Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer Errors with Thinkpad T60 running WXP sp3, 32 bit

Started by RAdeA , Jan 04 2016 02:30 PM

  • Please log in to reply

#1
RAdeA
Posted 04 January 2016 - 02:30 PM

RAdeA

    New Member

  • Member
  • Pip
  • 1 posts

Hi, I'm having errors with my old portable, an IBM Thinkpad T60. I have WXP sp3, 32bit.  I think the problems came after downloading something from the internet, but don't know where or what.  I use Firefox only. I have a SSD. A month or two ago this machine worked perfectly for my purposes (email, browsing the net, using MS Office, and editing/recording music using Acid Pro, a digital audio workstation).

 

I don't use Windows Explorer nor Chrome. I don't play games. I frequently download and edit/produce music (I am a musician by heart, but Economist by profession).

 

I religiously use (and update) CCleaner and Avira (free version). A few days ago I downloaded and installed Malwarebytes (now in the free trial period). Neither Avira or Malwarebytes detect anything wrong. In the last days I have seen many strange things. I downloaded and run Combofix, but it did not resolve anything. I even tried to restore the system to an earlier date, but I could not (as there were no restore points to select!). Lastly, today I got a message saying:

 

The system process 'C:\WINDOWS\system32\lsass.exe' terminated unexpectedly with status code -1073741795. The system will now shut down and restart.

 

Curiously, the system did not shut down, but I did it out of caution (or ignorance!). I indeed could restart the computer w/o any problem, but now I suspect the computer must have something.

 

Today I joined geekstogo, downloaded and run the FRST x 32bit tool. Here are the logs. Please let me know if you can spot what the problem(s) might be and how to resolve it.

Thanks very much for your time and effort.

 

================================== =========================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-12-2015
Ran by PCUser (administrator) on THINKPAD (04-01-2016 14:40:47)
Running from C:\Documents and Settings\PCUser\Desktop
Loaded Profiles: PCUser &  (Available Profiles: PCUser)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo) C:\WINDOWS\system32\ibmpmsvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Digidesign, A Division of Avid Technology, Inc.) C:\Program Files\Digidesign\Drivers\MMERefresh.exe
(Nero AG) C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1725736 2010-04-23] (Synaptics Incorporated)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [925696 2005-05-20] (Analog Devices, Inc.)
HKLM\...\Run: [DigidesignMMERefresh] => C:\Program Files\Digidesign\Drivers\MMERefresh.exe [61440 2005-10-26] (Digidesign, A Division of Avid Technology, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [536576 2014-12-29] (Greenshot)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-11-23] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [803200 2015-12-03] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2007-04-05] (ATI Technologies Inc.)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation)
HKU\S-1-5-21-796845957-1979792683-1417001333-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6602152 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-796845957-1979792683-1417001333-1003\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-796845957-1979792683-1417001333-1003\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-796845957-1979792683-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6602152 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-796845957-1979792683-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-796845957-1979792683-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Xvid] => C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-12-03] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-12-03] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 21 C:\Program Files\Avira\Antivirus\avsda.dll [507984 2015-12-03] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{84B69FE4-790F-4D1D-8550-E14D95D26F10}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-796845957-1979792683-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-796845957-1979792683-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-796845957-1979792683-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-796845957-1979792683-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-796845957-1979792683-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-796845957-1979792683-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-796845957-1979792683-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-796845957-1979792683-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-796845957-1979792683-1417001333-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-796845957-1979792683-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1320361535906
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\PCUser\Application Data\Mozilla\Firefox\Profiles\2oyw1crd.default
FF DefaultSearchEngine: DuckDuckGo
FF DefaultSearchEngine.US: DuckDuckGo
FF Homepage: hxxps://duckduckgo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Documents and Settings\PCUser\Application Data\Mozilla\Firefox\Profiles\2oyw1crd.default\Extensions\[email protected] [2015-12-30]
FF Extension: Bluhell Firewall - C:\Documents and Settings\PCUser\Application Data\Mozilla\Firefox\Profiles\2oyw1crd.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2015-08-31]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-04] [not signed]

Chrome:
=======
CHR Profile: C:\Documents and Settings\PCUser\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Documents and Settings\PCUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-17]
CHR Extension: (No Name) - C:\Documents and Settings\PCUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-17]
CHR Extension: (No Name) - C:\Documents and Settings\PCUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-17]
CHR Extension: (No Name) - C:\Documents and Settings\PCUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-17]
CHR Extension: (No Name) - C:\Documents and Settings\PCUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-17]
CHR Extension: (No Name) - C:\Documents and Settings\PCUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-17]
CHR Extension: (No Name) - C:\Documents and Settings\PCUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-08-17]
CHR Extension: (No Name) - C:\Documents and Settings\PCUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-17]
CHR Extension: (No Name) - C:\Documents and Settings\PCUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-17]
CHR Extension: (No Name) - C:\Documents and Settings\PCUser\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc.exe [930944 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [466408 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [466408 2015-12-03] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\AVWEBGRD.EXE [1222952 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [249624 2015-11-23] (Avira Operations GmbH & Co. KG)
R2 DigiRefresh; C:\Program Files\Digidesign\Drivers\MMERefresh.exe [61440 2005-10-26] (Digidesign, A Division of Avid Technology, Inc.) [File not signed]
S3 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R2 InCDsrv; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [1552680 2007-06-25] (Nero AG)
S3 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-12-06] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ADIHdAudAddService; C:\WINDOWS\System32\drivers\ADIHdAud.sys [176128 2006-01-31] (Analog Devices, Inc.) [File not signed]
R3 AEAudio; C:\WINDOWS\System32\drivers\AEAudio.sys [152960 2005-06-07] (Andrea Electronics Corporation) [File not signed]
R3 atmeltpm; C:\WINDOWS\System32\DRIVERS\atmeltpm.sys [15872 2005-05-17] (Atmel, Inc.) [File not signed]
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [106968 2015-12-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136272 2015-12-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2015-12-03] (Avira Operations GmbH & Co. KG)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 dalwdmservice; C:\WINDOWS\System32\drivers\dalwdm.sys [105472 2005-10-26] (Digidesign, A Division of Avid Technology, Inc.) [File not signed]
R3 HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [209664 2006-12-21] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [988800 2006-12-21] (Conexant Systems, Inc.)
R4 InCDfs; C:\WINDOWS\System32\drivers\InCDFs.sys [119080 2007-06-25] (Nero AG)
R1 InCDPass; C:\WINDOWS\System32\drivers\InCDPass.sys [36776 2007-06-25] (Nero AG)
U1 InCDrec; C:\WINDOWS\system32\Drivers\InCDrec.sys [16040 2007-06-25] (Nero AG)
R1 incdrm; C:\WINDOWS\System32\drivers\InCDRm.sys [38440 2007-06-25] (Nero AG)
S3 libusb0; C:\WINDOWS\System32\DRIVERS\libusb0.sys [35776 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2206976 2007-04-30] (Intel Corporation)
S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10320 2013-09-30] ()
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [31848 2015-12-03] (Avira Operations GmbH & Co. KG)
R0 TPkd; C:\WINDOWS\system32\Drivers\TPkd.sys [69920 2005-09-27] (PACE Anti-Piracy, Inc.) [File not signed]
S3 catchme; \??\C:\DOCUME~1\PCUser\LOCALS~1\Temp\catchme.sys [X]
S4 IntelIde; no ImagePath
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-04 14:40 - 2016-01-04 14:40 - 00017597 _____ C:\Documents and Settings\PCUser\Desktop\FRST.txt
2016-01-04 14:40 - 2016-01-04 14:40 - 00000000 ____D C:\FRST
2016-01-04 14:37 - 2016-01-04 14:37 - 01721856 _____ (Farbar) C:\Documents and Settings\PCUser\Desktop\FRST.exe
2016-01-04 11:09 - 2016-01-04 11:09 - 00000000 ____D C:\Documents and Settings\PCUser\Application Data\Avira
2016-01-04 10:28 - 2016-01-04 10:28 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Avira
2016-01-04 10:26 - 2015-12-03 15:25 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\ssmdrv.sys
2016-01-04 10:26 - 2015-12-03 15:24 - 00136272 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-01-04 10:26 - 2015-12-03 15:24 - 00106968 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2016-01-04 10:26 - 2015-12-03 15:24 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2016-01-02 10:49 - 2016-01-02 10:49 - 00000866 _____ C:\Documents and Settings\All Users\Desktop\Avira Launcher.lnk
2016-01-02 00:17 - 2016-01-04 10:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2016-01-01 22:56 - 2016-01-04 14:25 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-01 22:55 - 2016-01-01 22:55 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-01 22:55 - 2016-01-01 22:55 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-01-01 22:55 - 2016-01-01 22:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-01 22:55 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-01 22:55 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-01 22:45 - 2016-01-04 14:40 - 00000000 ____D C:\Documents and Settings\PCUser\Local Settings\temp
2016-01-01 22:45 - 2016-01-01 22:45 - 00009261 _____ C:\ComboFix.txt
2016-01-01 22:45 - 2016-01-01 22:45 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2016-01-01 22:45 - 2016-01-01 22:45 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2016-01-01 22:41 - 2016-01-01 22:45 - 00000000 ____D C:\ComboFix
2015-12-30 09:44 - 2015-12-30 09:44 - 00000000 ____D C:\Documents and Settings\PCUser\Local Settings\Application Data\PCHealth
2015-12-29 22:11 - 2015-12-29 22:11 - 00000000 _RSHD C:\cmdcons
2015-12-29 22:11 - 2014-12-31 18:16 - 00000211 _____ C:\Boot.bak
2015-12-29 22:11 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr
2015-12-29 22:10 - 2011-06-26 01:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-12-29 22:10 - 2010-11-07 12:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-12-29 22:10 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-12-29 22:10 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-12-29 22:10 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-12-29 22:10 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-12-29 22:10 - 2000-08-30 19:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-12-29 22:10 - 2000-08-30 19:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-12-29 22:10 - 2000-08-30 19:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-12-29 22:08 - 2016-01-01 22:45 - 00000000 ____D C:\Qoobox
2015-12-29 22:07 - 2015-12-29 22:19 - 00000000 ____D C:\WINDOWS\erdnt
2015-12-29 19:55 - 2015-12-29 19:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-12-28 14:37 - 2015-12-28 14:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\MyPhoneExplorer
2015-12-28 13:18 - 2015-12-28 13:18 - 00000000 ____D C:\Program Files\FFmpeg for Audacity
2015-12-28 10:02 - 2015-12-28 10:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-12-22 10:50 - 2015-12-22 10:50 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Mp3tag
2015-12-17 17:45 - 2015-12-28 14:37 - 00001745 _____ C:\Documents and Settings\All Users\Desktop\MyPhoneExplorer.lnk
2015-12-17 17:45 - 2015-12-28 14:37 - 00000000 ____D C:\Program Files\MyPhoneExplorer
2015-12-16 16:00 - 2015-12-16 16:00 - 00241615 _____ C:\Documents and Settings\PCUser\My Documents\BBB coupon.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-04 14:40 - 2011-11-03 09:26 - 00000000 ____D C:\WINDOWS
2016-01-04 14:00 - 2014-11-19 18:47 - 00000224 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-01-04 14:00 - 2008-04-14 07:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-01-04 13:11 - 2011-11-03 17:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-04 13:09 - 2015-01-29 13:08 - 01705682 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-796845957-1979792683-1417001333-1003-0.dat
2016-01-04 13:09 - 2015-01-29 13:08 - 00284634 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2016-01-04 13:09 - 2015-01-19 14:18 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt
2016-01-04 13:09 - 2014-12-14 14:32 - 00032526 _____ C:\WINDOWS\SchedLgU.Txt
2016-01-04 13:09 - 2011-11-03 17:59 - 00000278 ___SH C:\Documents and Settings\PCUser\ntuser.ini
2016-01-04 13:08 - 2011-11-03 17:59 - 00000000 ____D C:\Documents and Settings\PCUser
2016-01-04 10:28 - 2014-11-30 00:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
2016-01-04 10:26 - 2014-11-30 00:16 - 00000000 ____D C:\Program Files\Avira
2016-01-04 10:04 - 2012-12-06 21:30 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-04 00:31 - 2015-11-28 21:46 - 00000000 ____D C:\Documents and Settings\PCUser\Application Data\vlc
2016-01-03 22:30 - 2013-03-17 22:06 - 00000000 ____D C:\Documents and Settings\PCUser\Application Data\Audacity
2016-01-03 22:12 - 2014-11-23 13:15 - 00000000 ____D C:\Documents and Settings\PCUser\Application Data\Mp3tag
2016-01-03 21:50 - 2015-02-05 18:57 - 00000069 _____ C:\WINDOWS\NeroDigital.ini
2016-01-03 20:31 - 2014-12-31 18:36 - 00000000 ____D C:\Documents and Settings\PCUser\My Documents\Lyrics
2016-01-03 17:43 - 2011-11-03 17:57 - 00000000 __SHD C:\Documents and Settings\NetworkService
2016-01-02 12:55 - 2013-05-31 17:06 - 00000000 ____D C:\Documents and Settings\PCUser\My Documents\ACID Pro 7.0 Projects
2016-01-02 12:31 - 2011-11-03 17:59 - 00000000 ___RD C:\Documents and Settings\PCUser\My Documents
2016-01-02 12:13 - 2015-03-03 18:54 - 00000000 ____D C:\Documents and Settings\PCUser\Local Settings\Application Data\Greenshot
2016-01-02 10:54 - 2014-11-30 00:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2016-01-01 23:43 - 2015-10-13 08:48 - 00000000 ____D C:\Documents and Settings\PCUser\Application Data\MyPhoneExplorer
2016-01-01 23:06 - 2011-11-03 17:59 - 00000000 __SHD C:\Documents and Settings\LocalService
2016-01-01 22:44 - 2008-04-14 07:00 - 00000227 _____ C:\WINDOWS\system.ini
2016-01-01 21:38 - 2012-04-01 16:25 - 00072608 _____ C:\Documents and Settings\PCUser\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2016-01-01 21:36 - 2011-11-03 09:34 - 00272576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-01 19:19 - 2013-06-05 18:25 - 00000000 ____D C:\Program Files\CCleaner
2015-12-31 20:16 - 2011-11-03 17:59 - 00000000 ___RD C:\Documents and Settings\PCUser\My Documents\My Music
2015-12-30 00:18 - 2015-01-02 19:01 - 00000741 _____ C:\Documents and Settings\PCUser\Desktop\ThinkPad T60 - Software Inventory.txt
2015-12-29 22:11 - 2011-11-03 09:34 - 00000327 __RSH C:\boot.ini
2015-12-29 22:00 - 2013-10-20 09:49 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-12-29 22:00 - 2013-10-20 09:49 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-12-29 22:00 - 2013-10-20 09:48 - 00000000 ____D C:\Documents and Settings\PCUser\Local Settings\Application Data\Adobe
2015-12-29 18:49 - 2011-11-03 17:59 - 00000178 ___SH C:\Documents and Settings\LocalService\ntuser.ini
2015-12-29 18:49 - 2011-11-03 17:57 - 00000178 ___SH C:\Documents and Settings\NetworkService\ntuser.ini
2015-12-29 14:06 - 2014-12-25 17:50 - 00000000 ____D C:\Documents and Settings\PCUser\Local Settings\Application Data\CutePDF Writer
2015-12-28 13:23 - 2015-04-02 09:42 - 00000000 ____D C:\Program Files\Rainlendar2
2015-12-28 13:21 - 2015-01-02 21:42 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-12-28 13:16 - 2013-03-17 22:06 - 00000695 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Audacity.lnk
2015-12-28 13:16 - 2013-03-17 22:06 - 00000000 ____D C:\Program Files\Audacity
2015-12-22 15:32 - 2015-10-06 09:37 - 00000000 ____D C:\Documents and Settings\PCUser\Application Data\Skype
2015-12-22 10:50 - 2014-11-18 18:05 - 00000661 _____ C:\Documents and Settings\All Users\Desktop\Mp3tag.lnk
2015-12-22 10:50 - 2014-11-18 18:05 - 00000000 ____D C:\Program Files\Mp3tag
2015-12-22 10:30 - 2015-10-06 09:37 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2015-12-21 15:28 - 2015-04-07 11:32 - 00014357 _____ C:\Documents and Settings\PCUser\Desktop\Fondos.xlsx
2015-12-21 09:05 - 2013-06-05 18:25 - 00000689 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2015-12-10 09:07 - 2015-01-19 11:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-12-09 17:33 - 2014-12-14 14:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 17:26 - 2011-11-03 18:29 - 137798368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-08 17:46 - 2011-11-03 17:59 - 00000000 ___RD C:\Documents and Settings\PCUser\My Documents\My Pictures
2015-12-08 15:00 - 2014-11-19 18:47 - 00000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job

==================== Files in the root of some directories =======

2013-06-09 19:03 - 2015-11-29 14:06 - 0044032 _____ () C:\Documents and Settings\PCUser\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-13 11:03 - 2015-02-13 11:03 - 0000057 _____ () C:\Documents and Settings\All Users\Application Data\Ament.ini
2014-12-24 19:21 - 2014-12-25 12:30 - 0002908 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2015-08-17 13:20 - 2015-08-17 19:15 - 0003118 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Some files in TEMP:
====================
C:\Documents and Settings\PCUser\Local Settings\temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-12-2015
Ran by PCUser (2016-01-04 14:41:21)
Running from C:\Documents and Settings\PCUser\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2011-11-03 22:56:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-796845957-1979792683-1417001333-500 - Administrator - Enabled)
ASPNET (S-1-5-21-796845957-1979792683-1417001333-1004 - Limited - Enabled)
Guest (S-1-5-21-796845957-1979792683-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-796845957-1979792683-1417001333-1000 - Limited - Disabled)
PCUser (S-1-5-21-796845957-1979792683-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\PCUser
SUPPORT_388945a0 (S-1-5-21-796845957-1979792683-1417001333-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
ACID Pro 7.0 (HKLM\...\{F7FD5E5E-3F0C-4931-AA1B-EAB838BC02DB}) (Version: 7.0.713 - Sony)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Antares Microphone Modeler 1.31 DirectX (HKLM\...\Antares Microphone Modeler 1.31 DirectX) (Version:  - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.362-070405a-046310C-Lenovo - )
aTube Catcher version 3.8 (HKLM\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Audacity 2.1.0 (HKLM\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{d0e166af-1634-4c0b-ae96-2180e61f9d38}) (Version: 1.1.52.15531 - Avira Operations GmbH & Co. KG)
Avira Launcher (Version: 1.1.52.15531 - Avira Operations GmbH & Co. KG) Hidden
AxCrypt 1.7.3156.0 (HKLM\...\{DB066768-5A50-4C44-815B-4E8A6A39335E}) (Version: 1.7.3156.0 - Axantum Software AB)
BBE Sonic Maximizer Plugin (HKLM\...\BBE Sonic Maximizer Plugin) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
Digidesign Audio Drivers 7.0 (HKLM\...\{9F1D8E17-2AE6-4608-901D-42146D7D9C68}) (Version: 7.0 - Digidesign, A Division of Avid Technology, Inc.)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Elevated Installer (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Exact Audio Copy 1.0beta3 (HKLM\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
EZdrummer (HKLM\...\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}) (Version: 1.3.2 - Toontrack)
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
Garmin Express (HKLM\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Greenshot 1.2.4.10 (HKLM\...\Greenshot_is1) (Version: 1.2.4.10 - Greenshot)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{8EAB4100-B343-41AE-A880-418746998209}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® PRO Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
InterLok Driver Kit (HKLM\...\{1A24F9E8-009D-40FC-ABED-2AAFFAB0F4F0}) (Version: 5.3.0.2339 - PACE Anti-Piracy)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
LightScribe System Software  1.17.90.1 (HKLM\...\{CB16F6D9-EBC9-4BC6-B917-7AF53E99C067}) (Version: 1.17.90.1 - LightScribe)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version:  - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
Mp3tag v2.73 (HKLM\...\Mp3tag) (Version: v2.73 - Florian Heidenreich)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.7 - F.J. Wechselberger)
Nero 7 Essentials (HKLM\...\{8E72B982-D54F-486F-B35A-C24B6F171033}) (Version: 7.03.0581 - Nero AG)
PDF Split And Merge Basic (HKLM\...\{9A40D2F8-9458-458B-95E3-B57797C574E1}) (Version: 2.2.4 - Andrea Vacondio)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sibelius v1.4 - OxYGeN (HKLM\...\Sibelius v1.4 - OxYGeN) (Version:  - )
Skype™ 7.12 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
ThinkPad Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588) (Version: 7.62.00 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.43 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - )
Update 4.0.3 for Microsoft .NET Framework 4 Client Profile (KB2600211) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600211) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Waves Audio Processors 3.2 (HKLM\...\Waves Audio Processors 3.2) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
WMPCDText 1.4 (HKLM\...\{CE4CAD46-3F3F-4248-B0F2-6B0FAFBE40B1}_is1) (Version: 1.4 - BM-productions)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-12-25 17:48 - 2013-10-23 15:23 - 00089136 _____ () C:\WINDOWS\system32\cpwmon2k.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 07:00 - 2015-12-29 22:17 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-21-796845957-1979792683-1417001333-1003\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-796845957-1979792683-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: InCD => C:\Program Files\Nero\Nero 7\InCD\InCD.exe
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: SecurDisc => C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\WINDOWS\Network Diagnostic\xpnetdiag.exe] => Disabled:@xpsp3res.dll,-20000
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE] => Enabled:Microsoft OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe] => :LocalSubNet:Enabled:HP Officejet Pro 8600 FaxApplications
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet Pro 8600\Bin\DigitalWizards.exe] => :LocalSubNet:Enabled:HP Officejet Pro 8600 DigitalWizards
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet Pro 8600\Bin\SendAFax.exe] => :LocalSubNet:Enabled:HP Officejet Pro 8600 SendFaxAppExe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe] => :LocalSubNet:Enabled:HP Device Setup (HP Officejet Pro 8600)
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe] => :LocalSubNet:Enabled:HP Network Communicator (HP Officejet Pro 8600)
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe] => :LocalSubNet:Enabled:HP Network Communicator COM (HP Officejet Pro 8600)
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\MyPhoneExplorer\MyPhoneExplorer.exe] => Enabled:MyPhoneExplorer
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)

==================== Restore Points =========================

06-10-2015 14:23:37 System Checkpoint
07-10-2015 15:52:13 System Checkpoint
11-10-2015 19:05:37 System Checkpoint
14-10-2015 12:09:56 System Checkpoint
14-10-2015 15:55:59 Software Distribution Service 3.0
19-10-2015 12:17:12 System Checkpoint
23-10-2015 11:43:09 System Checkpoint
28-10-2015 12:04:32 System Checkpoint
02-11-2015 10:43:55 System Checkpoint
03-11-2015 10:44:04 System Checkpoint
04-11-2015 10:52:00 System Checkpoint
05-11-2015 13:34:26 Removed iTunes
10-11-2015 10:07:27 System Checkpoint
11-11-2015 16:48:13 Software Distribution Service 3.0
22-11-2015 18:49:10 Removed Apple Software Update
22-11-2015 18:49:25 Removed Apple Mobile Device Support
22-11-2015 18:50:07 Removed Apple Application Support (32-bit)
22-11-2015 18:51:11 Removed Epson Customer Participation
22-11-2015 18:51:31 Removed Epson Event Manager
24-11-2015 12:24:12 System Checkpoint
28-11-2015 20:07:16 Removed QuickTime 7
28-11-2015 20:08:27 Removed Bonjour
28-11-2015 20:14:44 Removed Software Updater
30-11-2015 11:30:52 System Checkpoint
02-12-2015 13:11:21 System Checkpoint
03-12-2015 13:48:12 System Checkpoint
07-12-2015 15:08:05 System Checkpoint
09-12-2015 17:26:10 Software Distribution Service 3.0
10-12-2015 09:06:48 Software Distribution Service 3.0
11-12-2015 13:00:51 System Checkpoint
14-12-2015 12:34:20 System Checkpoint
17-12-2015 13:12:05 System Checkpoint
25-12-2015 15:15:18 System Checkpoint
28-12-2015 11:30:29 System Checkpoint
01-01-2016 17:32:09 System Checkpoint
03-01-2016 17:43:12 System Checkpoint

==================== Faulty Device Manager Devices =============

Name: Intel® PRO/Wireless 3945ABG Network Connection
Description: Intel® PRO/Wireless 3945ABG Network Connection
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: NETw4x32
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/04/2016 12:59:56 PM) (Source: Userenv) (EventID: 1007) (User: NT AUTHORITY)
Description: Windows cannot determine the associated site for this computer. (The RPC server is unavailable. ). Group Policy processing aborted.

Error: (01/04/2016 12:59:21 PM) (Source: Winlogon) (EventID: 1015) (User: )
Description: A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code c000001d.  The machine
must now be restarted.

Error: (01/02/2016 12:37:05 AM) (Source: Avira File Signature Verification) (EventID: 0) (User: )
Description: WinVerifyTrust failed with error code 2148098064 (last error: -2146869232) for file C:\Documents and Settings\All Users\Application Data\Avira\My Avira\Temp\avira_antivirus_en-us.exe

Error: (01/02/2016 12:37:05 AM) (Source: Avira File Signature Verification) (EventID: 0) (User: )
Description: WinVerifyTrust failed with error code 2148098064 (last error: -2146869232) for file C:\Documents and Settings\All Users\Application Data\Avira\My Avira\Temp\avira_antivirus_en-us.exe

Error: (01/02/2016 12:33:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbamservice.exe, version 3.2.19.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00010913.
Processing media-specific event for [mbamservice.exe!ws!]

Error: (01/01/2016 11:07:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avira.oe.setup.bundle.exe, version 1.1.25.25607, faulting module wixstdba.dll, version 3.8.2210.0, fault address 0x00005652.
Processing media-specific event for [avira.oe.setup.bundle.exe!ws!]

Error: (01/01/2016 11:06:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avira.oe.setup.bundle.exe, version 1.1.25.25607, faulting module wintrust.dll, version 5.131.2600.6285, fault address 0x0000c643.
Processing media-specific event for [avira.oe.setup.bundle.exe!ws!]

Error: (01/01/2016 10:55:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avira_en_av_5681116299__ws.exe, version 1.1.25.25607, faulting module wixstdba.dll, version 3.8.2210.0, fault address 0x00005652.
Processing media-specific event for [avira_en_av_5681116299__ws.exe!ws!]

Error: (01/01/2016 10:54:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avira_en_av_5681116299__ws.exe, version 1.1.25.25607, faulting module wixstdba.dll, version 3.8.2210.0, fault address 0x00005652.
Processing media-specific event for [avira_en_av_5681116299__ws.exe!ws!]

Error: (01/01/2016 10:41:28 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Greenshot.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:


System errors:
=============
Error: (01/04/2016 09:43:03 AM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 10000050, parameter1 ffffff78, parameter2 00000000, parameter3 80551211, parameter4 00000000.

Error: (01/03/2016 07:28:01 PM) (Source: 0) (EventID: 55) (User: )
Description: D:

Error: (01/03/2016 05:10:18 PM) (Source: PlugPlayManager) (EventID: 12) (User: )
Description: The device 'Intel® PRO/1000 PL Network Connection' (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0) disappeared from the system without first being prepared for removal.

Error: (01/03/2016 05:09:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (01/02/2016 12:27:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Parallel port driver service failed to start due to the following error:
%%1058

Error: (01/02/2016 12:26:31 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\Sony\ACID Pro 7.0\sfapprw.dll.
Reference error message: The operation completed successfully.
.

Error: (01/02/2016 12:26:31 PM) (Source: SideBySide) (EventID: 58) (User: )
Description: Syntax error in manifest or policy file "Manifest Parse Error : A name was started with an invalid character.
1" on line Manifest Parse Error : A name was started with an invalid character.
2.

Error: (01/02/2016 12:24:04 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\Sony\ACID Pro 7.0\sfapprw.dll.
Reference error message: The operation completed successfully.
.

Error: (01/02/2016 12:24:04 PM) (Source: SideBySide) (EventID: 58) (User: )
Description: Syntax error in manifest or policy file "Manifest Parse Error : A name was started with an invalid character.
1" on line Manifest Parse Error : A name was started with an invalid character.
2.

Error: (01/02/2016 12:23:55 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\Sony\ACID Pro 7.0\sfapprw.dll.
Reference error message: The operation completed successfully.
.


==================== Memory info ===========================

Processor: Genuine Intel® CPU T2400 @ 1.83GHz
Percentage of memory in use: 28%
Total physical RAM: 3070.42 MB
Available physical RAM: 2198.99 MB
Total Virtual: 4960.81 MB
Available Virtual: 3948.48 MB

==================== Drives ================================

Drive c: ( System) (Fixed) (Total:101.59 GB) (Free:25.34 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (Data) (Fixed) (Total:375.34 GB) (Free:210.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 476.9 GB) (Disk ID: E2FD9787)
Partition 1: (Not Active) - (Size=375.3 GB) - (Type=OF Extended)
Partition 2: (Active) - (Size=101.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 


  • 0

Advertisements

#2
RKinner
Posted 04 January 2016 - 07:49 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
 
Download BlueScreenView
 
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.
 
Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
 
 
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
 
Start, Run, eventvwr.msc, OK to bring up the Event Viewer.  Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. 
 
Reboot. 
 
The disk check will run and will probably take an hour or more to finish.
 
 
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.
 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  
 
Close all browsers and open progrms before running Speccy.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.)  Save the file and close notepad  Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
 
 

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP