Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Dell Inspiron 510 m Laptop running very poorly on Windows XP Pro

Started by dowsp , Mar 14 2016 11:34 AM

  • Please log in to reply

#16
dowsp
Posted 27 March 2016 - 09:46 AM

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts

It seems that the process did work after downloading Frst.exe again..

 

but upon clicking "fix" .... it restarted my computer without me seeing any txt file and upon restarting, It saved a fixit file on my desktop...

 

I have noted that certain things have been removed..other than the temp files..

 

such as maybe some cookies..and auto log in details.

 

I should have mentioned that I only wanted temp files removing...as I do use a lot of cookies..

 

Normally I delete the cache in chrome when I delete anything..

 

                        ----------------------------------------------------------------------------------------

 

Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Administrator (2016-03-28 17:05:23) Run:1
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-01-27] (Avira Operations GmbH & Co. KG)
HHKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
KU\S-1-5-21-1993962763-492894223-1957994488-500\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
BootExecute: autocheck autochk * sdnclean.exe
FF Extension: Avira Browser Safety - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bqynmpuk.default\Extensions\[email protected] [2016-02-19]
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [260456 2016-01-27] (Avira Operations GmbH & Co. KG)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S0 cerc6; no ImagePath
U1 WS2IFSL; no ImagePath
2016-03-05 21:19 - 2016-03-14 13:52 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2016-03-05 21:19 - 2016-03-09 03:03 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2016-03-05 21:19 - 2016-03-05 21:19 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2016-03-05 21:18 - 2016-03-05 21:18 - 00001842 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-03-05 21:18 - 2016-03-05 21:18 - 00001836 _____ C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2016-03-05 21:18 - 2016-03-05 21:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2016-03-05 21:18 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2016-03-03 22:52 - 2016-03-03 22:52 - 00000859 _____ C:\Documents and Settings\All Users\Desktop\Avira Launcher.lnk 
2016-03-05 21:19 - 2015-05-07 22:53 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2016-03-05 21:17 - 2015-05-07 22:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\SkypeSetup.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe 
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
2016-03-05 21:17 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-03-05 21:17 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
EmptyTemp:
 
 
 
 
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Avira SystrayStartTrigger => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HSDTray => value not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found. 
KU\S-1-5-21-1993962763-492894223-1957994488-500\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) => Error: No automatic fix found for this entry.
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bqynmpuk.default\Extensions\[email protected] => moved successfully
Avira.ServiceHost => service not found.
SDScannerService => service not found.
SDUpdateService => service not found.
SDWSCService => service not found.
cerc6 => service removed successfully.
WS2IFSL => service removed successfully.
"C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job" => not found.
"C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job" => not found.
"C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job" => not found.
"C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk" => not found.
"C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk" => not found.
"C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2" => not found.
"C:\WINDOWS\system32\sdnclean.exe" => not found.
"C:\Documents and Settings\All Users\Desktop\Avira Launcher.lnk" => not found.
C:\Program Files\Spybot - Search & Destroy 2 => moved successfully
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy => moved successfully
C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe => moved successfully
C:\Documents and Settings\Administrator\Local Settings\Temp\SkypeSetup.exe => moved successfully
C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => not found.
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => moved successfully
C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => not found.
C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => not found.
"C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl" => not found.
"C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe => value not found.
EmptyTemp: => 250.1 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 17:09:39 ====

Edited by dowsp, 27 March 2016 - 09:55 AM.

  • 0

Advertisements

#17
dowsp
Posted 27 March 2016 - 10:41 AM

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts

Heres some latest Frst.Txt Files

 

                    ---------------------------------------------------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Administrator (administrator) on NBS-30B3685D369 (28-03-2016 17:59:31)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [251248 2010-06-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2015-04-28] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Dell Photo AIO Printer 922] => C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe [290816 2004-03-29] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5075104 2014-02-24] (ESET)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1566016 2015-04-28] (Samsung)
HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\Run: [Process Explorer] => C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\PROCEXP.EXE [2694816 2016-03-28] (Sysinternals - www.sysinternals.com)
HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\MountPoints2: {61c0ecb0-ecd5-11e3-be99-0011434c66e7} - E:\WD_Windows_Tools\Setup.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{85C9E6FD-83DA-45BA-A356-DC03E982137A}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1993962763-492894223-1957994488-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
HKU\S-1-5-21-1993962763-492894223-1957994488-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1993962763-492894223-1957994488-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKU\S-1-5-21-1993962763-492894223-1957994488-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bqynmpuk.default
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1993962763-492894223-1957994488-500: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-03-27] (Citrix Online)
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-20] [not signed]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-09-07] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 dlbt_device; C:\WINDOWS\system32\dlbtcoms.exe [421888 2004-03-16] (Dell)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1343408 2014-02-24] (ESET)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.) [File not signed]
R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [184664 2013-09-17] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [174400 2013-09-17] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [38952 2013-09-17] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [61600 2013-09-17] (ESET)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
R3 STAC97; C:\WINDOWS\System32\drivers\stac97.sys [264440 2004-11-15] (SigmaTel, Inc.)
R3 w70n51; C:\WINDOWS\System32\DRIVERS\w70n51.sys [674560 2006-08-02] (Intel® Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-28 17:59 - 2016-03-28 18:00 - 00009435 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2016-03-28 17:05 - 2016-03-28 17:09 - 00007916 _____ C:\Documents and Settings\Administrator\Desktop\Fixlog.txt
2016-03-28 17:04 - 2016-03-28 17:04 - 01725440 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2016-03-28 15:48 - 2016-03-28 15:47 - 00090112 _____ C:\WINDOWS\Minidump\Mini032816-01.dmp
2016-03-28 11:09 - 2016-03-28 11:09 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\M16 James Bond
2016-03-28 03:03 - 2016-03-28 03:03 - 00004773 _____ C:\Documents and Settings\Administrator\Desktop\Hardware Interrupts and DPCs.txt
2016-03-28 01:50 - 2016-03-28 01:51 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Documents and Settings\Administrator\Desktop\procexp.exe
2016-03-27 23:04 - 2016-03-27 23:04 - 00090112 _____ C:\WINDOWS\Minidump\Mini032716-05.dmp
2016-03-27 18:42 - 2016-03-27 18:42 - 00090112 _____ C:\WINDOWS\Minidump\Mini032716-04.dmp
2016-03-27 18:24 - 2016-03-27 18:24 - 00090112 _____ C:\WINDOWS\Minidump\Mini032716-03.dmp
2016-03-27 18:13 - 2016-03-27 18:13 - 00090112 _____ C:\WINDOWS\Minidump\Mini032716-02.dmp
2016-03-27 17:55 - 2016-03-27 17:55 - 00090112 _____ C:\WINDOWS\Minidump\Mini032716-01.dmp
2016-03-24 18:24 - 2016-03-24 18:24 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Hw
2016-03-24 17:32 - 2016-03-24 17:33 - 00005829 _____ C:\Documents and Settings\Administrator\My Documents\Lwmd
2016-03-24 02:44 - 2016-03-24 02:44 - 00090112 _____ C:\WINDOWS\Minidump\Mini032416-01.dmp
2016-03-23 15:53 - 2016-03-23 15:53 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Bes
2016-03-20 04:30 - 2016-03-21 01:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-16 14:10 - 2016-03-16 14:10 - 00004630 _____ C:\Documents and Settings\Administrator\Desktop\System Idle Process.txt
2016-03-16 13:30 - 2016-03-16 13:47 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Snapshot s
2016-03-16 13:30 - 2016-03-16 13:30 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\spe
2016-03-16 13:30 - 2016-03-16 13:30 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\pe
2016-03-16 13:20 - 2016-03-16 13:20 - 00000654 _____ C:\Documents and Settings\All Users\Desktop\Speccy.lnk
2016-03-16 13:20 - 2016-03-16 13:20 - 00000000 ____D C:\Program Files\Speccy
2016-03-16 13:20 - 2016-03-16 13:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
2016-03-15 15:20 - 2016-03-15 21:07 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Things to do
2016-03-15 08:17 - 2016-03-28 17:57 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Gtg
2016-03-15 07:38 - 2016-03-15 07:40 - 00010868 _____ C:\Documents and Settings\Administrator\My Documents\Cw
2016-03-13 08:43 - 2016-03-13 08:43 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Help
2016-03-13 08:43 - 2016-03-13 08:43 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Help
2016-03-12 18:08 - 2016-03-13 15:17 - 00002413 _____ C:\Documents and Settings\Administrator\My Documents\Td
2016-03-12 04:43 - 2016-03-12 04:43 - 00000136 _____ C:\Documents and Settings\Administrator\My Documents\Sd
2016-03-11 04:07 - 2016-03-24 05:44 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Fb
2016-03-10 19:23 - 2016-03-15 21:11 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Ccr
2016-03-10 07:21 - 2016-03-10 07:32 - 00131536 _____ C:\WINDOWS\ntbtlog.txt
2016-03-10 06:15 - 2016-03-10 06:17 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Dadt
2016-03-10 03:19 - 2016-03-10 03:19 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Po
2016-03-09 07:08 - 2016-03-09 07:08 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Cs
2016-03-09 07:07 - 2016-03-09 07:07 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Cs2
2016-03-09 07:06 - 2016-03-09 07:06 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\J.T.bmp
2016-03-09 07:03 - 2016-03-09 07:03 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Cs3
2016-03-06 22:08 - 2016-03-06 22:08 - 00001878 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2016-03-06 22:08 - 2016-03-06 22:08 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-03-06 22:08 - 2016-03-06 22:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2016-03-06 04:37 - 2016-03-06 04:40 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Gm
2016-03-06 04:35 - 2016-03-09 21:08 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Nh
2016-03-06 03:43 - 2016-03-06 03:43 - 00663486 _____ C:\Documents and Settings\Administrator\Desktop\A
2016-03-03 09:03 - 2016-03-03 09:04 - 00002759 _____ C:\Documents and Settings\Administrator\My Documents\C
2016-03-03 08:09 - 2016-03-03 08:56 - 00000899 _____ C:\Documents and Settings\Administrator\My Documents\Mu
2016-03-03 04:19 - 2016-03-28 17:15 - 00000664 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-03-03 01:06 - 2016-03-03 01:06 - 00000097 _____ C:\Documents and Settings\Administrator\My Documents\GK
2016-03-03 01:01 - 2016-03-03 01:01 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\G.K
2016-03-01 10:50 - 2016-03-01 10:50 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\dm
2016-02-29 02:45 - 2016-02-29 02:45 - 00921654 _____ C:\Documents and Settings\Administrator\My Documents\Hw2
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-28 18:00 - 2013-11-27 16:24 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-03-28 17:59 - 2015-05-13 01:47 - 00000000 ____D C:\FRST
2016-03-28 17:53 - 2014-02-11 03:08 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Skype
2016-03-28 17:43 - 2014-03-27 20:01 - 00000530 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1993962763-492894223-1957994488-500.job
2016-03-28 17:20 - 2013-12-01 03:51 - 00000886 _____ C:\WINDOWS\Tasks\Google
2016-03-28 17:19 - 2014-04-14 15:16 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-28 17:14 - 2013-12-15 04:43 - 00000260 _____ C:\WINDOWS\Tasks\WGASetup.job
2016-03-28 17:14 - 2013-12-01 03:51 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-28 17:14 - 2013-11-27 16:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-28 17:12 - 2013-11-27 16:23 - 00032606 _____ C:\WINDOWS\SchedLgU.Txt
2016-03-28 17:10 - 2013-11-27 16:24 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-03-28 16:14 - 2015-06-01 14:15 - 00000626 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1993962763-492894223-1957994488-500.job
2016-03-28 11:09 - 2013-11-27 16:24 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents
2016-03-28 00:37 - 2014-01-23 00:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
2016-03-27 23:04 - 2013-11-28 15:49 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-27 16:53 - 2013-11-27 15:46 - 00525098 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-27 07:52 - 2014-02-23 01:51 - 00463344 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1993962763-492894223-1957994488-500-0.dat
2016-03-27 07:52 - 2014-02-11 00:11 - 00081478 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2016-03-25 21:32 - 2013-12-01 03:57 - 00001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-03-25 21:32 - 2013-12-01 03:57 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2016-03-25 13:12 - 2015-03-07 15:31 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\PRC
2016-03-24 17:08 - 2015-08-06 12:08 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Eg
2016-03-23 16:13 - 2014-08-30 01:52 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\AS
2016-03-23 15:04 - 2015-03-12 01:59 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\IM
2016-03-22 19:50 - 2015-10-08 01:03 - 00000754 _____ C:\WINDOWS\WORDPAD.INI
2016-03-21 14:49 - 2015-01-10 18:20 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-03-18 19:22 - 2015-07-03 00:57 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Mc
2016-03-18 17:35 - 2015-01-26 06:06 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Naw
2016-03-17 00:48 - 2016-01-28 08:19 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\X files
2016-03-16 15:40 - 2015-10-27 17:44 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Bi
2016-03-16 04:42 - 2015-05-12 21:25 - 00000079 _____ C:\WINDOWS\wininit.ini
2016-03-15 08:36 - 2016-02-02 23:37 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Ht
2016-03-14 17:53 - 2015-03-12 00:26 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Hm
2016-03-13 14:51 - 2014-03-14 23:42 - 00000396 _____ C:\WINDOWS\dellstat.ini
2016-03-13 08:56 - 2015-07-02 20:27 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Tt
2016-03-10 19:20 - 2015-08-21 00:19 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Nl
2016-03-10 18:52 - 2016-01-29 21:54 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Cc
2016-03-10 02:03 - 2013-11-27 16:24 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\Mp
2016-03-09 19:34 - 2015-06-22 19:07 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Lc
2016-03-06 22:10 - 2014-02-11 03:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2016-03-06 22:08 - 2016-02-05 01:17 - 00000000 ___RD C:\Program Files\Skype
2016-03-06 22:08 - 2014-02-11 03:09 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Skype
2016-03-06 09:38 - 2015-02-17 08:29 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\M
2016-03-04 01:12 - 2015-05-06 00:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache
2016-02-28 17:22 - 2008-04-14 08:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
 
==================== Files in the root of some directories =======
 
2013-11-30 15:22 - 2013-11-30 15:29 - 50053120 _____ () C:\Program Files\GUT2.tmp
2015-05-12 00:14 - 2015-05-12 00:14 - 0000036 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
 
 
 
=========================================================================
===========================================================================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by Administrator (2016-03-28 18:00:50)
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2013-11-27 15:15:17)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1993962763-492894223-1957994488-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1993962763-492894223-1957994488-1003 - Limited - Enabled)
Guest (S-1-5-21-1993962763-492894223-1957994488-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1993962763-492894223-1957994488-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1993962763-492894223-1957994488-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
FW: ESET Personal firewall (Disabled) {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.6.2020.204 - Alps Electric)
Citrix Online Launcher (HKLM\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 42xx - SigmaTel)
Conexant D480 MDC V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1) (Version:  - )
Dell Photo AIO Printer 922 (HKLM\...\Dell Photo AIO Printer 922) (Version:  - )
DriverIdentifier 4.2.7 (HKLM\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version:  - DriverIdentifier)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.108 - Google Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
GoToMeeting 7.14.1.4670 (HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\GoToMeeting) (Version: 7.14.1.4670 - CitrixOnline)
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 45.0.1 (x86 en-GB)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-1993962763-492894223-1957994488-500\...\MyFreeCodec) (Version:  - )
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_5 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.2.14014_5 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.18 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1993962763-492894223-1957994488-500_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\4431\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1993962763-492894223-1957994488-500.job => C:\Program Files\Citrix\GoToMeeting\4670\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1993962763-492894223-1957994488-500.job => C:\Program Files\Citrix\GoToMeeting\4670\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-03-14 23:20 - 2004-03-29 13:45 - 00075264 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\DLBTPP5C.dll
2014-03-14 23:20 - 2004-03-29 16:12 - 00290816 _____ () C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
2015-07-17 23:32 - 2015-07-17 23:32 - 01988608 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.UI\ea030633dd0cda4b417a9191daf24966\Kies.UI.ni.dll
2015-07-17 23:32 - 2015-07-17 23:32 - 00079360 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\59a8677946abc4fd92c5ba89ffa6f607\Kies.MVVM.ni.dll
2015-07-17 23:33 - 2015-07-17 23:33 - 00189952 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\4c347761ba84bf513a8dab5cb6667918\Kies.Common.DeviceServiceLib.Interface.ni.dll
2015-07-17 23:34 - 2015-07-17 23:34 - 00367616 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePhoto\14c99f58db95790a4b621bab9107bf92\DevicePhoto.ni.dll
2015-07-17 23:34 - 2015-07-17 23:34 - 00301568 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceVideo\85622fb6058687dc988529641d38f492\DeviceVideo.ni.dll
2015-07-17 23:34 - 2015-07-17 23:34 - 00616448 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePodcast\f8c87c0877583f92dd3e11fa715a24ec\DevicePodcast.ni.dll
2015-07-17 23:34 - 2015-07-17 23:34 - 00307200 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\8fc4080ab14a7d720fd6275377e8bdd4\DummyStorePlugin.ni.dll
2015-07-17 23:34 - 2015-07-17 23:34 - 14994944 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Theme\3fcfc443473e8df0db555daecb413da0\Kies.Theme.ni.dll
2015-07-17 23:33 - 2015-07-17 23:33 - 00582656 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\692883350eb9754983ee3656681d2e0c\Kies.Common.DeviceServiceLib.FileService.ni.dll
2015-07-17 23:33 - 2015-07-17 23:33 - 00046592 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\b3eeb98610269c4916f9d1cc30d1fda5\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
2015-07-17 23:33 - 2015-07-17 23:33 - 01005056 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\a979ff7b8d7683d9b881b9accd03cb2e\DeviceCommonLib.ni.dll
2014-02-14 16:34 - 2014-02-14 16:34 - 00232960 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\27af83e8dc27ee77fd22031801f3c5f1\ASF_cSharpAPI.ni.dll
2008-04-14 08:00 - 2008-04-14 08:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 08:00 - 2008-04-14 08:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-03-14 23:20 - 2004-03-29 16:27 - 00102400 _____ () C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
2014-03-14 23:20 - 2004-03-29 16:10 - 00065536 _____ () C:\Program Files\Dell Photo AIO Printer 922\JetScan.dll
2014-03-14 23:20 - 2004-03-29 16:10 - 00036864 _____ () C:\Program Files\Dell Photo AIO Printer 922\JetPrint.dll
2014-03-14 23:20 - 2004-03-29 16:08 - 00036864 _____ () C:\Program Files\Dell Photo AIO Printer 922\JetFunc.dll
2014-03-14 23:20 - 2004-03-29 16:09 - 00065536 _____ () C:\Program Files\Dell Photo AIO Printer 922\JetImage.dll
2014-03-14 23:20 - 2004-03-29 16:08 - 00028672 _____ () C:\Program Files\Dell Photo AIO Printer 922\JetPDF.dll
2014-03-14 23:20 - 2004-03-10 12:36 - 00061440 _____ () C:\Program Files\Dell Photo AIO Printer 922\ConvDIB.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2008-04-14 08:00 - 2008-04-14 08:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1993962763-492894223-1957994488-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.1
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
 
==================== Restore Points =========================
 
01-01-2016 08:21:43 System Checkpoint
03-01-2016 05:08:13 System Checkpoint
11-01-2016 22:12:44 System Checkpoint
13-01-2016 06:28:06 System Checkpoint
15-01-2016 06:53:57 System Checkpoint
21-01-2016 15:14:55 System Checkpoint
27-01-2016 18:49:40 System Checkpoint
04-02-2016 21:25:21 Removed Skype™ 7.18
04-02-2016 23:51:10 Installed Windows Internet Explorer 8.
05-02-2016 01:17:25 Installed Skype™ 6.14
08-02-2016 08:26:00 System Checkpoint
10-02-2016 07:42:04 System Checkpoint
19-02-2016 09:01:33 System Checkpoint
23-02-2016 01:25:17 System Checkpoint
03-03-2016 08:34:42 System Checkpoint
16-03-2016 02:12:34 System Checkpoint
20-03-2016 04:34:06 System Checkpoint
27-03-2016 22:26:49 System Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® 82852/82855 GM/GME Graphics Controller
Description: Intel® 82852/82855 GM/GME Graphics Controller
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: ialm
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
Name: Intel® 82852/82855 GM/GME Graphics Controller
Description: Intel® 82852/82855 GM/GME Graphics Controller
Class Guid: {4D36E968-E325-11CE-BFC1-08002BE10318}
Manufacturer: Intel Corporation
Service: ialm
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/18/2016 03:35:11 PM) (Source: ESENT) (EventID: 485) (User: )
Description: wuauclt (2524) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log" failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The delete file operation will fail with error -1032 (0xfffffbf8).
 
Error: (03/15/2016 08:42:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application egui.exe, version 7.0.317.0, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x0001b1fa.
Processing media-specific event for [egui.exe!ws!]
 
Error: (03/12/2016 04:49:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mspaint.exe, version 5.1.2600.5918, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/11/2016 08:17:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mspaint.exe, version 5.1.2600.5918, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/06/2016 03:15:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mspaint.exe, version 5.1.2600.5918, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/05/2016 10:28:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SDFiles.exe, version 2.4.40.135, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (02/26/2016 05:16:24 AM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 346866276.
 
Error: (02/26/2016 05:16:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application SDFiles.exe, version 2.4.40.135, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (02/15/2016 07:04:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application chrome.exe, version 48.0.2564.109, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (02/10/2016 04:47:56 AM) (Source: ESENT) (EventID: 455) (User: )
Description: wuaueng.dll (3404) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
 
 
System errors:
=============
Error: (03/28/2016 05:12:17 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Pentium® M processor 1.50GHz
Percentage of memory in use: 38%
Total physical RAM: 2046.21 MB
Available physical RAM: 1256.84 MB
Total Virtual: 3896.75 MB
Available Virtual: 3214.08 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:74.53 GB) (Free:15.67 GB) NTFS ==>[drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 94E494E4)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#18
dowsp
Posted 27 March 2016 - 11:17 AM

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts

I found two graphics files from Dell...one is Intel.. I assume thats th best option....upon downloading it..I am not sure 

if it will over ride the faulty one...Upon trying, it did not do so..and asked to save the file in a folder it wanted to create..

 

If I do that it may then detect the file and use that instead of the faulty one...but I am not really sure..

 

On trying again, It did create its own folder to save the file..but then it came up to be installed..and on doing so it detected the other graphics file and said that was a newer version than the one I was uploading...

 

Maybe I should search elsewhere for a newer one..

 

the thing is my computer is now quite old..

 

On looking elsewhere on the link you suggested..

 
 

the 1st option shows this which is from 2006..But there are others that seem available that are shown as 2012..

 

UPDATE...I JUSt tried to download and  install this one but I got an error message saying it would not work on my computer.

 

Intel® Graphics Media Accelerator Driver for Windows* XP (exe)
Version: 14.19.50 (Latest)Date: 2/8/2006

 

but there is another link on that page  link that shows other options and they are from 2012.

 

https://downloadcent...ntroller-Family

 

I am not really sure which one of these to select..

 

from the options for windows xp..

 

There  is one that is exe file, another winzip file and one that says for developers and another not to be 

used with 3rd party graphics.(.that one  don't make sense to me.).

 

I suspect that the exe or winzip is the best ones..they are from 2012..

 

I think if it is not seen at the moment as being too serious...I may hang on to the graphics driver that I have for now.....

 

http://www.dell.com/...on-510m/drivers

 

 

Intel Extreme Graphics 855 GM, v.6.14.10.4363, A12
 
Graphics driver for Intel 855GM/GME systems
 View details
File Name: R105909.EXE
 
 
 
Description: Hard-Drive (4.92 MB)
 
 
 
Version: 6.14.10.4363 ,A12
 
 
 
 
 
CyberLink PowerDVD 5, v.PDVD 5.1.0708 Patch, A03  View details
File Name: R80551.EXE
 
 
 
Description: Hard-Drive (3.59 MB)
 
 
 
Version: PDVD 5.1.0708 Patch ,A03

Edited by dowsp, 27 March 2016 - 01:08 PM.

  • 0

#19
dowsp
Posted 27 March 2016 - 01:25 PM

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts

Can I just check.... It seems my history files have also been deleted..which I did not really want to loose.

 

Is there any way to restore that back ? as well as my log in details...

 

As I said... normally I just delete cache..

 

I deleted similar once before.on geekstogo..and someone did use a program that deleted the temp files and some other

files that my normal delete temp files did not remove...but it left all the history and cookies etc alone....

 

If it is possible to restore...I would prefer that if possible..

 

I was able to log into yahoo ok..

 

but when I want to go to yahoo.com the USA site..

 

as I am in the U.K... it now takes me to https://uk.yahoo.com/?p=us

which is the same almost  as yahoo.co .uk

 

When they made changes this was what happened but I did manage somehow to get back to be able 

to stay on yahoo .com   I think it was down to the cookies..

 

as otherwise It seems very hard for me to find how to be able to access the real US yahoo site..

 

When I try it just keeps going back to this url........https://uk.yahoo.com/?p=us 

 

In the uk we used to use yahoo.co .uk.....now they give https://uk.yahoo.com

 

then we can select other countries but only as UK versions , but they show them with (eng) 

on the selection..see below in red as an eg..

 

but that is NOT the real USA yahoo website..that somehow I had managed to obtain prior to 

loosing the history just now....

North America)

I cannot select  the USA version of  yahoo .com in this UK USA website either..

 

https://uk.yahoo.com/?p=us 

 

its as if yahoo don't want the UK to be able to view the real USA version..and I prefer the real 

USA version for certain things.

 

 

what is weird is I can do a google search for yahoo.com and there are some links..

 

clicking on the yahoo .com one still takes me to the UK USA version..

 

but if I click on this..

 

https://www.yahoo.com/news/ this takes me to the USA version..but only the newspage ..

I KNOW it is the USA version as it shows certain things different to the UK version..

such as circular images and certain logs and icons on certain parts of the page..

 

IF I select the home page on that page...it still takes me back to the USA UK version.


Edited by dowsp, 27 March 2016 - 01:46 PM.

  • 0

#20
RKinner
Posted 27 March 2016 - 02:09 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Don't think there is a way to get back the temp files and such.

 

Try changing your dns server to 

 
64.6.64.6

https://www.opennicp...indows-xpvista/

 

See if that let's you get to yahoo.com 

 

Your graphic driver appears defective.  

 

Right click on My Computer and select Manage then Device Manager.  View, Show Hidden Devices.  You should see a yellow flag next to any that aren't working.  Sometimes just right clicking and uninstalling a defective driver and rebooting will allow XP to reinstall it correctly..

 

Perhaps you can overwrite it with the older version and get it to work.


  • 0

#21
dowsp
Posted 28 March 2016 - 10:15 AM

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts

Don't think there is a way to get back the temp files and such.

 

Try changing your dns server to 

 
64.6.64.6

https://www.opennicp...indows-xpvista/

 

See if that let's you get to yahoo.com 

 

Your graphic driver appears defective.  

 

Right click on My Computer and select Manage then Device Manager.  View, Show Hidden Devices.  You should see a yellow flag next to any that aren't working.  Sometimes just right clicking and uninstalling a defective driver and rebooting will allow XP to reinstall it correctly..

 

Perhaps you can overwrite it with the older version and get it to work.

It is Most unfortunate if there is no way to get back the deleted files that I wanted to keep..(History / cookies logins)

 

Can I ask is it possible to go back to a restore point ? In the past when someone has helped me I think they usually had a way to create a restore point...or there was someway in my computer to obtain it.

 

even if so.. it maybe that those files will still be missing...But I maybe prepared to give it a try...

 

With ref to the yahoo site... I may try what you suggested..BUT what I find a bit annoying is that I had this problem 

once before and somehow managed to find a way to get it to work..but cannot recall how !

 

With ref to the graphics card...Its a bit of a tough one... yes in device manager it the graphics are shown to be yellow..IT shows TWO same descriptions for what seems the same Graphics controller..

 

It maybe that if I try the older version that it may work ok..

 

IF I WAS TO CHANCE UNINSTALLING 1 or 2 of them...when you say it may allow XP to be able to reboot back up.. I assume you mean.. that It will uninstall the Graphic controller.. and that may then make it ok to reinstall...or upload another one....BUT IS THERE A WAY that I can save the existing one / Graphics controller File / driver  that I have and then try and reupload that again....so its the same one exactly being attempted to be uploaded again, to see if it may somehow work when reinstalled..

 

I may not have the EXISTING drive on a CD or DVD...and im not sure that I can obtain the exact same one online elsewhere...  

 

or are you thinking that the one Upload  that I tried to upload yesterday, but it would not do so, or it  failed to override my existing one... ARE you suggesting that may now work, once I have removed my existing Graphics controller ???

 

IF I attempt to delete my existing version and then then try to replace it..with another of the optional upload that I referred to.  then I have to hope it works otherwise the computer may not work...or be un functional graphically wise..

 

One weird thing that just happened...I went on a website and since doing so.. some strange things have happened on my computer..

 

1)  when I go onto my google page...I can see 3 items above that are my favourite listings that go across the top of the screen horizontally... and at the end of each of those 3 descriptions of those websites... the last few letters are Faded out..I once had this before and it was found to be a virus.

 

2) the other very weird thing is when I tried to save a screen shot into the Windows " Paint " program screen shot saver..is that when I tried to save it to one of my folders.... 1) the Folder descriptive wordings has disappeared..and 2) when I tried to save it... the picture that I had placed into "Paint" would not stay....it kept disappearing...

 

I then later tried another screen shot for another screen shot that I am posting as an attachment to show you the google page that I refer to..that was able to save ok this time without the image disappearing...I was then able  to draw a red line pointing to the things I want to point out....BUT trying to draw the lines would NOT work in the way I wanted to do ..and had done many times in the past with no problems..   The Red lines would only work at or to certain places on that page...where as normally you can create a line from any one point to another..anywhere on the page...

 

It was if something was controlling it.. I hope that I am not being targeted by someone trying to control my computer.

 

Just before I uploaded the attachmment..I tried to add in some printed description..to explain the screen shot...but this time I was able to draw another line OK..so Im not sure what had been happening..maybe just a glitch...but the wording is still faded on the googles page...as shown in the bitmap image.

Attached Files


Edited by dowsp, 28 March 2016 - 10:44 AM.

  • 0

#22
RKinner
Posted 28 March 2016 - 10:16 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

I doubt that system restore cares about cookies and such.  You can try it if you want.  

 

If you have two graphics drivers installed then it's going to get confused.  Uninstalling them should not be a problem as long as you don't tell it to remove the files.   Windows will reinstall one when it reboots.  If it fails then it should still work in VGA (low resolution mode) mode  The one that said it was older should work so you have a fall back.

 

Paint depends on the video/graphics driver to work.  We know it's broken.


  • 0

#23
dowsp
Posted 29 March 2016 - 08:03 AM

dowsp

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 542 posts

I doubt that system restore cares about cookies and such.  You can try it if you want.  

 

If you have two graphics drivers installed then it's going to get confused.  Uninstalling them should not be a problem as long as you don't tell it to remove the files.   Windows will reinstall one when it reboots.  If it fails then it should still work in VGA (low resolution mode) mode  The one that said it was older should work so you have a fall back.

 

Paint depends on the video/graphics driver to work.  We know it's broken.

 

Many thanks for your feedback.

 

With ref to restore.. On a quick search..

 

I found one article that suggested that you cannot restore cookies once they had been deleted.

 

I did find another article that suggests that it can be possible to restore history..but there seems 

different ways for various browsers,but I didnt find anything with ref to Google Chrome.

 

Some suggestions indicated system restore may work but others said that  it maybe best to use some

special software.  I will have to relook into that...

 

This also gives some info on the restore for various deleted things..maybe it says different ..

 

 

 

Nothing is ever deleted on a computer. Even though delete functions exist the data still remains somewhere in the computer, whether on the hard drive or in obscure files tucked away deep in the operating system. Recovering deleted internet history is quite straightforward if you know what you’re doing. And if you do want to know what you’re doing, read on. 

 

http://www.bullguard...ata-easily.html

 

http://www.wikihow.com/View-Cookies

 

 

 

When I uninstall the Graphic controller. I assume I dont delete from device manager..

When I look in control panel add and remove programs..Its listed as "Intel Extreme Graphics driver 2"  

and there is only one option to remove..There is however a click here for tech info and it then shows an

option to repair if the device is not working.  This may just be a re upload to override.. or do you think 

it may do something else.

 

Im a bit confused when you say dont tell it to remove the files... I thought that by uninstalling that was the files.

or are there two separate ones involved..

 

..if there are options to not remove the files..or are they hidden separate in Windows..

 

was one from a driver installed by a CD and another file within windows that installs it..

 

 

 

Uninstalling them should not be a problem as long as you don't tell it to remove the files.   Windows will reinstall one when it reboots.

Edited by dowsp, 29 March 2016 - 08:17 AM.

  • 0

#24
RKinner
Posted 29 March 2016 - 09:10 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

If you uninstall a driver from Device Manager you usually get asked if you want to remove the files.  That's when you should say no.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP