Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Dell Inspiron 510 m Laptop running very poorly on Windows XP Pro

Started by dowsp , Mar 14 2016 11:34 AM

Please log in to reply

#1
dowsp

Posted 14 March 2016 - 11:34 AM

Member

Member
542 posts

Hi, I have a Dell Inspiron 510 M laptop that had a replaced 2nd hand hard drive about 3 years ago and it runs on Windows XP pro.

It is a system that I have got well used to and don't really want to change. As I have tried some newer systems and had many issues with them in both a new learning curve and sometimes getting annoying things occur with them.

So I would like t try to continue running this old one if I can.

My problem at the moment is my computers running very poorly, and slow.when on the internet.

I am sometimes able to run it when using upto 10 to 20 webpages depending what Im running..such as videos or visiting long loading website/s.. but other days it can hardly run at all..

sites like this are often difficult to browse as I often get the loading spiraling image on the webpage

that shows it is having a problem loading and opening the webpage..Im on Wifi.

But then its hard to scroll the webpage and easily click on to the next part of the 16 part pages within the website topic....Its a lot harder if I have several other pages open or if I have been online for sometime..

The longer I have been online the slower my computer runs..even when I later only have a few or even one wepages open.

http://www.lifed.com...ld-never-eat/16

sometimes playing youtube videos can also be slow and poor quality..

It sometimes locks up after a certain time. and scrolling certain webpages is very delayed or slow..

sometimes it seems I have to wait some many seconds or maybe a minute before I can scroll certain websites pages....and I sometimes have a problem selecting certain things like in my email lists where I try to select one email to open but the computer seems to jump somehow to the one above or below...after I scrolled to the initial email trying to select it....and it opens the one either side above or below it..

I have managed to run a few antivirus programs but so far only found a few viruses..that I cannot recall as that was a few weeks ago.

They were Avira and Malwarebytes..but sometimes they seemed to run very slow.

In the past sometimes I found it was spyware that was the problem and not a virus..

So I tried running Spybot....BUT again I have a problem running that...It will not run as it should for a general scan.. and I am only able to run it via selecting certain folders / files.

Ive so far ran it on the windows system 32 folder but it did not find anything and that took a very long time to run...It wont even run the full windows folder when I last tried ..and it seems to select much more files that a FULL normal std scan...

I had Eset smart security 7 on my system on a free trial sometime ago but it ran out.. and I tried to remove it and somehow its left part of it on my system that I am unable to remove and it at times seems to work in one way or another..that I think may still create a problem.. but when I had the free trial it did work very well and found things other programs did not.

For some reason I have a problem sometimes trying to open up yahoo.com

here are the two logs that I created ..as requested ..

I wonder if anyone maybe able to help me please..I would be most greatful.

Many thanks in advance.

Cheers Dowspx

=================================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01

Ran by Administrator (administrator) on NBS-30B3685D369 (15-03-2016 07:07:08)

Running from C:\Documents and Settings\Administrator\My Documents\Downloads

Loaded Profiles: Administrator (Available Profiles: Administrator)

Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)

Internet Explorer Version 8 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

() C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe

(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe

() C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe

(Samsung) C:\Program Files\Samsung\Kies\Kies.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe

(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe

(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Farbar) C:\Documents and Settings\Administrator\My Documents\Downloads\FRST (1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [251248 2010-06-09] (Alps Electric Co., Ltd.)

HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)

HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2015-04-28] (Samsung Electronics Co., Ltd.)

HKLM\...\Run: [Dell Photo AIO Printer 922] => C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe [290816 2004-03-29] ()

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5075104 2014-02-24] (ESET)

HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k

HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)

Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]

HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1566016 2015-04-28] (Samsung)

HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup

HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)

HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)

HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\MountPoints2: {61c0ecb0-ecd5-11e3-be99-0011434c66e7} - E:\WD_Windows_Tools\Setup.exe

BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{85C9E6FD-83DA-45BA-A356-DC03E982137A}: [DhcpNameServer] 192.168.1.1

Internet Explorer:

==================

HKU\S-1-5-21-1993962763-492894223-1957994488-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/

HKU\S-1-5-21-1993962763-492894223-1957994488-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKU\S-1-5-21-1993962763-492894223-1957994488-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search

SearchScopes: HKU\S-1-5-21-1993962763-492894223-1957994488-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:

========

FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bqynmpuk.default

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1993962763-492894223-1957994488-500: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-03-27] (Citrix Online)

FF Extension: Avira Browser Safety - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bqynmpuk.default\Extensions\[email protected] [2016-02-19]

FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-09-07] [not signed]

Chrome:

=======

CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]

CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]

CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]

CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]

CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]

CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]

CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG)

S3 dlbt_device; C:\WINDOWS\system32\dlbtcoms.exe [421888 2004-03-16] (Dell)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1343408 2014-02-24] (ESET)

S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.) [File not signed]

R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [184664 2013-09-17] (ESET)

R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)

R2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [174400 2013-09-17] (ESET)

R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [38952 2013-09-17] (ESET)

R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [61600 2013-09-17] (ESET)

R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)

R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)

R3 STAC97; C:\WINDOWS\System32\drivers\stac97.sys [264440 2004-11-15] (SigmaTel, Inc.)

R3 w70n51; C:\WINDOWS\System32\DRIVERS\w70n51.sys [674560 2006-08-02] (Intel® Corporation)

S0 cerc6; no ImagePath

U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-15 06:38 - 2016-03-15 06:40 - 00010868 _____ C:\Documents and Settings\Administrator\My Documents\Cornwall.txt

2016-03-13 07:43 - 2016-03-13 07:43 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Help

2016-03-13 07:43 - 2016-03-13 07:43 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Help

2016-03-12 17:08 - 2016-03-13 14:17 - 00002413 _____ C:\Documents and Settings\Administrator\My Documents\Things to do March 11th 2016.txt

2016-03-12 03:43 - 2016-03-12 03:43 - 00000136 _____ C:\Documents and Settings\Administrator\My Documents\S dou.txt

2016-03-11 03:07 - 2016-03-11 03:08 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Facebook

2016-03-10 18:23 - 2016-03-10 18:59 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Chris C Refund attempt

2016-03-10 06:21 - 2016-03-10 06:32 - 00131536 _____ C:\WINDOWS\ntbtlog.txt

2016-03-10 05:15 - 2016-03-10 05:17 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Dont ask dont tell.bmp

2016-03-10 02:19 - 2016-03-10 02:19 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Populations

2016-03-09 06:08 - 2016-03-09 06:08 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Co Street 3.bmp

2016-03-09 06:07 - 2016-03-09 06:07 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\C Street 2.bmp

2016-03-09 06:06 - 2016-03-09 06:06 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\J.T.bmp

2016-03-09 06:03 - 2016-03-09 06:03 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\C Street.bmp

2016-03-06 21:08 - 2016-03-06 21:08 - 00001878 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk

2016-03-06 21:08 - 2016-03-06 21:08 - 00000000 ____D C:\Program Files\Common Files\Skype

2016-03-06 21:08 - 2016-03-06 21:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype

2016-03-06 03:37 - 2016-03-06 03:40 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\G mobile

2016-03-06 03:35 - 2016-03-09 20:08 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Nik H

2016-03-06 02:43 - 2016-03-06 02:43 - 00663486 _____ C:\Documents and Settings\Administrator\Desktop\AttendeeViewerImage001.bmp

2016-03-05 21:19 - 2016-03-14 13:52 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job

2016-03-05 21:19 - 2016-03-09 03:03 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job

2016-03-05 21:19 - 2016-03-05 21:19 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job

2016-03-05 21:18 - 2016-03-05 21:18 - 00001842 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk

2016-03-05 21:18 - 2016-03-05 21:18 - 00001836 _____ C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk

2016-03-05 21:18 - 2016-03-05 21:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2

2016-03-05 21:18 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe

2016-03-03 22:52 - 2016-03-03 22:52 - 00000859 _____ C:\Documents and Settings\All Users\Desktop\Avira Launcher.lnk

2016-03-03 08:03 - 2016-03-03 08:04 - 00002759 _____ C:\Documents and Settings\Administrator\My Documents\Computer wipe Harddrive.txt

2016-03-03 07:09 - 2016-03-03 07:56 - 00000899 _____ C:\Documents and Settings\Administrator\My Documents\M U ms Mar to May 16.txt

2016-03-03 03:19 - 2016-03-14 13:54 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat

2016-03-03 00:06 - 2016-03-03 00:06 - 00000097 _____ C:\Documents and Settings\Administrator\My Documents\George K.txt

2016-03-03 00:01 - 2016-03-03 00:01 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\George K.bmp

2016-03-01 09:50 - 2016-03-01 09:50 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\dl moon sun.bmp

2016-02-29 01:45 - 2016-02-29 01:45 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Holly w.bmp

2016-02-26 12:54 - 2016-02-26 12:54 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\C A.bmp

2016-02-25 21:42 - 2016-02-25 21:42 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\VIRUS SPYBOT detection Feb 23rd 16 at 2100 hrs.bmp

2016-02-25 19:21 - 2016-02-25 19:21 - 00065536 _____ C:\WINDOWS\system32\config\Spybot -.evt

2016-02-25 19:14 - 2016-02-25 19:14 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\List of AV programs.bmp

2016-02-21 17:08 - 2016-02-21 17:08 - 00000108 _____ C:\Documents and Settings\Administrator\My Documents\groseries.txt

2016-02-17 23:26 - 2016-02-17 23:28 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\OW.bmp

2016-02-17 01:01 - 2016-02-18 02:45 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\James M

2016-02-16 11:51 - 2016-02-16 11:51 - 00006236 _____ C:\Documents and Settings\Administrator\My Documents\wl app.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-15 07:11 - 2013-11-27 15:24 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp

2016-03-15 07:07 - 2015-05-13 00:47 - 00000000 ____D C:\FRST

2016-03-15 07:03 - 2014-02-11 02:08 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Skype

2016-03-15 06:47 - 2014-03-27 19:01 - 00000530 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1993962763-492894223-1957994488-500.job

2016-03-15 06:38 - 2013-11-27 15:24 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents

2016-03-15 06:20 - 2013-12-01 02:51 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2016-03-15 06:19 - 2014-04-14 14:16 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2016-03-15 06:17 - 2015-06-01 13:15 - 00000626 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1993962763-492894223-1957994488-500.job

2016-03-15 04:17 - 2013-11-27 15:23 - 00032360 _____ C:\WINDOWS\SchedLgU.Txt

2016-03-14 20:20 - 2013-12-01 02:51 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2016-03-14 16:53 - 2015-03-11 23:26 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Home

2016-03-14 13:47 - 2013-12-15 03:43 - 00000260 _____ C:\WINDOWS\Tasks\WGASetup.job

2016-03-14 13:47 - 2013-11-27 15:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-03-14 11:51 - 2014-02-10 23:11 - 00081478 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

2016-03-14 11:49 - 2013-11-27 15:24 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini

2016-03-14 11:37 - 2015-10-27 16:44 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\B Ideas

2016-03-13 15:13 - 2014-02-23 00:51 - 00463344 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1993962763-492894223-1957994488-500-0.dat

2016-03-13 13:51 - 2014-03-14 22:42 - 00000396 _____ C:\WINDOWS\dellstat.ini

2016-03-13 07:56 - 2015-07-02 19:27 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Talk T

2016-03-10 23:45 - 2015-10-08 00:03 - 00000754 _____ C:\WINDOWS\WORDPAD.INI

2016-03-10 18:20 - 2015-08-20 23:19 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\N yahoo account

2016-03-10 17:52 - 2016-01-29 20:54 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Chris C

2016-03-10 01:03 - 2013-11-27 15:24 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Pictures

2016-03-09 18:34 - 2015-06-22 18:07 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Laptop Computer

2016-03-07 15:07 - 2015-03-07 14:31 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\PRC

2016-03-06 21:10 - 2014-02-11 02:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype

2016-03-06 21:08 - 2016-02-05 00:17 - 00000000 ___RD C:\Program Files\Skype

2016-03-06 21:08 - 2014-02-11 02:09 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Skype

2016-03-06 08:38 - 2015-02-17 07:29 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\M

2016-03-05 21:19 - 2015-05-07 22:53 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2

2016-03-05 21:17 - 2015-05-07 22:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2016-03-05 20:04 - 2015-05-12 20:25 - 00000079 _____ C:\WINDOWS\wininit.ini

2016-03-04 00:12 - 2015-05-05 23:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache

2016-03-03 22:51 - 2016-01-02 18:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avira

2016-03-02 05:14 - 2015-03-12 00:59 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\IM

2016-02-29 20:25 - 2014-08-30 00:52 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Alex S

2016-02-28 16:22 - 2008-04-14 07:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl

2016-02-27 04:14 - 2016-02-02 22:37 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Health

2016-02-20 22:04 - 2013-12-01 02:57 - 00001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk

2016-02-20 22:04 - 2013-12-01 02:57 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

2016-02-20 15:52 - 2013-11-27 14:24 - 00000000 ___HD C:\WINDOWS\inf

2016-02-18 22:15 - 2016-02-11 03:10 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\M

2016-02-15 21:43 - 2015-07-12 01:17 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Greece

2016-02-14 04:38 - 2015-07-02 23:57 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Mc case

==================== Files in the root of some directories =======

2013-11-30 14:22 - 2013-11-30 14:29 - 50053120 _____ () C:\Program Files\GUT2.tmp

2015-05-11 23:14 - 2015-05-11 23:14 - 0000036 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache

Some files in TEMP:

====================

C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe

C:\Documents and Settings\Administrator\Local Settings\Temp\SkypeSetup.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

============================================================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01

Ran by Administrator (2016-03-15 07:12:49)

Running from C:\Documents and Settings\Administrator\My Documents\Downloads

Microsoft Windows XP Professional Service Pack 3 (X86) (2013-11-27 15:15:17)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1993962763-492894223-1957994488-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator

ASPNET (S-1-5-21-1993962763-492894223-1957994488-1003 - Limited - Enabled)

Guest (S-1-5-21-1993962763-492894223-1957994488-501 - Limited - Disabled)

HelpAssistant (S-1-5-21-1993962763-492894223-1957994488-1000 - Limited - Disabled)

SUPPORT_388945a0 (S-1-5-21-1993962763-492894223-1957994488-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

FW: ESET Personal firewall (Disabled) {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)

ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.6.2020.204 - Alps Electric)

Avira Launcher (HKLM\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG)

Avira Launcher (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG) Hidden

Citrix Online Launcher (HKLM\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)

C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 42xx - SigmaTel)

Conexant D480 MDC V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1) (Version: - )

Dell Photo AIO Printer 922 (HKLM\...\Dell Photo AIO Printer 922) (Version: - )

DriverIdentifier 4.2.7 (HKLM\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version: - DriverIdentifier)

Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)

Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden

GoToMeeting 7.13.1.4628 (HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\GoToMeeting) (Version: 7.13.1.4628 - CitrixOnline)

Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )

Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: - )

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)

Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 44.0.2 (x86 en-GB) (HKLM\...\Mozilla Firefox 44.0.2 (x86 en-GB)) (Version: 44.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)

MyFreeCodec (HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\MyFreeCodec) (Version: - )

Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_5 - Samsung Electronics Co., Ltd.)

Samsung Kies (Version: 2.6.2.14014_5 - Samsung Electronics Co., Ltd.) Hidden

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)

Skype™ 7.18 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)

Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)

WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden

Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)

Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1993962763-492894223-1957994488-500_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\4431\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1993962763-492894223-1957994488-500.job => C:\Program Files\Citrix\GoToMeeting\4628\g2mupdate.exe

Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1993962763-492894223-1957994488-500.job => C:\Program Files\Citrix\GoToMeeting\4628\g2mupload.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe

Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

Task: C:\WINDOWS\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-03-05 21:17 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2016-03-05 21:17 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl

2014-03-14 22:20 - 2004-03-29 12:45 - 00075264 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\DLBTPP5C.dll

2014-03-14 22:20 - 2004-03-29 15:12 - 00290816 _____ () C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe

2016-03-05 21:17 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2014-03-14 22:20 - 2004-03-29 15:27 - 00102400 _____ () C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe

2014-03-14 22:20 - 2004-03-29 15:10 - 00065536 _____ () C:\Program Files\Dell Photo AIO Printer 922\JetScan.dll

2014-03-14 22:20 - 2004-03-29 15:10 - 00036864 _____ () C:\Program Files\Dell Photo AIO Printer 922\JetPrint.dll

2014-03-14 22:20 - 2004-03-29 15:08 - 00036864 _____ () C:\Program Files\Dell Photo AIO Printer 922\JetFunc.dll

2014-03-14 22:20 - 2004-03-29 15:09 - 00065536 _____ () C:\Program Files\Dell Photo AIO Printer 922\JetImage.dll

2014-03-14 22:20 - 2004-03-29 15:08 - 00028672 _____ () C:\Program Files\Dell Photo AIO Printer 922\JetPDF.dll

2014-03-14 22:20 - 2004-03-10 11:36 - 00061440 _____ () C:\Program Files\Dell Photo AIO Printer 922\ConvDIB.dll

2015-07-17 22:32 - 2015-07-17 22:32 - 01988608 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.UI\ea030633dd0cda4b417a9191daf24966\Kies.UI.ni.dll

2015-07-17 22:32 - 2015-07-17 22:32 - 00079360 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\59a8677946abc4fd92c5ba89ffa6f607\Kies.MVVM.ni.dll

2015-07-17 22:33 - 2015-07-17 22:33 - 00189952 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\4c347761ba84bf513a8dab5cb6667918\Kies.Common.DeviceServiceLib.Interface.ni.dll

2015-07-17 22:34 - 2015-07-17 22:34 - 00367616 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePhoto\14c99f58db95790a4b621bab9107bf92\DevicePhoto.ni.dll

2015-07-17 22:34 - 2015-07-17 22:34 - 00301568 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceVideo\85622fb6058687dc988529641d38f492\DeviceVideo.ni.dll

2015-07-17 22:34 - 2015-07-17 22:34 - 00616448 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePodcast\f8c87c0877583f92dd3e11fa715a24ec\DevicePodcast.ni.dll

2015-07-17 22:34 - 2015-07-17 22:34 - 00307200 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\8fc4080ab14a7d720fd6275377e8bdd4\DummyStorePlugin.ni.dll

2015-07-17 22:34 - 2015-07-17 22:34 - 14994944 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Theme\3fcfc443473e8df0db555daecb413da0\Kies.Theme.ni.dll

2015-07-17 22:33 - 2015-07-17 22:33 - 00582656 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\692883350eb9754983ee3656681d2e0c\Kies.Common.DeviceServiceLib.FileService.ni.dll

2015-07-17 22:33 - 2015-07-17 22:33 - 00046592 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\b3eeb98610269c4916f9d1cc30d1fda5\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll

2015-07-17 22:33 - 2015-07-17 22:33 - 01005056 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\a979ff7b8d7683d9b881b9accd03cb2e\DeviceCommonLib.ni.dll

2014-02-14 15:34 - 2014-02-14 15:34 - 00232960 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\27af83e8dc27ee77fd22031801f3c5f1\ASF_cSharpAPI.ni.dll

2008-04-14 07:00 - 2008-04-14 07:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll

2008-04-14 07:00 - 2008-04-14 07:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

2014-04-12 10:36 - 2014-02-10 12:44 - 04592128 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll

2014-04-12 10:36 - 2014-02-10 12:44 - 00112128 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 07:00 - 2008-04-14 07:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1993962763-492894223-1957994488-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

DNS Servers: 192.168.1.1

Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome

StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)

StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access

StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service

StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater

StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype

==================== Restore Points =========================

12-11-2015 16:12:54 System Checkpoint

15-11-2015 21:36:55 System Checkpoint

16-11-2015 22:53:49 System Checkpoint

20-11-2015 04:12:20 System Checkpoint

21-11-2015 05:17:11 System Checkpoint

22-11-2015 05:26:41 System Checkpoint

24-11-2015 04:07:29 System Checkpoint

25-11-2015 04:22:14 System Checkpoint

26-11-2015 04:26:12 System Checkpoint

27-11-2015 21:13:51 System Checkpoint

28-11-2015 22:27:34 System Checkpoint

30-11-2015 02:24:35 System Checkpoint

01-12-2015 02:46:29 System Checkpoint

02-12-2015 05:18:43 System Checkpoint

03-12-2015 21:53:17 System Checkpoint

05-12-2015 04:38:28 System Checkpoint

07-12-2015 14:40:36 System Checkpoint

08-12-2015 20:58:08 System Checkpoint

09-12-2015 22:19:35 System Checkpoint

14-12-2015 09:23:04 System Checkpoint

20-12-2015 03:43:41 System Checkpoint

21-12-2015 13:45:18 System Checkpoint

26-12-2015 22:40:34 System Checkpoint

28-12-2015 02:45:32 System Checkpoint

01-01-2016 07:21:43 System Checkpoint

03-01-2016 04:08:13 System Checkpoint

11-01-2016 21:12:44 System Checkpoint

13-01-2016 05:28:06 System Checkpoint

15-01-2016 05:53:57 System Checkpoint

21-01-2016 14:14:55 System Checkpoint

27-01-2016 17:49:40 System Checkpoint

04-02-2016 20:25:21 Removed Skype™ 7.18

04-02-2016 22:51:10 Installed Windows Internet Explorer 8.

05-02-2016 00:17:25 Installed Skype™ 6.14

08-02-2016 07:26:00 System Checkpoint

10-02-2016 06:42:04 System Checkpoint

19-02-2016 08:01:33 System Checkpoint

23-02-2016 00:25:17 System Checkpoint

03-03-2016 07:34:42 System Checkpoint

==================== Faulty Device Manager Devices =============

Name: Intel® 82852/82855 GM/GME Graphics Controller

Description: Intel® 82852/82855 GM/GME Graphics Controller

Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}

Manufacturer: Intel Corporation

Service: ialm

Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)

Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: Intel® 82852/82855 GM/GME Graphics Controller

Description: Intel® 82852/82855 GM/GME Graphics Controller

Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}

Manufacturer: Intel Corporation

Service: ialm

Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)

Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

==================== Event log errors: =========================

Application errors:

==================

Error: (03/12/2016 03:49:26 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application mspaint.exe, version 5.1.2600.5918, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/11/2016 07:17:23 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application mspaint.exe, version 5.1.2600.5918, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/06/2016 02:15:08 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application mspaint.exe, version 5.1.2600.5918, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/05/2016 09:28:30 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application SDFiles.exe, version 2.4.40.135, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/26/2016 04:16:24 AM) (Source: Application Hang) (EventID: 1001) (User: )

Description: Fault bucket 346866276.

Error: (02/26/2016 04:16:13 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application SDFiles.exe, version 2.4.40.135, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/15/2016 06:04:27 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Hanging application chrome.exe, version 48.0.2564.109, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/10/2016 03:47:56 AM) (Source: ESENT) (EventID: 455) (User: )

Description: wuaueng.dll (3404) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error: (02/10/2016 03:47:56 AM) (Source: ESENT) (EventID: 489) (User: )

Description: wuauclt (3404) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (02/04/2016 10:36:06 PM) (Source: Userenv) (EventID: 1041) (User: NT AUTHORITY)

Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

System errors:

=============

Error: (03/14/2016 01:49:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:

%%1053

Error: (03/14/2016 01:49:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (03/14/2016 01:49:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:

%%1053

Error: (03/14/2016 01:49:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (03/14/2016 11:51:09 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (03/14/2016 11:41:19 AM) (Source: DCOM) (EventID: 10010) (User: NBS-30B3685D369)

Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.

Error: (03/13/2016 10:12:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The HTTP SSL service failed to start due to the following error:

%%1053

Error: (03/13/2016 10:12:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

Error: (03/13/2016 10:09:55 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The ESET Service service hung on starting.

Error: (03/13/2016 10:08:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:

%%1053

==================== Memory info ===========================

Processor: Intel® Pentium® M processor 1.50GHz

Percentage of memory in use: 40%

Total physical RAM: 2046.21 MB

Available physical RAM: 1207.91 MB

Total Virtual: 3896.75 MB

Available Virtual: 3043.22 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:14.57 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 94E494E4)

Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Edited by dowsp, 14 March 2016 - 12:18 PM.

#2
RKinner

Posted 14 March 2016 - 02:56 PM

Malware Expert

Expert
24,623 posts

Have you defragged the hard drive recently? XP does not do it automatically and after a few years it really needs it.

https://support.micr...en-us/kb/305781

What make and model is this?

Uninstall:

Spybot - Search & Destroy

It's not going to help.

Get the free version of Speccy:

http://www.filehippo...download_speccy(Look in the upper right for the Download

Latest Version button - Do NOT press the large Start Download button on the upper left!) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post. (More Reply Options, Choose File, Open, Attach This File.)

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As,(to your desktop) Save. (Note the file name) Open the file on your desktop and copy and paste the text to a reply.

Run a new FRST scan with Addition.txt checked after uninstalling Spybot and post both logs.

#3
dowsp

Posted 14 March 2016 - 05:18 PM

Member

Topic Starter
Member
542 posts

Thank you for your prompt reply R.K...

I will follow what you say..

Do you think it best to defrag 1st before running the AV programs etc ?

This is the details of my laptop and software.

Dell Inspiron 510 M laptop that had a replaced 2nd hand hard drive about 3 years ago and it runs on Windows XP pro. service pack 3 version 2002.

I just uploaded Speccy...But I am not clear what I am supposed to do with it..

I was thinking it was an antivirus program ? but it seems its something that gives a lot of info about the computer.

I was unsure what I am to do if I am to operate it.. I cannot see the (the little icon in the bottom left will stop moving)

but I can now see there is something under file view options above and was able to select the save text file option and I have found and removed the serial number under operating system..and I post it as a notepad attachment.

Edited by dowsp, 15 March 2016 - 06:06 AM.

#4
dowsp

Posted 15 March 2016 - 06:11 AM

Member

Topic Starter
Member
542 posts

Here is a copy of the text file.

I thought that I had sent it as an attachment, but when I posted its not shown on the main thread we are on..

unless it has gone direct to you so no one else can download it..

Edited by dowsp, 15 March 2016 - 06:13 AM.

#5
dowsp

Posted 15 March 2016 - 06:28 AM

Member

Topic Starter
Member
542 posts

Here is the Live Sysinter txt file..

Hope that I have done this correct..

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer

System Idle Process 56.44 0 K 16 K 0

Avira.ServiceHost.exe 17.82 123,604 K 19,584 K 240 Avira Service Host Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG

lsass.exe 8.91 3,960 K 4,352 K 1324 LSA Shell (Export Version) Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

svchost.exe 3.96 17,300 K 21,944 K 1616 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher

svchost.exe 3.96 2,936 K 3,184 K 1476 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher

services.exe 1.98 1,740 K 2,972 K 1312 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Component Publisher

Interrupts 1.98 0 K 0 K n/a Hardware Interrupts and DPCs

wmiprvse.exe 0.99 5,212 K 9,532 K 5220 WMI Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

winlogon.exe 0.99 7,808 K 4,508 K 1268 Windows NT Logon Application Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

procexp.exe 0.99 15,296 K 22,996 K 3412 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

explorer.exe 0.99 14,744 K 19,236 K 1972 Windows Explorer Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

chrome.exe 0.99 53,280 K 62,880 K 4192 Google Chrome Google Inc. (Verified) Google Inc

wscntfy.exe 520 K 1,392 K 2784 Windows Security Center Notification App Microsoft Corporation (Verified) Microsoft Windows Component Publisher

wmiprvse.exe 1,736 K 4,796 K 5252 WMI Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

System 0 K 212 K 4

svchost.exe 2,384 K 2,864 K 1948 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher

svchost.exe 1,796 K 2,920 K 1580 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher

svchost.exe 2,292 K 1,892 K 1656 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher

svchost.exe 1,768 K 2,676 K 1808 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher

svchost.exe 6,232 K 6,280 K 1988 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher

svchost.exe 1,208 K 2,524 K 916 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

svchost.exe 1,420 K 1,860 K 2140 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

spoolsv.exe 3,148 K 3,744 K 488 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows Component Publisher

Speccy.exe 17,472 K 4,440 K 172 Speccy Piriform Ltd (Verified) Piriform Ltd

smss.exe 168 K 276 K 1116 Windows NT Session Manager Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

Skype.exe 89,676 K 88,528 K 1500 Skype Skype Technologies S.A. (Verified) Skype Software Sarl

KiesTrayAgent.exe 4,032 K 5,984 K 1128 Kies TrayAgent Application Samsung Electronics Co., Ltd. (Verified) Samsung Electronics CO.

Kies.exe 36,984 K 24,596 K 1236 Kies Samsung (Verified) Samsung Electronics CO.

GoogleCrashHandler.exe 1,788 K 480 K 684 Google Crash Handler Google Inc. (Verified) Google Inc

ekrn.exe 22,900 K 13,940 K 972 ESET Service ESET (Verified) ESET

egui.exe 6,212 K 7,708 K 1168 ESET Main GUI ESET (Verified) ESET

dlbtbmon.exe 3,348 K 2,772 K 1200 Dell Dell 922 Button Monitor (No signature was present in the subject)

dlbtbmgr.exe 604 K 1,468 K 1148 Dell Dell 922 Button Manager (No signature was present in the subject)

ctfmon.exe 816 K 1,972 K 1216 CTF Loader Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

csrss.exe 1,584 K 2,904 K 1240 Client Server Runtime Process Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

chrome.exe 90,732 K 43,440 K 4688 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 1,764 K 3,244 K 4472 Google Chrome Google Inc. (Verified) Google Inc

alg.exe 1,048 K 1,784 K 2052 Application Layer Gateway Service Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

#6
dowsp

Posted 15 March 2016 - 07:00 AM

Member

Topic Starter
Member
542 posts

Here is the next FRST and Additional scan txt results..

----------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01

Ran by Administrator (administrator) on NBS-30B3685D369 (16-03-2016 13:25:06)

Running from C:\Documents and Settings\Administrator\My Documents\Downloads

Loaded Profiles: Administrator (Available Profiles: Administrator)

Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)

Internet Explorer Version 8 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google Inc.) C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe

(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

() C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe

(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe

() C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe

(Samsung) C:\Program Files\Samsung\Kies\Kies.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe

(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

(Piriform Ltd) C:\Program Files\Speccy\Speccy.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Sysinternals - www.sysinternals.com) C:\Documents and Settings\Administrator\My Documents\Downloads\procexp.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Farbar) C:\Documents and Settings\Administrator\My Documents\Downloads\FRST (2).exe