Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dell Inspiron 510 m Laptop running very poorly on Windows XP Pro


  • Please log in to reply

#1
dowsp

dowsp

    Member

  • Member
  • PipPipPip
  • 486 posts

Hi, I have a Dell Inspiron 510 M laptop that had a replaced 2nd hand hard drive about 3 years ago and it runs on Windows XP pro.

 

It is a system that  I have got well used to and don't really want to change. As I have tried some newer systems and had many issues with them in both a new learning curve and sometimes getting annoying things occur with them.

 

So I would like t try to continue running this old one if I can.

 

My problem at the moment is my computers running very poorly, and slow.when on the internet.

 

I am sometimes able to run it when using upto 10 to 20 webpages depending what Im running..such as videos or visiting  long loading website/s.. but other days it can hardly run at all..

 

sites like this are often difficult to browse as I often get the loading spiraling image on the webpage

that shows it is having a problem loading and opening the webpage..Im on Wifi.

But then its hard to scroll the webpage and easily click on to the next part of the 16 part pages within the website topic....Its a lot harder if I have several other pages open or if I have been online for sometime..

 

The longer I have been online the slower my computer runs..even when I later only have a few or even one wepages open.

 

 

http://www.lifed.com...ld-never-eat/16

 

sometimes playing youtube videos can also be slow and poor quality..

 

It sometimes locks up after a certain time. and scrolling certain webpages is very delayed or slow..

sometimes it seems I have to wait some many seconds or maybe a minute before I can scroll certain websites pages....and I sometimes have a problem selecting certain things like in my email lists where I try to select one email to open but the computer seems to jump somehow to the one above or below...after I scrolled to the initial email trying to select it....and it opens the one either side above or below it..

 

I have managed to run a few antivirus programs but so far only found a few viruses..that I cannot recall as that was a few weeks ago.

 

They were Avira and Malwarebytes..but sometimes they seemed to run very slow.

In the past sometimes I found it was spyware that was the problem and not a virus..

 

So I tried running Spybot....BUT again I have a problem running that...It will not run as it should for a general scan.. and I am only able to run it via selecting certain folders / files.

Ive so far ran it on the windows system 32 folder but it did not find anything and that took a very long time to run...It wont even run the full windows folder when I last tried ..and it seems to select much more files that a FULL normal std scan...

 

I had Eset smart security 7  on my system on a free trial sometime ago but it ran out.. and I tried to remove it and somehow its left part of it on my system that I am unable to remove and it at times seems to work in one way or another..that I think may still create a problem.. but when I had the free trial it did work very well and found things other programs did not.

 

For some reason I have a problem sometimes trying to open up yahoo.com

 

here are the two logs that I created ..as requested ..

 

I wonder if anyone maybe able to help me please..I would be most greatful.

 

Many thanks in advance.

 

Cheers Dowspx

 

=================================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Administrator (administrator) on NBS-30B3685D369 (15-03-2016 07:07:08)
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Documents and Settings\Administrator\My Documents\Downloads\FRST (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [251248 2010-06-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2015-04-28] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Dell Photo AIO Printer 922] => C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe [290816 2004-03-29] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5075104 2014-02-24] (ESET)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1566016 2015-04-28] (Samsung)
HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\MountPoints2: {61c0ecb0-ecd5-11e3-be99-0011434c66e7} - E:\WD_Windows_Tools\Setup.exe
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{85C9E6FD-83DA-45BA-A356-DC03E982137A}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1993962763-492894223-1957994488-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
HKU\S-1-5-21-1993962763-492894223-1957994488-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1993962763-492894223-1957994488-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\S-1-5-21-1993962763-492894223-1957994488-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bqynmpuk.default
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1993962763-492894223-1957994488-500: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-03-27] (Citrix Online)
FF Extension: Avira Browser Safety - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bqynmpuk.default\Extensions\[email protected] [2016-02-19]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-09-07] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG)
S3 dlbt_device; C:\WINDOWS\system32\dlbtcoms.exe [421888 2004-03-16] (Dell)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1343408 2014-02-24] (ESET)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.) [File not signed]
R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [184664 2013-09-17] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [174400 2013-09-17] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [38952 2013-09-17] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [61600 2013-09-17] (ESET)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
R3 STAC97; C:\WINDOWS\System32\drivers\stac97.sys [264440 2004-11-15] (SigmaTel, Inc.)
R3 w70n51; C:\WINDOWS\System32\DRIVERS\w70n51.sys [674560 2006-08-02] (Intel® Corporation)
S0 cerc6; no ImagePath
U1 WS2IFSL; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-15 06:38 - 2016-03-15 06:40 - 00010868 _____ C:\Documents and Settings\Administrator\My Documents\Cornwall.txt
2016-03-13 07:43 - 2016-03-13 07:43 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Help
2016-03-13 07:43 - 2016-03-13 07:43 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Help
2016-03-12 17:08 - 2016-03-13 14:17 - 00002413 _____ C:\Documents and Settings\Administrator\My Documents\Things to do March 11th 2016.txt
2016-03-12 03:43 - 2016-03-12 03:43 - 00000136 _____ C:\Documents and Settings\Administrator\My Documents\S dou.txt
2016-03-11 03:07 - 2016-03-11 03:08 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Facebook
2016-03-10 18:23 - 2016-03-10 18:59 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Chris C Refund attempt
2016-03-10 06:21 - 2016-03-10 06:32 - 00131536 _____ C:\WINDOWS\ntbtlog.txt
2016-03-10 05:15 - 2016-03-10 05:17 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Dont ask dont tell.bmp
2016-03-10 02:19 - 2016-03-10 02:19 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Populations
2016-03-09 06:08 - 2016-03-09 06:08 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Co Street 3.bmp
2016-03-09 06:07 - 2016-03-09 06:07 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\C Street 2.bmp
2016-03-09 06:06 - 2016-03-09 06:06 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\J.T.bmp
2016-03-09 06:03 - 2016-03-09 06:03 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\C Street.bmp
2016-03-06 21:08 - 2016-03-06 21:08 - 00001878 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2016-03-06 21:08 - 2016-03-06 21:08 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-03-06 21:08 - 2016-03-06 21:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2016-03-06 03:37 - 2016-03-06 03:40 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\G mobile
2016-03-06 03:35 - 2016-03-09 20:08 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Nik H
2016-03-06 02:43 - 2016-03-06 02:43 - 00663486 _____ C:\Documents and Settings\Administrator\Desktop\AttendeeViewerImage001.bmp
2016-03-05 21:19 - 2016-03-14 13:52 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2016-03-05 21:19 - 2016-03-09 03:03 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2016-03-05 21:19 - 2016-03-05 21:19 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2016-03-05 21:18 - 2016-03-05 21:18 - 00001842 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-03-05 21:18 - 2016-03-05 21:18 - 00001836 _____ C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2016-03-05 21:18 - 2016-03-05 21:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2016-03-05 21:18 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2016-03-03 22:52 - 2016-03-03 22:52 - 00000859 _____ C:\Documents and Settings\All Users\Desktop\Avira Launcher.lnk
2016-03-03 08:03 - 2016-03-03 08:04 - 00002759 _____ C:\Documents and Settings\Administrator\My Documents\Computer wipe Harddrive.txt
2016-03-03 07:09 - 2016-03-03 07:56 - 00000899 _____ C:\Documents and Settings\Administrator\My Documents\M U ms Mar to May 16.txt
2016-03-03 03:19 - 2016-03-14 13:54 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-03-03 00:06 - 2016-03-03 00:06 - 00000097 _____ C:\Documents and Settings\Administrator\My Documents\George K.txt
2016-03-03 00:01 - 2016-03-03 00:01 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\George K.bmp
2016-03-01 09:50 - 2016-03-01 09:50 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\dl moon sun.bmp
2016-02-29 01:45 - 2016-02-29 01:45 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Holly w.bmp
2016-02-26 12:54 - 2016-02-26 12:54 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\C A.bmp
2016-02-25 21:42 - 2016-02-25 21:42 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\VIRUS SPYBOT detection Feb 23rd 16 at 2100 hrs.bmp
2016-02-25 19:21 - 2016-02-25 19:21 - 00065536 _____ C:\WINDOWS\system32\config\Spybot -.evt
2016-02-25 19:14 - 2016-02-25 19:14 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\List of AV programs.bmp
2016-02-21 17:08 - 2016-02-21 17:08 - 00000108 _____ C:\Documents and Settings\Administrator\My Documents\groseries.txt
2016-02-17 23:26 - 2016-02-17 23:28 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\OW.bmp
2016-02-17 01:01 - 2016-02-18 02:45 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\James M
2016-02-16 11:51 - 2016-02-16 11:51 - 00006236 _____ C:\Documents and Settings\Administrator\My Documents\wl app.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-15 07:11 - 2013-11-27 15:24 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-03-15 07:07 - 2015-05-13 00:47 - 00000000 ____D C:\FRST
2016-03-15 07:03 - 2014-02-11 02:08 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Skype
2016-03-15 06:47 - 2014-03-27 19:01 - 00000530 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1993962763-492894223-1957994488-500.job
2016-03-15 06:38 - 2013-11-27 15:24 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents
2016-03-15 06:20 - 2013-12-01 02:51 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-15 06:19 - 2014-04-14 14:16 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-15 06:17 - 2015-06-01 13:15 - 00000626 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1993962763-492894223-1957994488-500.job
2016-03-15 04:17 - 2013-11-27 15:23 - 00032360 _____ C:\WINDOWS\SchedLgU.Txt
2016-03-14 20:20 - 2013-12-01 02:51 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-14 16:53 - 2015-03-11 23:26 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Home
2016-03-14 13:47 - 2013-12-15 03:43 - 00000260 _____ C:\WINDOWS\Tasks\WGASetup.job
2016-03-14 13:47 - 2013-11-27 15:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-14 11:51 - 2014-02-10 23:11 - 00081478 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2016-03-14 11:49 - 2013-11-27 15:24 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-03-14 11:37 - 2015-10-27 16:44 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\B Ideas
2016-03-13 15:13 - 2014-02-23 00:51 - 00463344 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1993962763-492894223-1957994488-500-0.dat
2016-03-13 13:51 - 2014-03-14 22:42 - 00000396 _____ C:\WINDOWS\dellstat.ini
2016-03-13 07:56 - 2015-07-02 19:27 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Talk  T
2016-03-10 23:45 - 2015-10-08 00:03 - 00000754 _____ C:\WINDOWS\WORDPAD.INI
2016-03-10 18:20 - 2015-08-20 23:19 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\N yahoo account
2016-03-10 17:52 - 2016-01-29 20:54 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Chris C
2016-03-10 01:03 - 2013-11-27 15:24 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Pictures
2016-03-09 18:34 - 2015-06-22 18:07 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Laptop Computer
2016-03-07 15:07 - 2015-03-07 14:31 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\PRC
2016-03-06 21:10 - 2014-02-11 02:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2016-03-06 21:08 - 2016-02-05 00:17 - 00000000 ___RD C:\Program Files\Skype
2016-03-06 21:08 - 2014-02-11 02:09 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Skype
2016-03-06 08:38 - 2015-02-17 07:29 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\M
2016-03-05 21:19 - 2015-05-07 22:53 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-03-05 21:17 - 2015-05-07 22:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2016-03-05 20:04 - 2015-05-12 20:25 - 00000079 _____ C:\WINDOWS\wininit.ini
2016-03-04 00:12 - 2015-05-05 23:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2016-03-03 22:51 - 2016-01-02 18:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2016-03-02 05:14 - 2015-03-12 00:59 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\IM
2016-02-29 20:25 - 2014-08-30 00:52 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Alex S
2016-02-28 16:22 - 2008-04-14 07:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-02-27 04:14 - 2016-02-02 22:37 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Health
2016-02-20 22:04 - 2013-12-01 02:57 - 00001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-02-20 22:04 - 2013-12-01 02:57 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2016-02-20 15:52 - 2013-11-27 14:24 - 00000000 ___HD C:\WINDOWS\inf
2016-02-18 22:15 - 2016-02-11 03:10 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\M
2016-02-15 21:43 - 2015-07-12 01:17 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Greece
2016-02-14 04:38 - 2015-07-02 23:57 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Mc case
 
==================== Files in the root of some directories =======
 
2013-11-30 14:22 - 2013-11-30 14:29 - 50053120 _____ () C:\Program Files\GUT2.tmp
2015-05-11 23:14 - 2015-05-11 23:14 - 0000036 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
 
Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
 
============================================================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Administrator (2016-03-15 07:12:49)
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2013-11-27 15:15:17)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1993962763-492894223-1957994488-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1993962763-492894223-1957994488-1003 - Limited - Enabled)
Guest (S-1-5-21-1993962763-492894223-1957994488-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1993962763-492894223-1957994488-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1993962763-492894223-1957994488-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
FW: ESET Personal firewall (Disabled) {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.6.2020.204 - Alps Electric)
Avira Launcher (HKLM\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG)
Avira Launcher (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Hidden
Citrix Online Launcher (HKLM\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 42xx - SigmaTel)
Conexant D480 MDC V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1) (Version:  - )
Dell Photo AIO Printer 922 (HKLM\...\Dell Photo AIO Printer 922) (Version:  - )
DriverIdentifier 4.2.7 (HKLM\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version:  - DriverIdentifier)
Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
GoToMeeting 7.13.1.4628 (HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\GoToMeeting) (Version: 7.13.1.4628 - CitrixOnline)
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-GB) (HKLM\...\Mozilla Firefox 44.0.2 (x86 en-GB)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\MyFreeCodec) (Version:  - )
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_5 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.2.14014_5 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.18 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1993962763-492894223-1957994488-500_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\4431\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1993962763-492894223-1957994488-500.job => C:\Program Files\Citrix\GoToMeeting\4628\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1993962763-492894223-1957994488-500.job => C:\Program Files\Citrix\GoToMeeting\4628\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-03-05 21:17 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-03-05 21:17 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-14 22:20 - 2004-03-29 12:45 - 00075264 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\DLBTPP5C.dll
2014-03-14 22:20 - 2004-03-29 15:12 - 00290816 _____ () C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
2016-03-05 21:17 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-14 22:20 - 2004-03-29 15:27 - 00102400 _____ () C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
2014-03-14 22:20 - 2004-03-29 15:10 - 00065536 _____ () C:\Program Files\Dell Photo AIO Printer 922\JetScan.dll
2014-03-14 22:20 - 2004-03-29 15:10 - 00036864 _____ () C:\Program Files\Dell Photo AIO Printer 922\JetPrint.dll
2014-03-14 22:20 - 2004-03-29 15:08 - 00036864 _____ () C:\Program Files\Dell Photo AIO Printer 922\JetFunc.dll
2014-03-14 22:20 - 2004-03-29 15:09 - 00065536 _____ () C:\Program Files\Dell Photo AIO Printer 922\JetImage.dll
2014-03-14 22:20 - 2004-03-29 15:08 - 00028672 _____ () C:\Program Files\Dell Photo AIO Printer 922\JetPDF.dll
2014-03-14 22:20 - 2004-03-10 11:36 - 00061440 _____ () C:\Program Files\Dell Photo AIO Printer 922\ConvDIB.dll
2015-07-17 22:32 - 2015-07-17 22:32 - 01988608 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.UI\ea030633dd0cda4b417a9191daf24966\Kies.UI.ni.dll
2015-07-17 22:32 - 2015-07-17 22:32 - 00079360 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\59a8677946abc4fd92c5ba89ffa6f607\Kies.MVVM.ni.dll
2015-07-17 22:33 - 2015-07-17 22:33 - 00189952 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\4c347761ba84bf513a8dab5cb6667918\Kies.Common.DeviceServiceLib.Interface.ni.dll
2015-07-17 22:34 - 2015-07-17 22:34 - 00367616 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePhoto\14c99f58db95790a4b621bab9107bf92\DevicePhoto.ni.dll
2015-07-17 22:34 - 2015-07-17 22:34 - 00301568 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceVideo\85622fb6058687dc988529641d38f492\DeviceVideo.ni.dll
2015-07-17 22:34 - 2015-07-17 22:34 - 00616448 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePodcast\f8c87c0877583f92dd3e11fa715a24ec\DevicePodcast.ni.dll
2015-07-17 22:34 - 2015-07-17 22:34 - 00307200 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\8fc4080ab14a7d720fd6275377e8bdd4\DummyStorePlugin.ni.dll
2015-07-17 22:34 - 2015-07-17 22:34 - 14994944 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Theme\3fcfc443473e8df0db555daecb413da0\Kies.Theme.ni.dll
2015-07-17 22:33 - 2015-07-17 22:33 - 00582656 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\692883350eb9754983ee3656681d2e0c\Kies.Common.DeviceServiceLib.FileService.ni.dll
2015-07-17 22:33 - 2015-07-17 22:33 - 00046592 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\b3eeb98610269c4916f9d1cc30d1fda5\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
2015-07-17 22:33 - 2015-07-17 22:33 - 01005056 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\a979ff7b8d7683d9b881b9accd03cb2e\DeviceCommonLib.ni.dll
2014-02-14 15:34 - 2014-02-14 15:34 - 00232960 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\27af83e8dc27ee77fd22031801f3c5f1\ASF_cSharpAPI.ni.dll
2008-04-14 07:00 - 2008-04-14 07:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 07:00 - 2008-04-14 07:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-04-12 10:36 - 2014-02-10 12:44 - 04592128 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-12 10:36 - 2014-02-10 12:44 - 00112128 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2008-04-14 07:00 - 2008-04-14 07:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1993962763-492894223-1957994488-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.1
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
 
==================== Restore Points =========================
 
12-11-2015 16:12:54 System Checkpoint
15-11-2015 21:36:55 System Checkpoint
16-11-2015 22:53:49 System Checkpoint
20-11-2015 04:12:20 System Checkpoint
21-11-2015 05:17:11 System Checkpoint
22-11-2015 05:26:41 System Checkpoint
24-11-2015 04:07:29 System Checkpoint
25-11-2015 04:22:14 System Checkpoint
26-11-2015 04:26:12 System Checkpoint
27-11-2015 21:13:51 System Checkpoint
28-11-2015 22:27:34 System Checkpoint
30-11-2015 02:24:35 System Checkpoint
01-12-2015 02:46:29 System Checkpoint
02-12-2015 05:18:43 System Checkpoint
03-12-2015 21:53:17 System Checkpoint
05-12-2015 04:38:28 System Checkpoint
07-12-2015 14:40:36 System Checkpoint
08-12-2015 20:58:08 System Checkpoint
09-12-2015 22:19:35 System Checkpoint
14-12-2015 09:23:04 System Checkpoint
20-12-2015 03:43:41 System Checkpoint
21-12-2015 13:45:18 System Checkpoint
26-12-2015 22:40:34 System Checkpoint
28-12-2015 02:45:32 System Checkpoint
01-01-2016 07:21:43 System Checkpoint
03-01-2016 04:08:13 System Checkpoint
11-01-2016 21:12:44 System Checkpoint
13-01-2016 05:28:06 System Checkpoint
15-01-2016 05:53:57 System Checkpoint
21-01-2016 14:14:55 System Checkpoint
27-01-2016 17:49:40 System Checkpoint
04-02-2016 20:25:21 Removed Skype™ 7.18
04-02-2016 22:51:10 Installed Windows Internet Explorer 8.
05-02-2016 00:17:25 Installed Skype™ 6.14
08-02-2016 07:26:00 System Checkpoint
10-02-2016 06:42:04 System Checkpoint
19-02-2016 08:01:33 System Checkpoint
23-02-2016 00:25:17 System Checkpoint
03-03-2016 07:34:42 System Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® 82852/82855 GM/GME Graphics Controller
Description: Intel® 82852/82855 GM/GME Graphics Controller
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: ialm
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
Name: Intel® 82852/82855 GM/GME Graphics Controller
Description: Intel® 82852/82855 GM/GME Graphics Controller
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: ialm
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/12/2016 03:49:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mspaint.exe, version 5.1.2600.5918, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/11/2016 07:17:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mspaint.exe, version 5.1.2600.5918, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/06/2016 02:15:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mspaint.exe, version 5.1.2600.5918, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/05/2016 09:28:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SDFiles.exe, version 2.4.40.135, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (02/26/2016 04:16:24 AM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 346866276.
 
Error: (02/26/2016 04:16:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SDFiles.exe, version 2.4.40.135, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (02/15/2016 06:04:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application chrome.exe, version 48.0.2564.109, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (02/10/2016 03:47:56 AM) (Source: ESENT) (EventID: 455) (User: )
Description: wuaueng.dll (3404) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
 
Error: (02/10/2016 03:47:56 AM) (Source: ESENT) (EventID: 489) (User: )
Description: wuauclt (3404) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (02/04/2016 10:36:06 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
 
System errors:
=============
Error: (03/14/2016 01:49:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error: 
%%1053
 
Error: (03/14/2016 01:49:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
 
Error: (03/14/2016 01:49:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (03/14/2016 01:49:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (03/14/2016 11:51:09 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 
Error: (03/14/2016 11:41:19 AM) (Source: DCOM) (EventID: 10010) (User: NBS-30B3685D369)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 
Error: (03/13/2016 10:12:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HTTP SSL service failed to start due to the following error: 
%%1053
 
Error: (03/13/2016 10:12:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
 
Error: (03/13/2016 10:09:55 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The ESET Service service hung on starting.
 
Error: (03/13/2016 10:08:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error: 
%%1053
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Pentium® M processor 1.50GHz
Percentage of memory in use: 40%
Total physical RAM: 2046.21 MB
Available physical RAM: 1207.91 MB
Total Virtual: 3896.75 MB
Available Virtual: 3043.22 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.53 GB) (Free:14.57 GB) NTFS ==>[drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 94E494E4)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by dowsp, 14 March 2016 - 12:18 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP
 
Have you defragged the hard drive recently?  XP does not do it automatically and after a few years it really needs it.
 
 
 
 

What make and model is this?

 

 

 

Uninstall:

 

Spybot - Search & Destroy

 

It's not going to help.

 

 

 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post. (More Reply Options, Choose File, Open, Attach This File.)
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As,(to your desktop) Save.  (Note the file name) Open the file on your desktop and copy and paste the text to a reply.
 
Run a new FRST scan with Addition.txt checked after uninstalling Spybot and post both logs.
 
 
 
 

  • 0

#3
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 486 posts

Thank you for your prompt reply R.K...

 

I will follow what you say..

 

Do you think it best to defrag 1st before running the AV programs etc ?

 

This is the details of my laptop and software.

 

Dell Inspiron 510 M laptop that had a replaced 2nd hand hard drive about 3 years ago and it runs on Windows XP pro. service pack 3  version 2002.

 

I just uploaded Speccy...But I am not clear what I am supposed to do with it..

 

I was thinking it was an antivirus program ?  but it seems its something that gives a lot of info about the computer.

 

I was unsure what I am to do if I am to operate it.. I cannot see the  (the little icon in the bottom left will stop moving)

 

but I can now see there is something under file view options above and was able to select the save text file option and I have found and removed the serial number under operating system..and I post it as a notepad attachment.


Edited by dowsp, 15 March 2016 - 06:06 AM.

  • 0

#4
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 486 posts

Here is a copy of the text file.

 

I thought that I had sent it as an attachment, but when I posted its not shown on the main thread we are on..

 

unless it has gone direct to you so no one else can download it..


Edited by dowsp, 15 March 2016 - 06:13 AM.

  • 0

#5
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 486 posts

Here is the Live Sysinter txt file..

 

Hope that I have done this correct..

 

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 56.44 0 K 16 K 0
Avira.ServiceHost.exe 17.82 123,604 K 19,584 K 240 Avira Service Host Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
lsass.exe 8.91 3,960 K 4,352 K 1324 LSA Shell (Export Version) Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 3.96 17,300 K 21,944 K 1616 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 3.96 2,936 K 3,184 K 1476 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
services.exe 1.98 1,740 K 2,972 K 1312 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Component Publisher
Interrupts 1.98 0 K 0 K n/a Hardware Interrupts and DPCs
wmiprvse.exe 0.99 5,212 K 9,532 K 5220 WMI Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
winlogon.exe 0.99 7,808 K 4,508 K 1268 Windows NT Logon Application Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
procexp.exe 0.99 15,296 K 22,996 K 3412 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
explorer.exe 0.99 14,744 K 19,236 K 1972 Windows Explorer Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
chrome.exe 0.99 53,280 K 62,880 K 4192 Google Chrome Google Inc. (Verified) Google Inc
wscntfy.exe 520 K 1,392 K 2784 Windows Security Center Notification App Microsoft Corporation (Verified) Microsoft Windows Component Publisher
wmiprvse.exe 1,736 K 4,796 K 5252 WMI Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
System 0 K 212 K 4
svchost.exe 2,384 K 2,864 K 1948 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1,796 K 2,920 K 1580 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 2,292 K 1,892 K 1656 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1,768 K 2,676 K 1808 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 6,232 K 6,280 K 1988 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1,208 K 2,524 K 916 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,420 K 1,860 K 2140 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
spoolsv.exe 3,148 K 3,744 K 488 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows Component Publisher
Speccy.exe 17,472 K 4,440 K 172 Speccy Piriform Ltd (Verified) Piriform Ltd
smss.exe 168 K 276 K 1116 Windows NT Session Manager Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
Skype.exe 89,676 K 88,528 K 1500 Skype Skype Technologies S.A. (Verified) Skype Software Sarl
KiesTrayAgent.exe 4,032 K 5,984 K 1128 Kies TrayAgent Application Samsung Electronics Co., Ltd. (Verified) Samsung Electronics CO.
Kies.exe 36,984 K 24,596 K 1236 Kies Samsung (Verified) Samsung Electronics CO.
GoogleCrashHandler.exe 1,788 K 480 K 684 Google Crash Handler Google Inc. (Verified) Google Inc
ekrn.exe 22,900 K 13,940 K 972 ESET Service ESET (Verified) ESET
egui.exe 6,212 K 7,708 K 1168 ESET Main GUI ESET (Verified) ESET
dlbtbmon.exe 3,348 K 2,772 K 1200 Dell Dell 922 Button Monitor (No signature was present in the subject) 
dlbtbmgr.exe 604 K 1,468 K 1148 Dell Dell 922 Button Manager (No signature was present in the subject) 
ctfmon.exe 816 K 1,972 K 1216 CTF Loader Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
csrss.exe 1,584 K 2,904 K 1240 Client Server Runtime Process Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
chrome.exe 90,732 K 43,440 K 4688 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 1,764 K 3,244 K 4472 Google Chrome Google Inc. (Verified) Google Inc
alg.exe 1,048 K 1,784 K 2052 Application Layer Gateway Service Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

  • 0

#6
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 486 posts

Here is the next FRST and Additional scan txt results..

 

----------------------------------------------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Administrator (administrator) on NBS-30B3685D369 (16-03-2016 13:25:06)
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Google Inc.) C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
() C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Piriform Ltd) C:\Program Files\Speccy\Speccy.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Sysinternals - www.sysinternals.com) C:\Documents and Settings\Administrator\My Documents\Downloads\procexp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Documents and Settings\Administrator\My Documents\Downloads\FRST (2).exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [251248 2010-06-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2015-04-28] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Dell Photo AIO Printer 922] => C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe [290816 2004-03-29] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5075104 2014-02-24] (ESET)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1566016 2015-04-28] (Samsung)
HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\MountPoints2: {61c0ecb0-ecd5-11e3-be99-0011434c66e7} - E:\WD_Windows_Tools\Setup.exe
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{85C9E6FD-83DA-45BA-A356-DC03E982137A}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1993962763-492894223-1957994488-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
HKU\S-1-5-21-1993962763-492894223-1957994488-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1993962763-492894223-1957994488-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\S-1-5-21-1993962763-492894223-1957994488-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bqynmpuk.default
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1993962763-492894223-1957994488-500: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-03-27] (Citrix Online)
FF Extension: Avira Browser Safety - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bqynmpuk.default\Extensions\[email protected] [2016-02-19]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-09-07] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG)
S3 dlbt_device; C:\WINDOWS\system32\dlbtcoms.exe [421888 2004-03-16] (Dell)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1343408 2014-02-24] (ESET)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.) [File not signed]
R3 cpuz138; C:\Documents and Settings\Administrator\Local Settings\Temp\cpuz138\cpuz138_x32.sys [27832 2016-03-16] (CPUID)
R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [184664 2013-09-17] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [174400 2013-09-17] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [38952 2013-09-17] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [61600 2013-09-17] (ESET)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
R3 STAC97; C:\WINDOWS\System32\drivers\stac97.sys [264440 2004-11-15] (SigmaTel, Inc.)
R3 w70n51; C:\WINDOWS\System32\DRIVERS\w70n51.sys [674560 2006-08-02] (Intel® Corporation)
S0 cerc6; no ImagePath
U1 WS2IFSL; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-16 13:10 - 2016-03-16 13:10 - 00004630 _____ C:\Documents and Settings\Administrator\Desktop\System Idle Process.txt
2016-03-16 12:30 - 2016-03-16 12:47 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Snapshot s
2016-03-16 12:30 - 2016-03-16 12:30 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\spe
2016-03-16 12:30 - 2016-03-16 12:30 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\pe
2016-03-16 12:20 - 2016-03-16 12:20 - 00000654 _____ C:\Documents and Settings\All Users\Desktop\Speccy.lnk
2016-03-16 12:20 - 2016-03-16 12:20 - 00000000 ____D C:\Program Files\Speccy
2016-03-16 12:20 - 2016-03-16 12:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
2016-03-15 14:20 - 2016-03-15 20:07 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\T
2016-03-15 07:17 - 2016-03-16 13:00 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Geeks2go
2016-03-15 06:38 - 2016-03-15 06:40 - 00010868 _____ C:\Documents and Settings\Administrator\My Documents\Co.txt
2016-03-13 07:43 - 2016-03-13 07:43 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Help
2016-03-13 07:43 - 2016-03-13 07:43 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Help
2016-03-12 17:08 - 2016-03-13 14:17 - 00002413 _____ C:\Documents and Settings\Administrator\My Documents\Thi.txt
2016-03-12 03:43 - 2016-03-12 03:43 - 00000136 _____ C:\Documents and Settings\Administrator\My Documents\Sh.txt
2016-03-11 03:07 - 2016-03-11 03:08 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\F
2016-03-10 18:23 - 2016-03-15 20:11 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Ch
2016-03-10 06:21 - 2016-03-10 06:32 - 00131536 _____ C:\WINDOWS\ntbtlog.txt
2016-03-10 05:15 - 2016-03-10 05:17 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Do
2016-03-10 02:19 - 2016-03-10 02:19 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Populations
2016-03-09 06:08 - 2016-03-09 06:08 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Cos.bmp
2016-03-09 06:07 - 2016-03-09 06:07 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Coss 2.bmp
2016-03-09 06:06 - 2016-03-09 06:06 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\J.T.bmp
2016-03-09 06:03 - 2016-03-09 06:03 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Cost.bmp
2016-03-06 21:08 - 2016-03-06 21:08 - 00001878 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2016-03-06 21:08 - 2016-03-06 21:08 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-03-06 21:08 - 2016-03-06 21:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2016-03-06 03:37 - 2016-03-06 03:40 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Go 
2016-03-06 03:35 - 2016-03-09 20:08 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Nh
2016-03-06 02:43 - 2016-03-06 02:43 - 00663486 _____ C:\Documents and Settings\Administrator\Desktop\AttendeeViewerImage001.bmp
2016-03-03 22:52 - 2016-03-03 22:52 - 00000859 _____ C:\Documents and Settings\All Users\Desktop\Avira Launcher.lnk
2016-03-03 08:03 - 2016-03-03 08:04 - 00002759 _____ C:\Documents and Settings\Administrator\My Documents\Computer wipe Harddrive.txt
2016-03-03 07:09 - 2016-03-03 07:56 - 00000899 _____ C:\Documents and Settings\Administrator\My Documents\Man .txt
2016-03-03 03:19 - 2016-03-16 03:50 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-03-03 00:06 - 2016-03-03 00:06 - 00000097 _____ C:\Documents and Settings\Administrator\My Documents\Geo.txt
2016-03-03 00:01 - 2016-03-03 00:01 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Geok.bmp
2016-03-01 09:50 - 2016-03-01 09:50 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\dm.bmp
2016-02-29 01:45 - 2016-02-29 01:45 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Hw.bmp
2016-02-26 12:54 - 2016-02-26 12:54 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Ca.bmp
2016-02-25 21:42 - 2016-02-25 21:42 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\VIRUS SPYBOT detection Feb 23rd 16 at 2100 hrs.bmp
2016-02-25 19:21 - 2016-02-25 19:21 - 00065536 _____ C:\WINDOWS\system32\config\Spybot -.evt
2016-02-25 19:14 - 2016-02-25 19:14 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\List of AV programs.bmp
2016-02-21 17:08 - 2016-02-21 17:08 - 00000108 _____ C:\Documents and Settings\Administrator\My Documents\groseries.txt
2016-02-17 23:26 - 2016-02-17 23:28 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Owsg.bmp
2016-02-17 01:01 - 2016-02-18 02:45 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Jm
2016-02-16 11:51 - 2016-02-16 11:51 - 00006236 _____ C:\Documents and Settings\Administrator\My Doclw.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-16 13:26 - 2013-11-27 15:24 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-03-16 13:25 - 2015-05-13 00:47 - 00000000 ____D C:\FRST
2016-03-16 13:20 - 2013-12-01 02:51 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-16 13:19 - 2014-04-14 14:16 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-16 13:12 - 2014-02-11 02:08 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Skype
2016-03-16 12:47 - 2014-03-27 19:01 - 00000530 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1993962763-492894223-1957994488-500.job
2016-03-16 12:30 - 2013-11-27 15:24 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents
2016-03-16 12:20 - 2013-11-27 15:23 - 00032418 _____ C:\WINDOWS\SchedLgU.Txt
2016-03-16 12:17 - 2015-06-01 13:15 - 00000626 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1993962763-492894223-1957994488-500.job
2016-03-16 07:50 - 2015-03-07 14:31 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\PRC
2016-03-16 03:48 - 2015-05-07 22:53 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-03-16 03:48 - 2013-12-15 03:43 - 00000260 _____ C:\WINDOWS\Tasks\WGASetup.job
2016-03-16 03:48 - 2013-12-01 02:51 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-16 03:48 - 2013-11-27 15:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-16 03:45 - 2014-02-23 00:51 - 00463344 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1993962763-492894223-1957994488-500-0.dat
2016-03-16 03:45 - 2014-02-10 23:11 - 00081478 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2016-03-16 03:43 - 2013-11-27 15:24 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-03-16 03:42 - 2015-05-12 20:25 - 00000079 _____ C:\WINDOWS\wininit.ini
2016-03-16 03:41 - 2013-12-01 02:57 - 00001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-03-16 03:41 - 2013-12-01 02:57 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2016-03-15 07:36 - 2016-02-02 22:37 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Health
2016-03-14 16:53 - 2015-03-11 23:26 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Home
2016-03-14 11:37 - 2015-10-27 16:44 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\BI
2016-03-13 13:51 - 2014-03-14 22:42 - 00000396 _____ C:\WINDOWS\dellstat.ini
2016-03-13 07:56 - 2015-07-02 19:27 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Ta
2016-03-10 23:45 - 2015-10-08 00:03 - 00000754 _____ C:\WINDOWS\WORDPAD.INI
2016-03-10 18:20 - 2015-08-20 23:19 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Nl
2016-03-10 17:52 - 2016-01-29 20:54 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Cc
2016-03-10 01:03 - 2013-11-27 15:24 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Pictures
2016-03-09 18:34 - 2015-06-22 18:07 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Laptop Computer
2016-03-06 21:10 - 2014-02-11 02:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2016-03-06 21:08 - 2016-02-05 00:17 - 00000000 ___RD C:\Program Files\Skype
2016-03-06 21:08 - 2014-02-11 02:09 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Skype
2016-03-06 08:38 - 2015-02-17 07:29 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Mum
2016-03-05 21:17 - 2015-05-07 22:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2016-03-04 00:12 - 2015-05-05 23:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2016-03-03 22:51 - 2016-01-02 18:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2016-03-02 05:14 - 2015-03-12 00:59 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\IM
2016-02-29 20:25 - 2014-08-30 00:52 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\As
2016-02-28 16:22 - 2008-04-14 07:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-02-20 15:52 - 2013-11-27 14:24 - 00000000 ___HD C:\WINDOWS\inf
2016-02-18 22:15 - 2016-02-11 03:10 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Mb
2016-02-15 21:43 - 2015-07-12 01:17 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Grce
 
==================== Files in the root of some directories =======
 
2013-11-30 14:22 - 2013-11-30 14:29 - 50053120 _____ () C:\Program Files\GUT2.tmp
2015-05-11 23:14 - 2015-05-11 23:14 - 0000036 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
 
Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
 
 
 
================================================================================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Administrator (2016-03-16 13:26:40)
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2013-11-27 15:15:17)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1993962763-492894223-1957994488-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1993962763-492894223-1957994488-1003 - Limited - Enabled)
Guest (S-1-5-21-1993962763-492894223-1957994488-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1993962763-492894223-1957994488-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1993962763-492894223-1957994488-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
FW: ESET Personal firewall (Disabled) {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.6.2020.204 - Alps Electric)
Avira Launcher (HKLM\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG)
Avira Launcher (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Hidden
Citrix Online Launcher (HKLM\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 42xx - SigmaTel)
Conexant D480 MDC V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1) (Version:  - )
Dell Photo AIO Printer 922 (HKLM\...\Dell Photo AIO Printer 922) (Version:  - )
DriverIdentifier 4.2.7 (HKLM\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version:  - DriverIdentifier)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
GoToMeeting 7.13.1.4628 (HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\GoToMeeting) (Version: 7.13.1.4628 - CitrixOnline)
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-GB) (HKLM\...\Mozilla Firefox 44.0.2 (x86 en-GB)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\MyFreeCodec) (Version:  - )
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_5 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.2.14014_5 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.18 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1993962763-492894223-1957994488-500_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\4431\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1993962763-492894223-1957994488-500.job => C:\Program Files\Citrix\GoToMeeting\4628\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1993962763-492894223-1957994488-500.job => C:\Program Files\Citrix\GoToMeeting\4628\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-03-14 22:20 - 2004-03-29 12:45 - 00075264 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\DLBTPP5C.dll
2014-03-14 22:20 - 2004-03-29 15:12 - 00290816 _____ () C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
2014-03-14 22:20 - 2004-03-29 15:27 - 00102400 _____ () C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
2014-03-14 22:20 - 2004-03-29 15:10 - 00065536 _____ () C:\Program Files\Dell Photo AIO Printer 922\JetScan.dll
2014-03-14 22:20 - 2004-03-29 15:10 - 00036864 _____ () C:\Program Files\Dell Photo AIO Printer 922\JetPrint.dll
2014-03-14 22:20 - 2004-03-29 15:08 - 00036864 _____ () C:\Program Files\Dell Photo AIO Printer 922\JetFunc.dll
2014-03-14 22:20 - 2004-03-29 15:09 - 00065536 _____ () C:\Program Files\Dell Photo AIO Printer 922\JetImage.dll
2014-03-14 22:20 - 2004-03-29 15:08 - 00028672 _____ () C:\Program Files\Dell Photo AIO Printer 922\JetPDF.dll
2014-03-14 22:20 - 2004-03-10 11:36 - 00061440 _____ () C:\Program Files\Dell Photo AIO Printer 922\ConvDIB.dll
2015-07-17 22:32 - 2015-07-17 22:32 - 01988608 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.UI\ea030633dd0cda4b417a9191daf24966\Kies.UI.ni.dll
2015-07-17 22:32 - 2015-07-17 22:32 - 00079360 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\59a8677946abc4fd92c5ba89ffa6f607\Kies.MVVM.ni.dll
2015-07-17 22:33 - 2015-07-17 22:33 - 00189952 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\4c347761ba84bf513a8dab5cb6667918\Kies.Common.DeviceServiceLib.Interface.ni.dll
2015-07-17 22:34 - 2015-07-17 22:34 - 00367616 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePhoto\14c99f58db95790a4b621bab9107bf92\DevicePhoto.ni.dll
2015-07-17 22:34 - 2015-07-17 22:34 - 00301568 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceVideo\85622fb6058687dc988529641d38f492\DeviceVideo.ni.dll
2015-07-17 22:34 - 2015-07-17 22:34 - 00616448 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePodcast\f8c87c0877583f92dd3e11fa715a24ec\DevicePodcast.ni.dll
2015-07-17 22:34 - 2015-07-17 22:34 - 00307200 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\8fc4080ab14a7d720fd6275377e8bdd4\DummyStorePlugin.ni.dll
2015-07-17 22:34 - 2015-07-17 22:34 - 14994944 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Theme\3fcfc443473e8df0db555daecb413da0\Kies.Theme.ni.dll
2015-07-17 22:33 - 2015-07-17 22:33 - 00582656 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\692883350eb9754983ee3656681d2e0c\Kies.Common.DeviceServiceLib.FileService.ni.dll
2015-07-17 22:33 - 2015-07-17 22:33 - 00046592 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\b3eeb98610269c4916f9d1cc30d1fda5\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
2015-07-17 22:33 - 2015-07-17 22:33 - 01005056 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\a979ff7b8d7683d9b881b9accd03cb2e\DeviceCommonLib.ni.dll
2014-02-14 15:34 - 2014-02-14 15:34 - 00232960 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\27af83e8dc27ee77fd22031801f3c5f1\ASF_cSharpAPI.ni.dll
2008-04-14 07:00 - 2008-04-14 07:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 07:00 - 2008-04-14 07:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-03-14 22:20 - 2004-03-29 12:45 - 00059392 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTUI5C.DLL
2014-03-14 22:20 - 2004-03-29 12:47 - 00287232 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTSTRN.DLL
2014-03-14 22:20 - 2004-03-25 18:59 - 00561152 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTPRP.DLL
2014-03-14 22:20 - 2004-03-25 18:53 - 00401408 _____ () C:\WINDOWS\system32\DLBTutil.dll
2014-03-14 22:20 - 2004-03-25 19:06 - 02080768 _____ () C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlbtprpr.dll
2016-03-11 02:54 - 2016-03-08 12:16 - 17541312 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\21.0.0.182\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2008-04-14 07:00 - 2008-04-14 07:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1993962763-492894223-1957994488-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.1
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
 
==================== Restore Points =========================
 
12-11-2015 16:12:54 System Checkpoint
15-11-2015 21:36:55 System Checkpoint
16-11-2015 22:53:49 System Checkpoint
20-11-2015 04:12:20 System Checkpoint
21-11-2015 05:17:11 System Checkpoint
22-11-2015 05:26:41 System Checkpoint
24-11-2015 04:07:29 System Checkpoint
25-11-2015 04:22:14 System Checkpoint
26-11-2015 04:26:12 System Checkpoint
27-11-2015 21:13:51 System Checkpoint
28-11-2015 22:27:34 System Checkpoint
30-11-2015 02:24:35 System Checkpoint
01-12-2015 02:46:29 System Checkpoint
02-12-2015 05:18:43 System Checkpoint
03-12-2015 21:53:17 System Checkpoint
05-12-2015 04:38:28 System Checkpoint
07-12-2015 14:40:36 System Checkpoint
08-12-2015 20:58:08 System Checkpoint
09-12-2015 22:19:35 System Checkpoint
14-12-2015 09:23:04 System Checkpoint
20-12-2015 03:43:41 System Checkpoint
21-12-2015 13:45:18 System Checkpoint
26-12-2015 22:40:34 System Checkpoint
28-12-2015 02:45:32 System Checkpoint
01-01-2016 07:21:43 System Checkpoint
03-01-2016 04:08:13 System Checkpoint
11-01-2016 21:12:44 System Checkpoint
13-01-2016 05:28:06 System Checkpoint
15-01-2016 05:53:57 System Checkpoint
21-01-2016 14:14:55 System Checkpoint
27-01-2016 17:49:40 System Checkpoint
04-02-2016 20:25:21 Removed Skype™ 7.18
04-02-2016 22:51:10 Installed Windows Internet Explorer 8.
05-02-2016 00:17:25 Installed Skype™ 6.14
08-02-2016 07:26:00 System Checkpoint
10-02-2016 06:42:04 System Checkpoint
19-02-2016 08:01:33 System Checkpoint
23-02-2016 00:25:17 System Checkpoint
03-03-2016 07:34:42 System Checkpoint
16-03-2016 01:12:34 System Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® 82852/82855 GM/GME Graphics Controller
Description: Intel® 82852/82855 GM/GME Graphics Controller
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: ialm
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
Name: Intel® 82852/82855 GM/GME Graphics Controller
Description: Intel® 82852/82855 GM/GME Graphics Controller
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: ialm
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/15/2016 07:42:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application egui.exe, version 7.0.317.0, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x0001b1fa.
Processing media-specific event for [egui.exe!ws!]
 
Error: (03/12/2016 03:49:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mspaint.exe, version 5.1.2600.5918, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/11/2016 07:17:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mspaint.exe, version 5.1.2600.5918, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/06/2016 02:15:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mspaint.exe, version 5.1.2600.5918, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/05/2016 09:28:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SDFiles.exe, version 2.4.40.135, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (02/26/2016 04:16:24 AM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 346866276.
 
Error: (02/26/2016 04:16:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SDFiles.exe, version 2.4.40.135, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (02/15/2016 06:04:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application chrome.exe, version 48.0.2564.109, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (02/10/2016 03:47:56 AM) (Source: ESENT) (EventID: 455) (User: )
Description: wuaueng.dll (3404) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
 
Error: (02/10/2016 03:47:56 AM) (Source: ESENT) (EventID: 489) (User: )
Description: wuauclt (3404) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
 
System errors:
=============
Error: (03/16/2016 03:50:38 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The ESET Service service hung on starting.
 
Error: (03/16/2016 03:45:49 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 
Error: (03/15/2016 12:04:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error: 
%%1053
 
Error: (03/15/2016 12:04:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
 
Error: (03/15/2016 07:45:05 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 
Error: (03/15/2016 07:42:16 AM) (Source: DCOM) (EventID: 10010) (User: NBS-30B3685D369)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 
Error: (03/14/2016 01:49:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error: 
%%1053
 
Error: (03/14/2016 01:49:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
 
Error: (03/14/2016 01:49:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (03/14/2016 01:49:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Pentium® M processor 1.50GHz
Percentage of memory in use: 37%
Total physical RAM: 2046.21 MB
Available physical RAM: 1285.81 MB
Total Virtual: 3896.75 MB
Available Virtual: 3055.08 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.53 GB) (Free:14.27 GB) NTFS ==>[drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 94E494E4)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#7
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 486 posts

 

 
Have you defragged the hard drive recently?  XP does not do it automatically and after a few years it really needs it.
 
 
 
 

What make and model is this?

 

 

 

Uninstall:

 

Spybot - Search & Destroy

 

It's not going to help.

 

 

 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post. (More Reply Options, Choose File, Open, Attach This File.)
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As,(to your desktop) Save.  (Note the file name) Open the file on your desktop and copy and paste the text to a reply.
 
Run a new FRST scan with Addition.txt checked after uninstalling Spybot and post both logs.
 
 
 
 

 

 

 

Its a few days since there was any reply, I  wonder if  anyone could advise on the logs that I posted.  I am not sure if the process that I have gone thru actually included any virus , malware or spyware scans or if I Stilll need to do one with some other recommended program ?


Edited by dowsp, 21 March 2016 - 03:49 PM.

  • 0

#8
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 486 posts

I just want to add some further comments.

 

Unfortunately I have not as yet had any further reply.

 

but I just have had my computer crash 3 times ..and it seemes to be when I was trying to access yahoo email.

 

I have been able to access online on 3 prior  occasions , but when it came to opening yahoo... thats when it  crashed.

 

I am now back onine a 4th time and tried just opening other webpages and so far I have been ok ...

 

So whether its something wrong with yahoo or I have a major problem..I am not sure..

 

If I have a virus or malware spyware, I wonder what AV program that I should try..


  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP

Sorry for the delay but I didn't get a notification.

 

You need to uninstall

 

Avira Launcher (You have ESET and don't need or want a second antivirus)  Your Process Explorer log shows Avira is eating up CPU time
Spybot - Search & Destroy (Worthless - just slows you down)

 

Still waiting on the speccy log.  To Attach a file is a multi-step process. 

 

1.  Click More Reply Options Then- scroll down to the active window

2.  Click Browse

3.  Point it at your file then Click Open

4. Click  Attach This File

 

Once you post the log, uninstall Speccy.(and Avira and Spybot)

 

Then make a new Process Explorer log and post it as before.

 

 

 


  • 0

#10
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 486 posts

I am trying again to attach the specy  log file...

 

I dont know why it did not attach last time I tried ..(I was not sure if it may had gone direct to you rather than on the forum)

 

With regards to Avira....I had deleted the main file and didnt realise that the set up launcher  would cause me such a problem.

 

With Eset...I had a free trial with it some time ago and thought later I had deleted it... BUT it seems It is still on my system and wont remove... yet its not showing in my add / remove programs in control panel.

 

As far as I know with eset... when I had the free trial it did find things other AV programs did not find..

 

but after the free trial ended.. I THINK that I was able to attempt to remove it in add and remove programs in control panel..

if, I did... as I say, ... it still shows on my system..and there is an icon for it on my lower left bar..where the clock is..

 

it some how seems stuburn and wont remove and there is NO uninstall if I place my mouse on the icon..

 

HAVING SAID ALL THAT..I add this as an edit....I have found ESET when I go into Start- Programs..It is shown in programs..and there is an uninstall option....When I click on the uninstall..I get this messgae..

 

Windows Installer...This action is only valid for Products that are currently installed..

 

So it suggest its not installed , yet it is shown in programs and as an icon on my lower left.

 

There are other options in programs for Eset..one being system rescue...I wonder if it maybe possible to restore then try to uninstall again..

 

Another thing that I find with some AV programs is they seem to fill my screen but  the page is too big and I am unable to access certain options....and I am not able to reduce the page magnification size..

 

 

 

I think I did delete spybot..

 

Do I need to rerun specy... The copy I am sending now is the one I saved from last time I ran  it and thought that i had posed it.

 

I have never seen a prorgam show such a large amount of info.

 

 

I will recheck again  in my add and remove programs to check what I have  or can delete..

 

Can I ask is there a program that I can run that deletes more temp files...I say this as I used one prorgma once in the past and it deleted temp files that I did not know I had and that did not delete in the normal delete temp files process.

 

I will post the other log hopefully shortly..if not in the next 30 mins ...by Tomorrow.

Attached Files


Edited by dowsp, 26 March 2016 - 05:05 PM.

  • 0

Advertisements


#11
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 486 posts

Process Explorer log

 

------------------------------------------------------------

 

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 84.00 0 K 16 K 0
Interrupts 5.00 0 K 0 K n/a Hardware Interrupts and DPCs
svchost.exe 3.00 18,412 K 29,120 K 1624 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
services.exe 3.00 1,804 K 4,664 K 1312 Services and Controller app Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
chrome.exe 2.00 78,460 K 94,200 K 2228 Google Chrome Google Inc. (Verified) Google Inc
wmiprvse.exe 1.00 4,976 K 9,312 K 2112 WMI Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1.00 1,824 K 4,232 K 1588 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
Speccy.exe 1.00 17,228 K 4,392 K 3752 Speccy Piriform Ltd (Verified) Piriform Ltd
wscntfy.exe 520 K 2,256 K 2628 Windows Security Center Notification App Microsoft Corporation (Verified) Microsoft Windows Component Publisher
WPFFontCache_v0400.exe 864 K 3,116 K 2824 wpffontcache_v0400.exe Microsoft Corporation (Verified) Microsoft Corporation
wmiprvse.exe 1,924 K 5,536 K 3724 WMI Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
winlogon.exe 7,388 K 4,952 K 1268 Windows NT Logon Application Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
System 0 K 212 K 4
svchost.exe 2,888 K 4,672 K 1480 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 2,292 K 3,208 K 1664 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1,364 K 3,580 K 1808 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 6,432 K 9,108 K 108 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1,204 K 3,612 K 1168 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 2,296 K 4,076 K 528 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,420 K 3,236 K 3816 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
spoolsv.exe 3,144 K 5,304 K 500 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows Component Publisher
smss.exe 164 K 372 K 1116 Windows NT Session Manager Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
Skype.exe 90,264 K 100,156 K 912 Skype Skype Technologies S.A. (Verified) Skype Software Sarl
procexp.exe 13,880 K 6,968 K 712 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
lsass.exe 3,796 K 1,112 K 1332 LSA Shell (Export Version) Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
KiesTrayAgent.exe 4,012 K 9,948 K 740 Kies TrayAgent Application Samsung Electronics Co., Ltd. (Verified) Samsung Electronics CO.
Kies.exe 36,996 K 37,912 K 828 Kies Samsung (Verified) Samsung Electronics CO.
GoogleCrashHandler.exe 1,788 K 524 K 1336 Google Crash Handler Google Inc. (Verified) Google Inc
explorer.exe 15,208 K 24,640 K 2036 Windows Explorer Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
ekrn.exe 22,048 K 20,900 K 116 ESET Service ESET (Verified) ESET
egui.exe 5,940 K 3,920 K 764 ESET Main GUI ESET (Verified) ESET
dlbtbmon.exe 3,348 K 4,676 K 876 Dell Dell 922 Button Monitor (No signature was present in the subject) 
dlbtbmgr.exe 604 K 2,388 K 748 Dell Dell 922 Button Manager (No signature was present in the subject) 
ctfmon.exe 812 K 3,140 K 820 CTF Loader Microsoft Corporation (Verified) Microsoft Windows Component Publisher
csrss.exe 1,532 K 5,388 K 1240 Client Server Runtime Process Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
chrome.exe 114,172 K 52,608 K 2448 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 1,768 K 3,240 K 2440 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 78,840 K 83,428 K 1164 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 16,632 K 13,880 K 2588 Google Chrome Google Inc. (Verified) Google Inc
alg.exe 1,068 K 3,392 K 3756 Application Layer Gateway Service Microsoft Corporation (Verified) Microsoft Windows Component Publisher

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP
 
Start, Run, eventvwr.msc, OK to bring up the Event Viewer.  Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. 
 
 
 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   7.91KB   64 downloads
 
Run FRST and press Fix
A fix log will be generated please post that 
 
You need a new driver for your graphics/video:
 
Name: Intel® 82852/82855 GM/GME Graphics Controller
Description: Intel® 82852/82855 GM/GME Graphics Controller
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: ialm
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
Name: Intel® 82852/82855 GM/GME Graphics Controller
Description: Intel® 82852/82855 GM/GME Graphics Controller
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: ialm
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 

 

 

I expect this line from Process Explorer is so high because of the bad driver:
 
Interrupts 5.00 0 K 0 K n/a Hardware Interrupts and DPCs

 

 

Normally it should be under 1.5.

 

I would look on Dell's site and see if they have a driver for it.  If not you can get one from Intel:

 

https://downloadcent...Windows-XP-exe-

 

Run a new FRST scan with Addition.txt checked and post both logs.

 

Run a new process explorer log after you update the driver.

 

 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  The second time you run VEW it will overwrite the first log so copy it to a Reply or rename it first.
 

 

 


  • 0

#13
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 486 posts

On trying to clear ALL events 

Event Viewer asks do I want to save system before clearing it ?  Not sure about if I save or not..when I opt "Not" nothing seemed to happen..but file was only 512 KB , now showing 64 KB...Application also showing 512 KB...I assume this also will ask if I want to save..

 

 

 

Start, Run, eventvwr.msc, OK to bring up the Event Viewer.  Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. 

 

I did do TWO Frst scans and I have two frst downloads...in my downloads folder  FRST (1).exe     FRST (2).exe

 

When downloading Fixlist to same location as FRST..BOTH initially are downloads and go into Download folder...BUT I had saved Past  FRST txt log into a created folder that I called Geeks2go within "My Documents" and I have then created another folder within that called ("F1) because I wanted to separate them from other save files in that folder..so that if I have to select them together in one folder ..they will be together..BUT as I say these are just the Txt Files..(.FRST.Txt and Fixlist.Txt).

 

So do you mean that I should save my fixlist.txt file just into my downloads folder or into the same documents or directory folder where I saved the Frst Txt Files ?   ie My Documents\Geeks2go\F1

 

 

When I try to run the download FRST again and click fix...I get a message "No Fixlist Text Found...There is a seach option..I tried to search for my Folder / Files...I tried this and got a msg saying " Frst txt is saved in same directory.it created a search txt file.So I try and then click fix in Frst as you indicated ..but it does nothing..or will not run..as I get no Fixlist txt file found and msg saying must be within same directory.

 

Do I need to save Frst Download into my  (Geeks2go within "My Documents")

 

otherwise I am unsure what to do..

 

 

Download the attached fixlist.txt to the same location as FRST

 

Run FRST and press Fix
A fix log will be generated please post that 

Edited by dowsp, 27 March 2016 - 08:21 AM.

  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,016 posts
  • MVP

We don't want to save the old events.

 

Download the attached fixlist.txt to the same location as FRST.exe.  

Once you run FRST, Fix once it will delete the fixlist.txt file


  • 0

#15
dowsp

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 486 posts

We don't want to save the old events.

 

Download the attached fixlist.txt to the same location as FRST.exe.  

Once you run FRST, Fix once it will delete the fixlist.txt file

 

 

I am just adding this message in...I tried to download Frst again and then click fix..and it seems to have started the process now....I was thinking that I could use my previous download, but maybe I needed to download again to get it to work....I hope to post the log if it works..

 

=================================

 

The files are saved in my CHROME download Folder.

 

When I downloaded FRST.EXE and fixlist.txt... they Both went into the chrome download Folder..

 

but when I try to run FRST.EXE  and click fix... I am still getting this message..

 

No Fixlist.txt found

 

see my attachment

 

Do I need to save them in another folder that is different to my chrome download

Attached Thumbnails

  • Frst and fixlist files.GIF

Edited by dowsp, 27 March 2016 - 09:24 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP