Heres some latest Frst.Txt Files
---------------------------------------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Administrator (administrator) on NBS-30B3685D369 (28-03-2016 17:59:31)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [251248 2010-06-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2015-04-28] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Dell Photo AIO Printer 922] => C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe [290816 2004-03-29] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5075104 2014-02-24] (ESET)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1566016 2015-04-28] (Samsung)
HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\Run: [Process Explorer] => C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\PROCEXP.EXE [2694816 2016-03-28] (Sysinternals - www.sysinternals.com)
HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\MountPoints2: {61c0ecb0-ecd5-11e3-be99-0011434c66e7} - E:\WD_Windows_Tools\Setup.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{85C9E6FD-83DA-45BA-A356-DC03E982137A}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1993962763-492894223-1957994488-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
HKU\S-1-5-21-1993962763-492894223-1957994488-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1993962763-492894223-1957994488-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\S-1-5-21-1993962763-492894223-1957994488-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bqynmpuk.default
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1993962763-492894223-1957994488-500: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-03-27] (Citrix Online)
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-20] [not signed]
FF HKLM\...\Thunderbird\Extensions: [
[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-09-07] [not signed]
Chrome:
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 dlbt_device; C:\WINDOWS\system32\dlbtcoms.exe [421888 2004-03-16] (Dell)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1343408 2014-02-24] (ESET)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.) [File not signed]
R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [184664 2013-09-17] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [174400 2013-09-17] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [38952 2013-09-17] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [61600 2013-09-17] (ESET)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
R3 STAC97; C:\WINDOWS\System32\drivers\stac97.sys [264440 2004-11-15] (SigmaTel, Inc.)
R3 w70n51; C:\WINDOWS\System32\DRIVERS\w70n51.sys [674560 2006-08-02] (Intel® Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-28 17:59 - 2016-03-28 18:00 - 00009435 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2016-03-28 17:05 - 2016-03-28 17:09 - 00007916 _____ C:\Documents and Settings\Administrator\Desktop\Fixlog.txt
2016-03-28 17:04 - 2016-03-28 17:04 - 01725440 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2016-03-28 15:48 - 2016-03-28 15:47 - 00090112 _____ C:\WINDOWS\Minidump\Mini032816-01.dmp
2016-03-28 11:09 - 2016-03-28 11:09 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\M16 James Bond
2016-03-28 03:03 - 2016-03-28 03:03 - 00004773 _____ C:\Documents and Settings\Administrator\Desktop\Hardware Interrupts and DPCs.txt
2016-03-28 01:50 - 2016-03-28 01:51 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Administrator\Desktop\procexp.exe
2016-03-27 23:04 - 2016-03-27 23:04 - 00090112 _____ C:\WINDOWS\Minidump\Mini032716-05.dmp
2016-03-27 18:42 - 2016-03-27 18:42 - 00090112 _____ C:\WINDOWS\Minidump\Mini032716-04.dmp
2016-03-27 18:24 - 2016-03-27 18:24 - 00090112 _____ C:\WINDOWS\Minidump\Mini032716-03.dmp
2016-03-27 18:13 - 2016-03-27 18:13 - 00090112 _____ C:\WINDOWS\Minidump\Mini032716-02.dmp
2016-03-27 17:55 - 2016-03-27 17:55 - 00090112 _____ C:\WINDOWS\Minidump\Mini032716-01.dmp
2016-03-24 18:24 - 2016-03-24 18:24 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Hw
2016-03-24 17:32 - 2016-03-24 17:33 - 00005829 _____ C:\Documents and Settings\Administrator\My Documents\Lwmd
2016-03-24 02:44 - 2016-03-24 02:44 - 00090112 _____ C:\WINDOWS\Minidump\Mini032416-01.dmp
2016-03-23 15:53 - 2016-03-23 15:53 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Bes
2016-03-20 04:30 - 2016-03-21 01:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-16 14:10 - 2016-03-16 14:10 - 00004630 _____ C:\Documents and Settings\Administrator\Desktop\System Idle Process.txt
2016-03-16 13:30 - 2016-03-16 13:47 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Snapshot s
2016-03-16 13:30 - 2016-03-16 13:30 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\spe
2016-03-16 13:30 - 2016-03-16 13:30 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\pe
2016-03-16 13:20 - 2016-03-16 13:20 - 00000654 _____ C:\Documents and Settings\All Users\Desktop\Speccy.lnk
2016-03-16 13:20 - 2016-03-16 13:20 - 00000000 ____D C:\Program Files\Speccy
2016-03-16 13:20 - 2016-03-16 13:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
2016-03-15 15:20 - 2016-03-15 21:07 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Things to do
2016-03-15 08:17 - 2016-03-28 17:57 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Gtg
2016-03-15 07:38 - 2016-03-15 07:40 - 00010868 _____ C:\Documents and Settings\Administrator\My Documents\Cw
2016-03-13 08:43 - 2016-03-13 08:43 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Help
2016-03-13 08:43 - 2016-03-13 08:43 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Help
2016-03-12 18:08 - 2016-03-13 15:17 - 00002413 _____ C:\Documents and Settings\Administrator\My Documents\Td
2016-03-12 04:43 - 2016-03-12 04:43 - 00000136 _____ C:\Documents and Settings\Administrator\My Documents\Sd
2016-03-11 04:07 - 2016-03-24 05:44 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Fb
2016-03-10 19:23 - 2016-03-15 21:11 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Ccr
2016-03-10 07:21 - 2016-03-10 07:32 - 00131536 _____ C:\WINDOWS\ntbtlog.txt
2016-03-10 06:15 - 2016-03-10 06:17 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Dadt
2016-03-10 03:19 - 2016-03-10 03:19 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Po
2016-03-09 07:08 - 2016-03-09 07:08 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Cs
2016-03-09 07:07 - 2016-03-09 07:07 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Cs2
2016-03-09 07:06 - 2016-03-09 07:06 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\J.T.bmp
2016-03-09 07:03 - 2016-03-09 07:03 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Cs3
2016-03-06 22:08 - 2016-03-06 22:08 - 00001878 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2016-03-06 22:08 - 2016-03-06 22:08 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-03-06 22:08 - 2016-03-06 22:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2016-03-06 04:37 - 2016-03-06 04:40 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Gm
2016-03-06 04:35 - 2016-03-09 21:08 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Nh
2016-03-06 03:43 - 2016-03-06 03:43 - 00663486 _____ C:\Documents and Settings\Administrator\Desktop\A
2016-03-03 09:03 - 2016-03-03 09:04 - 00002759 _____ C:\Documents and Settings\Administrator\My Documents\C
2016-03-03 08:09 - 2016-03-03 08:56 - 00000899 _____ C:\Documents and Settings\Administrator\My Documents\Mu
2016-03-03 04:19 - 2016-03-28 17:15 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-03-03 01:06 - 2016-03-03 01:06 - 00000097 _____ C:\Documents and Settings\Administrator\My Documents\GK
2016-03-03 01:01 - 2016-03-03 01:01 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\G.K
2016-03-01 10:50 - 2016-03-01 10:50 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\dm
2016-02-29 02:45 - 2016-02-29 02:45 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Hw2
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-28 18:00 - 2013-11-27 16:24 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-03-28 17:59 - 2015-05-13 01:47 - 00000000 ____D C:\FRST
2016-03-28 17:53 - 2014-02-11 03:08 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Skype
2016-03-28 17:43 - 2014-03-27 20:01 - 00000530 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1993962763-492894223-1957994488-500.job
2016-03-28 17:20 - 2013-12-01 03:51 - 00000886 _____ C:\WINDOWS\Tasks\Google
2016-03-28 17:19 - 2014-04-14 15:16 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-28 17:14 - 2013-12-15 04:43 - 00000260 _____ C:\WINDOWS\Tasks\WGASetup.job
2016-03-28 17:14 - 2013-12-01 03:51 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-28 17:14 - 2013-11-27 16:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-28 17:12 - 2013-11-27 16:23 - 00032606 _____ C:\WINDOWS\SchedLgU.Txt
2016-03-28 17:10 - 2013-11-27 16:24 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-03-28 16:14 - 2015-06-01 14:15 - 00000626 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1993962763-492894223-1957994488-500.job
2016-03-28 11:09 - 2013-11-27 16:24 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents
2016-03-28 00:37 - 2014-01-23 00:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
2016-03-27 23:04 - 2013-11-28 15:49 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-27 16:53 - 2013-11-27 15:46 - 00525098 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-27 07:52 - 2014-02-23 01:51 - 00463344 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1993962763-492894223-1957994488-500-0.dat
2016-03-27 07:52 - 2014-02-11 00:11 - 00081478 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2016-03-25 21:32 - 2013-12-01 03:57 - 00001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-03-25 21:32 - 2013-12-01 03:57 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2016-03-25 13:12 - 2015-03-07 15:31 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\PRC
2016-03-24 17:08 - 2015-08-06 12:08 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Eg
2016-03-23 16:13 - 2014-08-30 01:52 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\AS
2016-03-23 15:04 - 2015-03-12 01:59 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\IM
2016-03-22 19:50 - 2015-10-08 01:03 - 00000754 _____ C:\WINDOWS\WORDPAD.INI
2016-03-21 14:49 - 2015-01-10 18:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-03-18 19:22 - 2015-07-03 00:57 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Mc
2016-03-18 17:35 - 2015-01-26 06:06 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Naw
2016-03-17 00:48 - 2016-01-28 08:19 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\X files
2016-03-16 15:40 - 2015-10-27 17:44 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Bi
2016-03-16 04:42 - 2015-05-12 21:25 - 00000079 _____ C:\WINDOWS\wininit.ini
2016-03-15 08:36 - 2016-02-02 23:37 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Ht
2016-03-14 17:53 - 2015-03-12 00:26 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Hm
2016-03-13 14:51 - 2014-03-14 23:42 - 00000396 _____ C:\WINDOWS\dellstat.ini
2016-03-13 08:56 - 2015-07-02 20:27 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Tt
2016-03-10 19:20 - 2015-08-21 00:19 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Nl
2016-03-10 18:52 - 2016-01-29 21:54 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Cc
2016-03-10 02:03 - 2013-11-27 16:24 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\Mp
2016-03-09 19:34 - 2015-06-22 19:07 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Lc
2016-03-06 22:10 - 2014-02-11 03:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2016-03-06 22:08 - 2016-02-05 01:17 - 00000000 ___RD C:\Program Files\Skype
2016-03-06 22:08 - 2014-02-11 03:09 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Skype
2016-03-06 09:38 - 2015-02-17 08:29 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\M
2016-03-04 01:12 - 2015-05-06 00:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2016-02-28 17:22 - 2008-04-14 08:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
==================== Files in the root of some directories =======
2013-11-30 15:22 - 2013-11-30 15:29 - 50053120 _____ () C:\Program Files\GUT2.tmp
2015-05-12 00:14 - 2015-05-12 00:14 - 0000036 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of FRST.txt ============================
=========================================================================
===========================================================================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Administrator (2016-03-28 18:00:50)
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2013-11-27 15:15:17)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1993962763-492894223-1957994488-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1993962763-492894223-1957994488-1003 - Limited - Enabled)
Guest (S-1-5-21-1993962763-492894223-1957994488-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1993962763-492894223-1957994488-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1993962763-492894223-1957994488-1002 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
FW: ESET Personal firewall (Disabled) {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.6.2020.204 - Alps Electric)
Citrix Online Launcher (HKLM\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 42xx - SigmaTel)
Conexant D480 MDC V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1) (Version: - )
Dell Photo AIO Printer 922 (HKLM\...\Dell Photo AIO Printer 922) (Version: - )
DriverIdentifier 4.2.7 (HKLM\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version: - DriverIdentifier)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.108 - Google Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
GoToMeeting 7.14.1.4670 (HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\GoToMeeting) (Version: 7.14.1.4670 - CitrixOnline)
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 45.0.1 (x86 en-GB)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\MyFreeCodec) (Version: - )
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_5 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.2.14014_5 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.18 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1993962763-492894223-1957994488-500_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\4431\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1993962763-492894223-1957994488-500.job => C:\Program Files\Citrix\GoToMeeting\4670\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1993962763-492894223-1957994488-500.job => C:\Program Files\Citrix\GoToMeeting\4670\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-03-14 23:20 - 2004-03-29 13:45 - 00075264 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\DLBTPP5C.dll
2014-03-14 23:20 - 2004-03-29 16:12 - 00290816 _____ () C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
2015-07-17 23:32 - 2015-07-17 23:32 - 01988608 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.UI\ea030633dd0cda4b417a9191daf24966\Kies.UI.ni.dll
2015-07-17 23:32 - 2015-07-17 23:32 - 00079360 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\59a8677946abc4fd92c5ba89ffa6f607\Kies.MVVM.ni.dll
2015-07-17 23:33 - 2015-07-17 23:33 - 00189952 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\4c347761ba84bf513a8dab5cb6667918\Kies.Common.DeviceServiceLib.Interface.ni.dll
2015-07-17 23:34 - 2015-07-17 23:34 - 00367616 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePhoto\14c99f58db95790a4b621bab9107bf92\DevicePhoto.ni.dll
2015-07-17 23:34 - 2015-07-17 23:34 - 00301568 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceVideo\85622fb6058687dc988529641d38f492\DeviceVideo.ni.dll
2015-07-17 23:34 - 2015-07-17 23:34 - 00616448 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePodcast\f8c87c0877583f92dd3e11fa715a24ec\DevicePodcast.ni.dll
2015-07-17 23:34 - 2015-07-17 23:34 - 00307200 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\8fc4080ab14a7d720fd6275377e8bdd4\DummyStorePlugin.ni.dll
2015-07-17 23:34 - 2015-07-17 23:34 - 14994944 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Theme\3fcfc443473e8df0db555daecb413da0\Kies.Theme.ni.dll
2015-07-17 23:33 - 2015-07-17 23:33 - 00582656 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\692883350eb9754983ee3656681d2e0c\Kies.Common.DeviceServiceLib.FileService.ni.dll
2015-07-17 23:33 - 2015-07-17 23:33 - 00046592 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\b3eeb98610269c4916f9d1cc30d1fda5\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
2015-07-17 23:33 - 2015-07-17 23:33 - 01005056 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\a979ff7b8d7683d9b881b9accd03cb2e\DeviceCommonLib.ni.dll
2014-02-14 16:34 - 2014-02-14 16:34 - 00232960 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\27af83e8dc27ee77fd22031801f3c5f1\ASF_cSharpAPI.ni.dll
2008-04-14 08:00 - 2008-04-14 08:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 08:00 - 2008-04-14 08:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-03-14 23:20 - 2004-03-29 16:27 - 00102400 _____ () C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
2014-03-14 23:20 - 2004-03-29 16:10 - 00065536 _____ () C:\Program Files\Dell Photo AIO Printer 922\JetScan.dll
2014-03-14 23:20 - 2004-03-29 16:10 - 00036864 _____ () C:\Program Files\Dell Photo AIO Printer 922\JetPrint.dll
2014-03-14 23:20 - 2004-03-29 16:08 - 00036864 _____ () C:\Program Files\Dell Photo AIO Printer 922\JetFunc.dll
2014-03-14 23:20 - 2004-03-29 16:09 - 00065536 _____ () C:\Program Files\Dell Photo AIO Printer 922\JetImage.dll
2014-03-14 23:20 - 2004-03-29 16:08 - 00028672 _____ () C:\Program Files\Dell Photo AIO Printer 922\JetPDF.dll
2014-03-14 23:20 - 2004-03-10 12:36 - 00061440 _____ () C:\Program Files\Dell Photo AIO Printer 922\ConvDIB.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2008-04-14 08:00 - 2008-04-14 08:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1993962763-492894223-1957994488-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.1
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
==================== Restore Points =========================
01-01-2016 08:21:43 System Checkpoint
03-01-2016 05:08:13 System Checkpoint
11-01-2016 22:12:44 System Checkpoint
13-01-2016 06:28:06 System Checkpoint
15-01-2016 06:53:57 System Checkpoint
21-01-2016 15:14:55 System Checkpoint
27-01-2016 18:49:40 System Checkpoint
04-02-2016 21:25:21 Removed Skype™ 7.18
04-02-2016 23:51:10 Installed Windows Internet Explorer 8.
05-02-2016 01:17:25 Installed Skype™ 6.14
08-02-2016 08:26:00 System Checkpoint
10-02-2016 07:42:04 System Checkpoint
19-02-2016 09:01:33 System Checkpoint
23-02-2016 01:25:17 System Checkpoint
03-03-2016 08:34:42 System Checkpoint
16-03-2016 02:12:34 System Checkpoint
20-03-2016 04:34:06 System Checkpoint
27-03-2016 22:26:49 System Checkpoint
==================== Faulty Device Manager Devices =============
Name: Intel® 82852/82855 GM/GME Graphics Controller
Description: Intel® 82852/82855 GM/GME Graphics Controller
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: ialm
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
Name: Intel® 82852/82855 GM/GME Graphics Controller
Description: Intel® 82852/82855 GM/GME Graphics Controller
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: ialm
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/18/2016 03:35:11 PM) (Source: ESENT) (EventID: 485) (User: )
Description: wuauclt (2524) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The delete file operation will fail with error -1032 (0xfffffbf8).
Error: (03/15/2016 08:42:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application egui.exe, version 7.0.317.0, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x0001b1fa.
Processing media-specific event for [egui.exe!ws!]
Error: (03/12/2016 04:49:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mspaint.exe, version 5.1.2600.5918, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (03/11/2016 08:17:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mspaint.exe, version 5.1.2600.5918, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (03/06/2016 03:15:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mspaint.exe, version 5.1.2600.5918, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (03/05/2016 10:28:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SDFiles.exe, version 2.4.40.135, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (02/26/2016 05:16:24 AM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 346866276.
Error: (02/26/2016 05:16:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SDFiles.exe, version 2.4.40.135, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (02/15/2016 07:04:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application chrome.exe, version 48.0.2564.109, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Error: (02/10/2016 04:47:56 AM) (Source: ESENT) (EventID: 455) (User: )
Description: wuaueng.dll (3404) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
System errors:
=============
Error: (03/28/2016 05:12:17 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
==================== Memory info ===========================
Processor: Intel® Pentium® M processor 1.50GHz
Percentage of memory in use: 38%
Total physical RAM: 2046.21 MB
Available physical RAM: 1256.84 MB
Total Virtual: 3896.75 MB
Available Virtual: 3214.08 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.53 GB) (Free:15.67 GB) NTFS ==>[drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 94E494E4)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================