webroot)
BHO: ElnkLegacyUninstBHO Class -> {E713904C-DF05-4C79-BBAD-02DB923253BE} -> C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll [2011-02-15] (EarthLink, Inc.)
BHO: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -> No File
Toolbar: HKLM - EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll [2011-02-15] (EarthLink, Inc.)
Toolbar: HKU\.DEFAULT -> EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll [2011-02-15] (EarthLink, Inc.)
Toolbar: HKU\S-1-5-21-583907252-412668190-839522115-1003 -> EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll [2011-02-15] (EarthLink, Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll [2004-05-12] (Hewlett-Packard Company)
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhhq5a12.default-1445476553906
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2008-10-16] (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2008-12-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2008-12-07] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2008-12-07] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.)
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhhq5a12.default-1445476553906\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [not found]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-18] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Documents and Settings\All Users\Application Data\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\Documents and Settings\All Users\Application Data\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-11-03]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://my.earthlink.net/
CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
CHR Extension: (Gmail) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKLM\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
R2 EarthLinkMonitor; C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe [65604 2005-01-26] (Boingo Wireless, Inc.) [File not signed]
R2 LMIRescue_87e80eba-8d8b-4821-8b6e-ed336cba6a6a; C:\Documents and Settings\Owner\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0006.tmp\LMI_Rescue_srv.exe [3983120 2015-11-24] (LogMeIn, Inc.)
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [114800 2015-06-27] (Mozilla Foundation) [File not signed]
R2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed]
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [840264 2015-11-20] (Webroot)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)
S3 bvrp_pci; C:\WINDOWS\System32\drivers\bvrp_pci.sys [4272 2003-08-28] () [File not signed]
S3 BW2NDIS5; C:\WINDOWS\System32\Drivers\BW2NDIS5.sys [17536 2004-11-01] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [84576 2003-07-31] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40448 2003-06-20] (Sonic Solutions) [File not signed]
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51056 2003-08-11] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2003-08-11] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21488 2003-08-11] (HP)
R3 L8042pr2; C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys [53869 2003-05-16] (Logitech, Inc.)
R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed]
R3 P16X; C:\WINDOWS\System32\drivers\P16X.sys [1296384 2003-08-14] (Creative Technology Ltd.)
R2 PfModNT; C:\WINDOWS\System32\PfModNT.sys [6752 1999-12-17] (Creative Technology Ltd.) [File not signed]
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5621 2003-07-14] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23219 2003-07-14] (Sonic Solutions) [File not signed]
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25685 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34837 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4117 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2233 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [83284 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14229 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6357 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98068 2003-08-06] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100373 2003-08-06] (Sonic Solutions) [File not signed]
U3 uti0odaz; C:\WINDOWS\system32\Drivers\uti0odaz.sys [7168 2015-11-24] () [File not signed]
R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [119288 2015-10-14] (Webroot)
S3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [25600 2015-11-03] (Webroot) [File not signed]
R3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [120830 2003-10-08] (Intel Corporation)
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [98842 2003-10-08] (Intel Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-24 18:20 - 2015-11-24 18:33 - 00000000 ____D C:\avz4
2015-11-24 17:35 - 2015-11-24 17:35 - 00002684 _____ C:\FSS.txt
2015-11-24 17:35 - 2015-11-24 17:26 - 00415744 _____ (Farbar) C:\FSS.exe
2015-11-24 14:58 - 2015-11-24 14:54 - 02019656 _____ (Bleeping Computer, LLC) C:\rkill.scr
2015-11-24 14:58 - 2015-11-24 14:54 - 02019656 _____ (Bleeping Computer, LLC) C:\rkill.com
2015-11-24 14:57 - 2015-11-24 14:53 - 02019656 _____ (Bleeping Computer, LLC) C:\WiNlOgOn.exe
2015-11-24 14:57 - 2015-11-24 14:53 - 02019656 _____ (Bleeping Computer, LLC) C:\uSeRiNiT.exe
2015-11-24 14:17 - 2014-09-11 03:57 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\procexp.exe
2015-11-24 14:12 - 2006-11-01 15:07 - 00334720 _____ (Sysinternals - www.sysinternals.com) C:\RootkitRevealer.exe
2015-11-24 14:08 - 2015-11-24 14:04 - 00783640 _____ (McAfee, Inc.) C:\rootkitremover.exe
2015-11-24 13:18 - 2015-11-23 19:54 - 00380416 _____ C:\ob8gj0dk.exe
2015-11-24 13:11 - 2015-11-24 13:11 - 00000512 _____ C:\MBRDUMP.txt
2015-11-23 22:03 - 2015-11-23 22:04 - 00023246 _____ C:\Addition.txt
2015-11-23 21:58 - 2008-04-13 13:36 - 00014208 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\battc.sys
2015-11-23 21:58 - 2001-08-17 14:56 - 00342336 ____C (3Dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\banshee.dll
2015-11-23 21:58 - 2001-08-17 12:48 - 00036128 ____C (3Dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\banshee.sys
2015-11-23 21:58 - 2001-08-17 12:19 - 00036992 ____C (Aztech Systems Ltd) C:\WINDOWS\system32\dllcache\aztw2320.sys
2015-11-23 21:58 - 2001-08-17 12:13 - 00089952 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\b1cbase.sys
2015-11-23 21:58 - 2001-08-17 12:13 - 00037568 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\avmwan.sys
2015-11-23 21:58 - 2001-08-17 12:11 - 00096640 ____C (Broadcom Corporation) C:\WINDOWS\system32\dllcache\b57xp32.sys
2015-11-23 21:57 - 2015-11-24 18:34 - 00029231 _____ C:\FRST.txt
2015-11-23 21:57 - 2008-04-13 13:46 - 00038912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avc.sys
2015-11-23 21:57 - 2008-04-13 13:46 - 00013696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avcstrm.sys
2015-11-23 21:57 - 2002-08-29 01:59 - 00036224 ____C (ADMtek Incorporated.) C:\WINDOWS\system32\dllcache\an983.sys
2015-11-23 21:57 - 2001-08-17 22:37 - 00024576 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\agcgauge.ax
2015-11-23 21:57 - 2001-08-17 22:36 - 00144384 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\avmenum.dll
2015-11-23 21:57 - 2001-08-17 22:36 - 00087552 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\avmcoxp.dll
2015-11-23 21:57 - 2001-08-17 22:36 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\atievxx.exe
2015-11-23 21:57 - 2001-08-17 14:56 - 00268160 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atidvai.dll
2015-11-23 21:57 - 2001-08-17 14:56 - 00137216 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atidrae.dll
2015-11-23 21:57 - 2001-08-17 14:56 - 00104832 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atiraged.dll
2015-11-23 21:57 - 2001-08-17 14:55 - 00382592 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atidrab.dll
2015-11-23 21:57 - 2001-08-17 14:55 - 00096128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ati.dll
2015-11-23 21:57 - 2001-08-17 14:07 - 00056960 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aic78xx.sys
2015-11-23 21:57 - 2001-08-17 14:07 - 00055168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aic78u2.sys
2015-11-23 21:57 - 2001-08-17 14:01 - 00036096 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avcaudio.sys
2015-11-23 21:57 - 2001-08-17 13:57 - 00077568 ____C (ATI Technologies, Inc.) C:\WINDOWS\system32\dllcache\ati.sys
2015-11-23 21:57 - 2001-08-17 13:52 - 00026496 ____C (Advanced System Products, Inc.) C:\WINDOWS\system32\dllcache\asc.sys
2015-11-23 21:57 - 2001-08-17 13:52 - 00022400 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\asc3350p.sys
2015-11-23 21:57 - 2001-08-17 13:52 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aha154x.sys
2015-11-23 21:57 - 2001-08-17 13:52 - 00012032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\amsint.sys
2015-11-23 21:57 - 2001-08-17 13:51 - 00014848 ____C (Advanced System Products, Inc.) C:\WINDOWS\system32\dllcache\asc3550.sys
2015-11-23 21:57 - 2001-08-17 13:51 - 00005248 ____C (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\aliide.sys
2015-11-23 21:57 - 2001-08-17 13:49 - 00026624 ____C (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\alifir.sys
2015-11-23 21:57 - 2001-08-17 13:47 - 00006272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\apmbatt.sys
2015-11-23 21:57 - 2001-08-17 12:49 - 00075136 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atimpae.sys
2015-11-23 21:57 - 2001-08-17 12:49 - 00049920 ____C C:\WINDOWS\system32\dllcache\atirtcap.sys
2015-11-23 21:57 - 2001-08-17 12:49 - 00046464 ____C C:\WINDOWS\system32\dllcache\atibt829.sys
2015-11-23 21:57 - 2001-08-17 12:49 - 00026880 ____C C:\WINDOWS\system32\dllcache\atirtsnd.sys
2015-11-23 21:57 - 2001-08-17 12:49 - 00026624 ____C C:\WINDOWS\system32\dllcache\ativxbar.sys
2015-11-23 21:57 - 2001-08-17 12:49 - 00023552 ____C C:\WINDOWS\system32\dllcache\atixbar.sys
2015-11-23 21:57 - 2001-08-17 12:49 - 00019456 ____C C:\WINDOWS\system32\dllcache\ativttxx.sys
2015-11-23 21:57 - 2001-08-17 12:49 - 00017152 ____C C:\WINDOWS\system32\dllcache\atitvsnd.sys
2015-11-23 21:57 - 2001-08-17 12:49 - 00017152 ____C C:\WINDOWS\system32\dllcache\atitunep.sys
2015-11-23 21:57 - 2001-08-17 12:49 - 00010240 ____C C:\WINDOWS\system32\dllcache\atipcxxx.sys
2015-11-23 21:57 - 2001-08-17 12:49 - 00009472 ____C C:\WINDOWS\system32\dllcache\ativmdcd.sys
2015-11-23 21:57 - 2001-08-17 12:48 - 00289664 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atimpab.sys
2015-11-23 21:57 - 2001-08-17 12:48 - 00281600 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atimtai.sys
2015-11-23 21:57 - 2001-08-17 12:48 - 00070528 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atiragem.sys
2015-11-23 21:57 - 2001-08-17 12:12 - 00097354 ____C (Bay Networks, Inc.) C:\WINDOWS\system32\dllcache\aspndis3.sys
2015-11-23 21:57 - 2001-08-17 12:11 - 00027678 ____C (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\ali5261.sys
2015-11-23 21:57 - 2001-08-17 12:11 - 00016969 ____C (AmbiCom, Inc.) C:\WINDOWS\system32\dllcache\amb8002.sys
2015-11-23 21:56 - 2015-11-23 21:56 - 01718784 _____ (Farbar) C:\FRST.exe
2015-11-23 21:56 - 2008-04-13 13:46 - 00053376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\1394bus.sys
2015-11-23 21:56 - 2008-04-13 13:46 - 00048128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\61883.sys
2015-11-23 21:56 - 2008-04-13 13:40 - 00012288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\4mmdat.sys
2015-11-23 21:56 - 2002-08-29 02:00 - 00231552 ____C (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\ac97ali.sys
2015-11-23 21:56 - 2002-08-29 02:00 - 00084480 ____C (VIA Technologies, Inc.) C:\WINDOWS\system32\dllcache\ac97via.sys
2015-11-23 21:56 - 2002-08-29 02:00 - 00010880 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\admjoy.sys
2015-11-23 21:56 - 2001-08-17 22:36 - 00462848 ____C (Aureal Inc.) C:\WINDOWS\system32\dllcache\a3dapi.dll
2015-11-23 21:56 - 2001-08-17 22:36 - 00061440 ____C (Color Flatbed Scanner) C:\WINDOWS\system32\dllcache\acerscad.dll
2015-11-23 21:56 - 2001-08-17 14:55 - 00689216 ____C (3dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\3dfxvs.dll
2015-11-23 21:56 - 2001-08-17 14:55 - 00038400 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\8514a.dll
2015-11-23 21:56 - 2001-08-17 14:07 - 00101888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\adpu160m.sys
2015-11-23 21:56 - 2001-08-17 14:06 - 00011264 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\1394vdbg.sys
2015-11-23 21:56 - 2001-08-17 13:53 - 00007424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\adicvls.sys
2015-11-23 21:56 - 2001-08-17 13:52 - 00023552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\abp480n5.sys
2015-11-23 21:56 - 2001-08-17 13:28 - 00762780 ____C (3Com, Inc.) C:\WINDOWS\system32\dllcache\3cwmcru.sys
2015-11-23 21:56 - 2001-08-17 12:48 - 00148352 ____C (3dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\3dfxvsm.sys
2015-11-23 21:56 - 2001-08-17 12:20 - 00297728 ____C (Silicon Integrated Systems Corp.) C:\WINDOWS\system32\dllcache\ac97sis.sys
2015-11-23 21:56 - 2001-08-17 12:20 - 00096256 ____C (Intel Corporation) C:\WINDOWS\system32\dllcache\ac97intc.sys
2015-11-23 21:56 - 2001-08-17 12:19 - 00747392 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\adm8830.sys
2015-11-23 21:56 - 2001-08-17 12:19 - 00584448 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\adm8810.sys
2015-11-23 21:56 - 2001-08-17 12:19 - 00553984 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\adm8820.sys
2015-11-23 21:56 - 2001-08-17 12:11 - 00046112 ____C (Adaptec, Inc ) C:\WINDOWS\system32\dllcache\adptsf50.sys
2015-11-23 21:56 - 2001-08-17 12:11 - 00020160 ____C (ADMtek Incorporated) C:\WINDOWS\system32\dllcache\adm8511.sys
2015-11-23 21:55 - 2001-08-17 14:56 - 00066048 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\s3legacy.dll
2015-11-23 21:54 - 2015-11-23 19:57 - 04397752 _____ (Kaspersky Lab ZAO) C:\ob9.exe
2015-11-23 21:52 - 2015-11-09 22:00 - 18979400 _____ C:\1293478.exe
2015-11-23 21:52 - 2012-02-01 10:52 - 00472064 _____ ( ) C:\RootRepeal.exe
2015-11-23 21:38 - 2015-11-23 21:42 - 00000000 ____D C:\AdwCleaner
2015-11-23 21:21 - 2015-11-23 21:21 - 00000000 ____D C:\Qoobox
2015-11-23 21:20 - 2015-11-24 14:59 - 00000000 ___SD C:\32788R22FWJFW
2015-11-23 21:20 - 2015-11-23 21:20 - 00000000 ____D C:\WINDOWS\erdnt
2015-11-23 21:20 - 2015-11-23 21:16 - 01733632 _____ C:\AdwCleaner.exe
2015-11-23 21:20 - 2015-11-23 21:16 - 01599080 _____ (Malwarebytes) C:\JRT.exe
2015-11-23 21:20 - 2015-11-23 21:15 - 05640282 ____R (Swearware) C:\ComboFix.exe
2015-11-23 21:18 - 2015-09-16 17:24 - 02019656 _____ (Bleeping Computer, LLC) C:\rkill.exe
2015-11-23 19:48 - 2015-11-23 19:48 - 22908888 _____ (Malwarebytes ) C:\Documents and Settings\Owner\Desktop\mbam-setup-2.2.0.1024 (1).exe
2015-11-23 19:22 - 2015-11-23 19:22 - 01419608 _____ C:\WINDOWS\system32\321.log
2015-11-23 19:21 - 2015-11-24 18:33 - 00000000 ____D C:\FRST
2015-11-23 19:21 - 2015-11-23 21:56 - 00000000 ____D C:\FRST-OlderVersion
2015-11-23 19:19 - 2015-11-23 19:19 - 22908888 _____ (Malwarebytes ) C:\Documents and Settings\Owner\Desktop\mbam-setup-2.2.0.1024.exe
2015-11-23 19:17 - 2015-11-23 19:17 - 00000654 _____ C:\Documents and Settings\Owner\Desktop\Shortcut to recuva.exe.lnk
2015-11-23 19:17 - 2015-04-08 11:23 - 03888920 _____ (Piriform Ltd) C:\Documents and Settings\Owner\Desktop\recuva.exe
2015-11-23 19:00 - 2015-11-23 19:12 - 00000000 ____D C:\Program Files\Recuva
2015-11-23 18:45 - 2015-11-24 12:26 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\LogMeIn Rescue Applet
2015-11-20 19:38 - 2015-11-20 20:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2015-11-20 11:15 - 2015-11-20 11:18 - 00000000 ____D C:\Program Files\Microsoft Photo Editor
2015-11-20 11:15 - 2015-11-20 11:15 - 00000693 _____ C:\Documents and Settings\All Users\Desktop\Microsoft Photo Editor.lnk
2015-11-20 11:15 - 2015-11-20 11:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Photo Editor
2015-11-20 10:20 - 2015-11-20 10:20 - 00001978 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Publisher.lnk
2015-11-20 10:20 - 2015-11-20 10:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Small Business Tools
2015-11-20 10:18 - 2015-11-20 10:18 - 00000000 ____D C:\Program Files\Snapshot Viewer
2015-11-20 10:10 - 2015-11-21 20:03 - 00002479 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2015-11-20 10:10 - 2015-11-20 10:10 - 00002046 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Outlook.lnk
2015-11-20 10:10 - 2015-11-20 10:10 - 00002030 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2015-11-20 10:10 - 2015-11-20 10:10 - 00002002 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk
2015-11-20 10:10 - 2015-11-20 10:10 - 00002002 _____ C:\Documents and Settings\All Users\Start Menu\Open Office Document.lnk
2015-11-20 10:10 - 2015-11-20 10:10 - 00001992 _____ C:\Documents and Settings\All Users\Start Menu\New Office Document.lnk
2015-11-20 10:10 - 2015-11-20 10:10 - 00001990 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Access.lnk
2015-11-20 10:10 - 2015-11-20 10:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
2015-11-20 10:09 - 2015-11-20 10:19 - 00000000 ____D C:\WINDOWS\ShellNew
2015-11-20 10:09 - 2015-11-20 10:09 - 00000000 ____D C:\Program Files\Common Files\Designer
2015-11-20 10:08 - 2015-11-20 10:19 - 00000000 ____D C:\Program Files\Microsoft Office
2015-10-27 20:33 - 2015-10-27 20:33 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-27 20:32 - 2015-10-27 20:32 - 00001604 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2015-10-27 20:32 - 2015-10-27 20:32 - 00000000 ____D C:\Program Files\QuickTime
2015-10-27 20:32 - 2015-10-27 20:32 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2015-10-27 20:19 - 2015-10-27 20:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple
2015-10-22 22:08 - 2015-10-22 22:09 - 00111307 _____ C:\Documents and Settings\Owner\My Documents\securedoc_20151022T130953.html
2015-10-21 20:16 - 2015-11-23 19:14 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Old Firefox Data
2015-10-02 20:29 - 2015-11-23 19:14 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\The Buckeye Hosteler
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-24 18:34 - 2008-11-01 13:21 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Temp
2015-11-24 17:44 - 2008-11-03 01:25 - 01831503 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-24 15:28 - 2012-02-08 22:51 - 00000617 _____ C:\Documents and Settings\All Users\Desktop\Webroot SecureAnywhere.lnk
2015-11-24 15:28 - 2008-11-01 13:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-24 15:28 - 2008-10-31 19:11 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-11-24 15:28 - 2008-10-31 19:11 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-11-24 15:25 - 2008-11-01 13:21 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini
2015-11-24 15:25 - 2008-11-01 13:20 - 00032418 _____ C:\WINDOWS\SchedLgU.Txt
2015-11-24 04:05 - 2012-02-08 22:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WRData
2015-11-23 22:22 - 2008-11-02 22:04 - 00000116 _____ C:\WINDOWS\NeroDigital.ini
2015-11-23 22:14 - 2008-11-01 13:20 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2015-11-23 21:58 - 2013-04-28 02:02 - 00102376 ____C C:\WINDOWS\setupapi.log
2015-11-23 21:42 - 2008-11-04 07:03 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Yahoo!
2015-11-23 19:45 - 2015-03-03 21:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\QufpeTbexe
2015-11-23 19:43 - 2003-07-16 15:53 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-11-23 19:14 - 2015-01-04 14:37 - 00000000 ____D C:\Documents and Settings\Sara\Application Data\pdf995
2015-11-23 19:14 - 2014-12-16 21:27 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\3D Graffiti
2015-11-23 19:14 - 2014-09-12 15:58 - 00000000 ____D C:\Documents and Settings\Sara\Local Settings\Application Data\Google
2015-11-23 19:14 - 2014-09-12 15:58 - 00000000 ____D C:\Documents and Settings\Sara
2015-11-23 19:14 - 2014-05-09 21:37 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Mozilla
2015-11-23 19:14 - 2014-04-27 18:21 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Google
2015-11-23 19:14 - 2013-11-19 20:52 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Girls on Bikes
2015-11-23 19:14 - 2013-05-04 23:51 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\D Drive stuff
2015-11-23 19:14 - 2012-07-18 21:48 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Divorce Stuff
2015-11-23 19:14 - 2012-07-17 21:44 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\CB250 Nighthawk Info
2015-11-23 19:14 - 2011-03-24 18:25 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Malwarebytes
2015-11-23 19:14 - 2010-12-13 22:04 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Stuff For Sale
2015-11-23 19:14 - 2010-07-11 00:36 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\My Scans
2015-11-23 19:14 - 2010-07-11 00:36 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\HP
2015-11-23 19:14 - 2009-11-24 18:23 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Subaru_Legacy_Parts_manuals
2015-11-23 19:14 - 2009-04-05 14:47 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\pdf995
2015-11-23 19:14 - 2009-03-12 19:46 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\TaxCut
2015-11-23 19:14 - 2009-03-12 19:43 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\TaxCut
2015-11-23 19:14 - 2009-02-20 22:24 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Porn
2015-11-23 19:14 - 2009-01-31 21:54 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Symantec
2015-11-23 19:14 - 2008-12-07 11:59 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Real
2015-11-23 19:14 - 2008-11-04 23:22 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Ahead
2015-11-23 19:14 - 2008-11-03 22:15 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Adobe
2015-11-23 19:14 - 2008-11-02 23:35 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Earthlink
2015-11-23 19:14 - 2008-11-02 21:10 - 00000000 ____D C:\Documents and Settings\Steve
2015-11-23 19:14 - 2008-11-01 13:21 - 00000000 ____D C:\Documents and Settings\Owner
2015-11-23 19:14 - 2008-11-01 13:20 - 00000000 __SHD C:\Documents and Settings\LocalService
2015-11-23 19:14 - 2008-11-01 13:11 - 00000000 __SHD C:\Documents and Settings\All Users\DRM
2015-11-23 19:13 - 2012-08-26 09:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DivX
2015-11-23 19:13 - 2011-03-24 18:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-11-23 19:13 - 2010-09-18 11:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\webroot
2015-11-23 19:13 - 2009-02-13 19:47 - 00000000 ____D C:\cabs
2015-11-23 19:13 - 2009-01-31 21:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
2015-11-23 19:13 - 2008-11-08 17:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SBT
2015-11-23 19:13 - 2008-11-02 21:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Creative
2015-11-23 19:13 - 2008-11-01 13:17 - 00000000 ____D C:\DELL
2015-11-21 22:11 - 2008-11-05 20:18 - 00000000 ____D C:\Program Files\Microsoft Money
2015-11-20 12:21 - 2010-06-08 20:51 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Help
2015-11-20 12:21 - 2008-10-31 19:08 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-11-20 12:21 - 2008-10-31 19:03 - 00000000 ____D C:\WINDOWS\system
2015-11-20 10:20 - 2008-11-02 23:30 - 00000453 ____C C:\WINDOWS\ODBC.INI
2015-11-20 10:18 - 2008-11-01 13:17 - 00000000 ____D C:\Program Files\microsoft frontpage
2015-11-20 10:18 - 2008-11-01 13:10 - 00000000 ____D C:\Program Files\Common Files\System
2015-11-20 10:10 - 2003-07-16 15:51 - 00000716 _____ C:\WINDOWS\win.ini
2015-11-20 10:09 - 2008-10-31 19:03 - 00000000 ____D C:\WINDOWS\Media
2015-11-20 08:16 - 2012-02-08 22:51 - 00172328 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2015-11-17 23:01 - 2008-11-01 13:43 - 00138240 _____ C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-16 22:45 - 2008-11-02 20:57 - 00373861 _____ C:\WINDOWS\wmsetup.log
2015-11-13 20:32 - 2013-08-15 02:03 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-13 20:08 - 2008-11-02 23:25 - 143250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-12 04:28 - 2014-04-27 18:26 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-11-10 19:32 - 2015-04-15 02:33 - 04699336 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2015-11-10 19:32 - 2012-04-25 20:54 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-11-10 19:32 - 2012-01-24 20:26 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-11-05 20:22 - 2011-11-01 20:36 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\vlc
2015-11-03 22:15 - 2015-02-26 07:49 - 00025600 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
2015-11-01 21:48 - 2008-10-31 19:08 - 00522814 ____C C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-28 21:30 - 2008-11-23 18:45 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Apple Computer
2015-10-28 21:28 - 2008-11-23 18:40 - 00000000 ____D C:\Program Files\Apple Software Update
2015-10-27 20:31 - 2008-11-23 18:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer
2015-10-27 20:19 - 2008-11-23 18:40 - 00001830 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
 
==================== Files in the root of some directories =======
 
2014-04-27 18:21 - 2014-04-27 18:21 - 0000000 ____C () C:\Program Files\GUM6F.tmp
2008-11-01 13:43 - 2015-11-17 23:01 - 0138240 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-11-05 19:08 - 2008-11-05 19:08 - 0000128 ____C () C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
2015-06-29 22:04 - 2015-06-29 22:04 - 0000600 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\PUTTY.RND
2010-10-05 17:15 - 2010-11-01 19:14 - 0001940 ____C () C:\Documents and Settings\Owner\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
 
Some files in TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Steve\Local Settings\Temp\BandooV3.exe
C:\Documents and Settings\Steve\Local Settings\Temp\flvplayer_setup.exe
C:\Documents and Settings\Steve\Local Settings\Temp\vlc-1.1.11-win32.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:23-11-2015
Ran by Owner (2015-11-24 18:36:21)
Running from C:\
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2008-11-01 18:18:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-583907252-412668190-839522115-500 - Administrator - Enabled)
ASPNET (S-1-5-21-583907252-412668190-839522115-1005 - Limited - Enabled)
Guest (S-1-5-21-583907252-412668190-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-583907252-412668190-839522115-1000 - Limited - Disabled)
Owner (S-1-5-21-583907252-412668190-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Owner
Sara (S-1-5-21-583907252-412668190-839522115-1006 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Sara
Steve (S-1-5-21-583907252-412668190-839522115-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Steve
SUPPORT_388945a0 (S-1-5-21-583907252-412668190-839522115-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Webroot SecureAnywhere (Enabled - Up to date) {D486329C-1488-4CEB-9CC8-D662B732D904}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1300 (Version: 5.31.1.27 - Hewlett-Packard) Hidden
1300_Help (Version: 5.31.1.27 -  Hewlett-Packard) Hidden
1300Tour (Version: 5.31.1.27 -  Hewlett-Packard) Hidden
1300Trb (Version: 5.31.1.27 -  Hewlett-Packard) Hidden
Access Drivers (Version: 2.8 - EarthLink) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
AiO_Scan (Version: 5.31.1.27 - Hewlett-Packard) Hidden
AIOMinimal (Version: 5.31.1.27 - Hewlett-Packard) Hidden
AiOSoftware (Version: 5.31.1.27 - Hewlett-Packard) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
B57Inst (Version: 3.40 - Broadcom) Hidden
BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version:  - )
Broadcom 440x 10/100 Integrated Controller (HKLM\...\InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}) (Version: 3.29 - Broadcom)
Broadcom 440x 10/100 Integrated Controller (Version: 3.29 - Broadcom) Hidden
Broadcom Driver Installer (HKLM\...\InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}) (Version: 3.40 - Broadcom)
Copy (Version: 5.31.0.150 - Hewlett-Packard) Hidden
CreativeProjects (Version: 5.31.0.150 - Hewlett-Packard) Hidden
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Deal Info (Version: 2005.2.98.0 - EarthLink, Inc) Hidden
Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version:  - )
Director (Version: 5.31.0.154 - Hewlett-Packard) Hidden
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 6.6.1 - DivX, Inc.)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.3.80 - DivX, LLC)
DocProc (Version: 3.1.0.0 - Hewlett-Packard) Hidden
EarthLink Accelerator (Version: 5.0.1.1054 - EarthLink, Inc.) Hidden
EarthLink Common Authentication (Version: 1.0.87.0 - ) Hidden
EarthLink FastLane (Version: 5.5.100.115 - EarthLink, Inc) Hidden
EarthLink MailBox (Version: 2005.2.15.0 - EarthLink, Inc.) Hidden
EarthLink Software (HKLM\...\EarthLink TotalAccess 2004) (Version: 2005.2.118.0 - )
EarthLink Spyware Blocker (Version: 2005.1.45.0 - EarthLink, Inc.) Hidden
EarthLink Toolbar (HKLM\...\{B8C2A83F-20B0-49D9-BA2B-6495DD8639ED}) (Version: 2.2.59.0 - EarthLink, Inc.)
EarthLink Wireless High Speed (Version: 1.4.1221 - EarthLink, Inc) Hidden
Fax (Version: 5.31.2.31 - Hewlett-Packard) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
H&R Block Basic + Efile + State 2011 (HKLM\...\{70469C1D-DDF0-44A0-B873-9F28B354256C}) (Version: 11.03.7102 - HRB Technology, LLC.)
H&R Block Basic + Efile 2009 (HKLM\...\{92A0792A-E771-4C4A-9A4A-C2917AA19EEA}) (Version: 09.02.6901 - HRB Technology, LLC.)
H&R Block Basic + Efile 2010 (HKLM\...\{FD2B3CFD-AFBD-4944-A79D-407CB3C24110}) (Version: 10.02.6301 - HRB Technology, LLC.)
H&R Block Basic + Efile 2012 (HKLM\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.02.7301 - HRB Technology, LLC.)
H&R Block Basic + Efile 2013 (HKLM\...\{FDF789BA-0A3F-45B1-AFC3-FB424AFEB3D0}) (Version: 13.02.6502 - HRB Technology, LLC.)
H&R Block Basic + Efile 2014 (HKLM\...\{EBE87539-2EE4-459C-BC74-F4F9D36A954B}) (Version: 14.02.7401 - HRB Technology, LLC.)
H&R Block Ohio 2011 (HKLM\...\{459D0CEE-BBAD-465D-A0BF-C7820085A050}) (Version: 1.11.4101 - HRB Technology, LLC.)
HP Photo & Imaging 3.1 (HKLM\...\HP Photo & Imaging) (Version: 3.1 - HP)
HP PSC & OfficeJet 3.0 (HKLM\...\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}) (Version: 3.0 - HP)
HP Software Update (HKLM\...\{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}) (Version: 1.0.18.20030625 - Hewlett-Packard)
HP Unload DLL Patch (HKLM\...\{595D0DE8-C38A-4432-B851-47DECC1A99BD}) (Version: 1.00.0000 - Hewlett-Packard)
hpmdtab (Version: 2.0.470.1598 - Hewlett-Packard) Hidden
HPSystemDiagnostics (Version: 1.5.0.0 - Your Company Name) Hidden
InstantShare (Version: 3.1.0.13 - Hewlett-Packard) Hidden
Intel® Extreme Graphics Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version:  - )
Logitech MouseWare 9.77  (HKLM\...\{5809E7CF-4DCF-11D4-9875-00105ACE7734}) (Version:  - )
Media Player Codec Pack 3.2.0 (HKLM\...\Media Player - Codec Pack) (Version:  - Media Player Codec Pack)
Memories Disc Creator 2.0 (HKLM\...\{2E132061-C78A-48D4-A899-1D13B9D189FA}) (Version: 2.0.470.1598 - Memories Disc Creator 2.0)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Money 2004 (HKLM\...\{1D643CD7-4DD6-11D7-A4E0-000874180BB3}) (Version: 12.0.50 - Microsoft)
Microsoft Money 2004 System Pack (HKLM\...\{8C64E145-54BA-11D6-91B1-00500462BE80}) (Version: 12.0.80 - Microsoft)
Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Photo Editor (HKLM\...\Microsoft Photo Editor_is1) (Version:  - Microsoft, Inc.)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
Nero Suite (HKLM\...\NeroMultiInstaller!UninstallKey) (Version:  - )
Overland (Version: 1.76.0 - Hewlett-Packard) Hidden
overland (Version: 2.1.5 - HP) Hidden
Pdf995 (installed by TaxCut) (HKLM\...\Pdf995) (Version:  - )
PdfEdit995 (installed by TaxCut) (HKLM\...\PdfEdit995) (Version:  - )
PhotoGallery (Version: 5.31.0.158 - Hewlett-Packard) Hidden
PrintScreen (Version: 5.31.0.147 - Hewlett-Packard) Hidden
QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
QuickProjects (Version: 5.31.0.147 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Readme (Version: 5.31.1.27 - Hewlett-Packard) Hidden
RealPlayer (HKLM\...\RealPlayer 6.0) (Version:  - RealNetworks)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Redistributed Files (Version: 2.0.46.0 - EarthLink, Inc.) Hidden
Scan (Version: 3.1.0.0 - Hewlett-Packard) Hidden
SkinsHP1 (Version: 5.31.0.147 - Hewlett-Packard) Hidden
SkinsHP2 (Version: 5.31.0.147 - Hewlett-Packard) Hidden
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.50 - Sonic Solutions)
Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 6.5.0 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}) (Version: 2.80 - Sonic Solutions)
Sound Blaster Live! (HKLM\...\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}) (Version:  - )
TaxCut Basic + Efile 2008 (HKLM\...\{D81FBA6E-5492-4C46-BAE3-3A9242C27210}) (Version: 08.03.7101 - H & R Block)
TaxCut Premium 2007 (HKLM\...\{4732D4A0-5A47-44D8-9B84-B3BD4906D30D}) (Version: 07.03.0000 - H & R Block)
TotalAccess Core Applications (Version: 2005.2.118.0 - EarthLink, Inc.) Hidden
TrayApp (Version: 5.31.0.147 - Hewlett-Packard) Hidden
Unload (Version: 3.1.0 - Hewlett-Packard) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 5.31.0.147 - Hewlett-Packard) Hidden
Webroot SecureAnywhere (HKLM\...\WRUNINST) (Version: 9.0.6.18 - Webroot)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2003-07-16 15:29 - 2011-08-09 06:38 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2008-03-29 10:42 - 2008-03-29 10:42 - 00159744 _____ () C:\WINDOWS\system32\mmfinfo.dll
2008-03-29 10:41 - 2008-03-29 10:41 - 00023552 _____ () C:\WINDOWS\system32\mkunicode.dll
2008-11-06 23:34 - 2006-12-03 14:53 - 00126464 _____ () C:\Program Files\WinRAR\rarext.dll
2009-04-04 20:40 - 2009-04-04 20:40 - 00051716 _____ () C:\WINDOWS\system32\pdf995mon.dll
2003-08-11 03:07 - 2003-08-11 03:07 - 00565248 _____ () C:\WINDOWS\System32\hpotscl.dll
2014-01-10 00:26 - 2014-01-10 00:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 00:28 - 2014-01-10 00:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2004-07-20 18:11 - 2004-07-20 18:11 - 00053248 _____ () C:\Program Files\EarthLink TotalAccess\zlib.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_87e80eba-8d8b-4821-8b6e-ed336cba6a6a => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-583907252-412668190-839522115-1003\...\ebay.com -> hxxp://my.ebay.com
IE trusted site: HKU\S-1-5-21-583907252-412668190-839522115-1003\...\ebaydesc.com -> hxxp://vi.vipr.ebaydesc.com
IE trusted site: HKU\S-1-5-21-583907252-412668190-839522115-1003\...\rubmw.ru -> hxxp://www.rubmw.ru
IE trusted site: HKU\S-1-5-21-583907252-412668190-839522115-1003\...\time.gov -> hxxp://www.time.gov
IE trusted site: HKU\S-1-5-21-583907252-412668190-839522115-1003\...\uploaded.net -> hxxp://uploaded.net
IE trusted site: HKU\S-1-5-21-583907252-412668190-839522115-1003\...\uploking.com -> hxxp://uploking.com
IE trusted site: HKU\S-1-5-21-583907252-412668190-839522115-1003\...\yahoo.com -> hxxp://us.mg1.mail.yahoo.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-583907252-412668190-839522115-1003\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.254
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
StandardProfile\AuthorizedApplications: [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe] => Enabled:TaskPanl
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKit
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Owner\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0004.tmp\lmi_rescue.exe] => Enabled:LogMeIn Rescue
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Owner\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0006.tmp\lmi_rescue.exe] => Enabled:LogMeIn Rescue
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/23/2015 09:53:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application adwcleaner.exe, version 5.0.2.2, faulting module adwcleaner.exe, version 5.0.2.2, fault address 0x00021540.
Processing media-specific event for [adwcleaner.exe!ws!]
 
Error: (11/23/2015 09:53:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application adwcleaner.exe, version 5.0.2.2, faulting module adwcleaner.exe, version 5.0.2.2, fault address 0x00021540.
Processing media-specific event for [adwcleaner.exe!ws!]
 
Error: (11/23/2015 08:08:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application FRST.exe, version 23.11.2015.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (11/23/2015 08:08:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application FRST.exe, version 23.11.2015.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (11/23/2015 05:47:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application HRBlock2014.exe, version 2014.2.0.7401, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (11/22/2015 02:43:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (11/22/2015 02:36:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (11/20/2015 06:27:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (11/20/2015 04:28:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (11/20/2015 04:28:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
 
System errors:
=============
Error: (11/24/2015 03:28:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Restore Service service terminated with the following error: 
%%2
 
Error: (11/24/2015 03:28:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Restore Filter Driver service failed to start due to the following error: 
%%3
 
Error: (11/24/2015 03:28:24 PM) (Source: SRService) (EventID: 104) (User: )
Description: The System Restore initialization process failed.
 
Error: (11/24/2015 03:28:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
sr
 
Error: (11/24/2015 02:49:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The System Restore Service service terminated with the following error: 
%%2
 
Error: (11/24/2015 02:49:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The System Restore Filter Driver service failed to start due to the following error: 
%%3
 
Error: (11/24/2015 02:49:14 PM) (Source: SRService) (EventID: 104) (User: )
Description: The System Restore initialization process failed.
 
Error: (11/24/2015 02:49:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
sr
 
Error: (11/24/2015 02:38:09 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort0
 
Error: (11/24/2015 02:04:01 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort0
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Pentium® 4 CPU 2.40GHz
Percentage of memory in use: 56%
Total physical RAM: 765.9 MB
Available physical RAM: 333.29 MB
Total Virtual: 1877 MB
Available Virtual: 1479.5 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:38.25 GB) (Free:12.12 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (Elements) (Fixed) (Total:465.73 GB) (Free:188.4 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 38.3 GB) (Disk ID: 9DC96E9E)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=38.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.7 GB) (Disk ID: 0004A183)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 

Attached Files


  • 0

Advertisements


#2
BillyJones8904

BillyJones8904

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

It's been about 6-7 days without a reply. Anyone out there?


  • 0

#3
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Hello BillyJones8904,

Welcome to Geekstogo.

Sorry about the delay.

There are signs of remote assistance showing in your logs. Before we start please tell me about that and if you wish to keep the program facilitating remote access to your machine.


  • 0

#4
BillyJones8904

BillyJones8904

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Hello BillyJones8904,

Welcome to Geekstogo.

Sorry about the delay.

There are signs of remote assistance showing in your logs. Before we start please tell me about that and if you wish to keep the program facilitating remote access to your machine.

I have received remote assistance and I know this was occurring.


Edited by BillyJones8904, 07 December 2015 - 10:51 AM.

  • 0

#5
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Okay I assume that means the assistance has finished and there won't be conflict with someone else helping at the same time.

 

Moving on

 

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
 

  • Double click on ComboFix.exe & follow the prompts.
  • If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

 

 

After that

 

Download CKScanner from here

Important : Save it to your desktop.

  • Doubleclick (Vista and above - right click and run as Administrator) CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

 

So when you return please post

  • ComboFix.txt
  • CKFiles.txt

  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP