Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

XP slowed down


  • This topic is locked This topic is locked

#1
Pearlcatdesign

Pearlcatdesign

    Member

  • Member
  • PipPip
  • 80 posts

I have an XP and it has gotten really slow and I keep getting 'stop script' screens. Here are the FRST screens. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-05-2016
Ran by Milisa (administrator) on DONA (08-05-2016 11:41:04)
Running from C:\Documents and Settings\Milisa\Desktop
Loaded Profiles: Milisa (Available Profiles: Milisa & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\WINDOWS\system32\escsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(CloudCanvas) C:\Program Files\CloudCanvas\CloudCanvas.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-06-10] (InstallShield Software Corporation)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1065968 2015-07-23] (SEIKO EPSON CORPORATION)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-2814364803-843946100-1677762924-1008\...\Run: [CloudCanvas] => C:\Program Files\CloudCanvas\CloudCanvas.exe [138752 2012-04-17] (CloudCanvas)
HKU\S-1-5-21-2814364803-843946100-1677762924-1008\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-2814364803-843946100-1677762924-1008\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssmypics.scr [47104 2008-04-13] (Microsoft Corporation)
ShellExecuteHooks:  - {56F9679E-7826-4C84-81F3-532071A8BCC5} -  No File [ ]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [.DEFAULT] => ftp=192.168.0.1:23;http=192.168.0.1:80
AutoConfigURL: [.DEFAULT] => ftp=192.168.0.1:23;http=192.168.0.1:80
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{FF40CF62-29EF-4D53-8605-8CFDC1B2D6BA}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2814364803-843946100-1677762924-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2814364803-843946100-1677762924-1008\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2814364803-843946100-1677762924-1008\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL =
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2814364803-843946100-1677762924-1008 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2814364803-843946100-1677762924-1008 -> {55BF085E-B9D8-4A5A-A701-9B6A3A79C28D} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US0D20150405&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2814364803-843946100-1677762924-1008 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-2814364803-843946100-1677762924-1008 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKU\S-1-5-21-2814364803-843946100-1677762924-1008 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-05] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Intern

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Milisa\Application Data\Mozilla\Firefox\Profiles\tat9zqy3.default-1441292214421
FF NewTab: about:newtab
FF DefaultSearchEngine: Yahoo
FF DefaultSearchEngine.US: Findwide Search Engine
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxps://duckduckgo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF SearchPlugin: C:\Documents and Settings\Milisa\Application Data\Mozilla\Firefox\Profiles\tat9zqy3.default-1441292214421\searchplugins\googletranslate.xml [2015-11-11]
FF Extension: Pin It button - C:\Documents and Settings\Milisa\Application Data\Mozilla\Firefox\Profiles\tat9zqy3.default-1441292214421\Extensions\[email protected] [2015-09-15]
FF Extension: Findwide Search Engine - C:\Documents and Settings\Milisa\Application Data\Mozilla\Firefox\Profiles\tat9zqy3.default-1441292214421\Extensions\{58d735b4-9d6c-4e37-b146-7b9f7e79e318}.xpi [2016-05-05]

Opera:
=======
StartMenuInternet: (HKLM) Opera.exe - blank

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577008 2014-11-04] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
R2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed]
S4 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
S3 LPDSVC; C:\WINDOWS\system32\tcpsvcs.exe [19456 2004-08-04] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44544 2008-12-04] (Hewlett-Packard) [File not signed]
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel® Corporation) [File not signed]
R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2008-12-04] (Hewlett-Packard) [File not signed]
R2 RpcSs; C:\WINDOWS\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) [File not signed]
S2 WSearch; C:\WINDOWS\system32\SearchIndexer.exe [439808 2008-05-27] (Microsoft Corporation) [File not signed]
S4 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
S3 aswTap; C:\WINDOWS\System32\DRIVERS\aswTap.sys [35144 2016-01-30] (The OpenVPN Project)
R3 E100B; C:\WINDOWS\System32\DRIVERS\e100b325.sys [154112 2004-02-10] (Intel Corporation) [File not signed]
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
R3 HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [212224 2003-11-17] (Conexant Systems, Inc.) [File not signed]
R3 HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [1042432 2003-11-17] (Conexant Systems, Inc.) [File not signed]
R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
R2 mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [11043 2003-04-09] (Conexant) [File not signed]
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) [File not signed]
S3 Pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [47360 2009-11-19] (VSO Software) [File not signed]
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44384 2008-01-06] (Acronis)
S3 usbaudio; C:\WINDOWS\System32\drivers\usbaudio.sys [60160 2013-07-16] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Microsoft Corporation) [File not signed]
R3 winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [680704 2003-11-17] (Conexant Systems, Inc.) [File not signed]
S2 adfs; no ImagePath
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh5.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\Milisa\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 NPF; system32\DRIVERS\npf.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; no ImagePath
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-08 11:41 - 2016-05-08 11:41 - 00013434 _____ C:\Documents and Settings\Milisa\Desktop\FRST.txt
2016-05-08 11:40 - 2016-05-08 11:41 - 00000000 ____D C:\FRST
2016-05-08 11:39 - 2016-05-08 11:39 - 01730048 _____ (Farbar) C:\Documents and Settings\Milisa\Desktop\FRST.exe
2016-05-08 11:19 - 2016-05-08 11:19 - 04759456 _____ (LionSea Software co., ltd ) C:\Documents and Settings\Milisa\Desktop\setup.exe
2016-05-07 14:49 - 2016-05-07 14:49 - 00009728 _____ C:\Documents and Settings\Milisa\My Documents\dead sea rewrite.wps
2016-05-07 14:21 - 2016-05-07 14:21 - 00091839 _____ C:\Documents and Settings\Milisa\Desktop\FedEx%20Ship%20Manager%20-%20Print%20Your%20Label(s)(4).pdf
2016-05-07 14:03 - 2016-05-07 14:03 - 00091839 _____ C:\Documents and Settings\Milisa\Desktop\FedEx%20Ship%20Manager%20-%20Print%20Your%20Label(s).pdf
2016-05-06 22:52 - 2016-05-06 22:53 - 22851472 _____ (Malwarebytes ) C:\Documents and Settings\Milisa\Desktop\mbam-setup-2.2.1.1043.exe
2016-05-06 08:44 - 2016-05-08 09:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-05-05 19:17 - 2016-05-05 19:17 - 00001569 _____ C:\Documents and Settings\Milisa\.recently-used.xbel
2016-05-05 18:56 - 2016-05-05 18:56 - 00000000 ____D C:\Documents and Settings\Milisa\My Documents\gegl-0.0
2016-05-04 19:01 - 2016-05-04 19:01 - 00000000 ____D C:\Documents and Settings\Milisa\My Documents\Updater5
2016-05-04 17:19 - 2016-05-07 19:54 - 00012800 _____ C:\Documents and Settings\Milisa\My Documents\inflammatory stage.wps
2016-05-01 14:19 - 2016-05-01 19:09 - 00000000 ____D C:\Documents and Settings\Milisa\Local Settings\Application Data\Polaroid Instant Memories
2016-05-01 14:19 - 2016-05-01 19:07 - 00000000 ____D C:\Documents and Settings\Milisa\Application Data\vlc
2016-05-01 14:18 - 2016-05-01 14:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Polaroid
2016-05-01 14:18 - 2016-05-01 14:18 - 00000000 ____D C:\Program Files\ffdshow
2016-05-01 14:18 - 2016-05-01 14:18 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ffdshow
2016-05-01 14:18 - 2008-12-17 19:22 - 00057344 _____ C:\WINDOWS\system32\ff_vfw.dll
2016-05-01 14:18 - 2008-12-11 13:27 - 00000547 _____ C:\WINDOWS\system32\ff_vfw.dll.manifest
2016-05-01 14:18 - 2008-12-11 13:26 - 00060273 _____ (Open Source Software community project) C:\WINDOWS\system32\pthreadGC2.dll
2016-04-30 15:23 - 2016-04-30 19:44 - 00009728 _____ C:\Documents and Settings\Milisa\My Documents\date site letter.wps
2016-04-30 13:11 - 2016-04-30 13:11 - 00018944 _____ C:\Documents and Settings\Milisa\My Documents\[bleep]ing americans.wps
2016-04-21 19:10 - 2016-04-21 19:10 - 00018944 _____ C:\Documents and Settings\Milisa\My Documents\paypaljava.wps
2016-04-14 17:20 - 2016-04-14 17:20 - 00010240 _____ C:\Documents and Settings\Milisa\My Documents\expat notes.wps

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-08 11:41 - 2011-07-06 10:55 - 00000000 ____D C:\Documents and Settings\Milisa\Local Settings\Temp
2016-05-08 11:38 - 2011-04-08 13:51 - 00000424 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{3FC32BFE-2D0E-4558-B1AC-B97DECCA73A5}.job
2016-05-08 11:32 - 2015-08-17 20:32 - 00000917 _____ C:\WINDOWS\Tasks\EPSON XP-410 Series Update {1021F97F-E103-44FB-B493-B45A6521AC55}.job
2016-05-08 11:32 - 2015-08-17 20:32 - 00000731 _____ C:\WINDOWS\Tasks\EPSON XP-410 Series Invitation {1021F97F-E103-44FB-B493-B45A6521AC55}.job
2016-05-08 11:18 - 2004-08-10 14:08 - 00032378 _____ C:\WINDOWS\SchedLgU.Txt
2016-05-08 10:58 - 2015-09-01 13:52 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-08 10:24 - 2009-11-07 15:33 - 00000000 ___RD C:\Documents and Settings\Milisa\My Documents\My Pictures
2016-05-08 10:00 - 2016-02-13 16:28 - 00000434 _____ C:\WINDOWS\Tasks\At4.job
2016-05-08 09:29 - 2016-02-25 17:03 - 00000472 _____ C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job
2016-05-08 09:29 - 2004-08-10 14:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-08 09:29 - 2004-08-10 13:51 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-05-07 19:56 - 2009-11-07 15:33 - 00000278 ___SH C:\Documents and Settings\Milisa\ntuser.ini
2016-05-07 19:54 - 2011-07-06 12:38 - 00025898 _____ C:\Documents and Settings\Milisa\Application Data\wklnhst.dat
2016-05-07 16:00 - 2016-02-13 16:28 - 00000434 _____ C:\WINDOWS\Tasks\At5.job
2016-05-07 15:19 - 2014-07-04 17:10 - 00000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-05-07 14:52 - 2015-07-18 17:39 - 00009216 _____ C:\Documents and Settings\Milisa\My Documents\ablog shallow deep.wps
2016-05-07 14:49 - 2009-11-07 15:33 - 00000000 ___RD C:\Documents and Settings\Milisa\My Documents
2016-05-07 14:00 - 2016-02-13 16:28 - 00000434 _____ C:\WINDOWS\Tasks\At2.job
2016-05-07 13:22 - 2014-10-03 21:54 - 00000000 ____D C:\Documents and Settings\Milisa\Local Settings\Application Data\Adobe
2016-05-07 13:22 - 2007-11-16 12:13 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-05-07 13:22 - 2007-11-16 12:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2016-05-07 13:22 - 2006-09-07 14:07 - 00000000 ____D C:\Program Files\Adobe
2016-05-07 12:00 - 2016-02-13 16:28 - 00000434 _____ C:\WINDOWS\Tasks\At1.job
2016-05-07 00:55 - 2010-04-15 03:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB978338$
2016-05-06 22:59 - 2006-09-07 13:48 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-05-06 22:57 - 2016-01-02 22:03 - 00135774 _____ C:\WINDOWS\ntbtlog.txt
2016-05-06 22:44 - 2009-12-11 18:12 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2016-05-06 22:09 - 2015-12-25 16:19 - 00001891 _____ C:\WINDOWS\imsins.BAK
2016-05-06 22:05 - 2004-08-10 13:52 - 00000000 ___HD C:\WINDOWS\inf
2016-05-06 20:00 - 2016-02-13 16:28 - 00000434 _____ C:\WINDOWS\Tasks\At7.job
2016-05-06 10:29 - 2015-07-18 16:38 - 00010752 _____ C:\Documents and Settings\Milisa\My Documents\ablog the dead sea.wps
2016-05-06 10:22 - 2015-07-18 17:04 - 00013824 _____ C:\Documents and Settings\Milisa\My Documents\ablog sad.wps
2016-05-06 08:00 - 2016-02-13 16:28 - 00000434 _____ C:\WINDOWS\Tasks\At3.job
2016-05-05 22:00 - 2016-02-13 16:28 - 00000434 _____ C:\WINDOWS\Tasks\At8.job
2016-05-05 19:17 - 2011-04-16 18:27 - 00000000 ____D C:\Documents and Settings\Milisa\Application Data\gtk-2.0
2016-05-05 19:17 - 2011-04-16 18:22 - 00000000 ____D C:\Documents and Settings\Milisa\.gimp-2.6
2016-05-05 19:17 - 2009-11-07 15:33 - 00000000 ____D C:\Documents and Settings\Milisa
2016-05-04 18:00 - 2016-02-25 17:04 - 00000446 _____ C:\WINDOWS\Tasks\ParetoLogic Registration3.job
2016-05-04 18:00 - 2016-02-13 16:28 - 00000434 _____ C:\WINDOWS\Tasks\At6.job
2016-05-01 15:08 - 2009-11-07 20:05 - 00000000 ___RD C:\Documents and Settings\Milisa\My Documents\My Videos
2016-04-14 17:19 - 2016-01-17 21:47 - 00009728 _____ C:\Documents and Settings\Milisa\My Documents\[bleep].wps
2016-04-13 13:43 - 2014-07-04 13:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 13:43 - 2006-09-17 00:08 - 132539272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-10 01:02 - 2016-02-25 17:03 - 00000420 _____ C:\WINDOWS\Tasks\ParetoLogic Update Version3.job

==================== Files in the root of some directories =======

2016-02-23 13:35 - 2016-02-23 13:39 - 0000053 ____C () C:\Documents and Settings\Milisa\Application Data\LogFile.txt
2010-06-10 15:59 - 2010-12-10 19:57 - 0002555 ____C () C:\Documents and Settings\Milisa\Application Data\SAS7_000.DAT
2011-07-06 12:38 - 2016-05-07 19:54 - 0025898 _____ () C:\Documents and Settings\Milisa\Application Data\wklnhst.dat
2010-03-09 19:07 - 2014-12-31 12:35 - 0008704 ____C () C:\Documents and Settings\Milisa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-11-22 05:47 - 2015-08-31 23:32 - 0089172 ____C () C:\Documents and Settings\Milisa\Local Settings\Application Data\FASTWiz.log
2009-11-07 15:33 - 2006-09-07 14:13 - 0000128 ____C () C:\Documents and Settings\Milisa\Local Settings\Application Data\fusioncache.dat
2007-08-01 00:03 - 2009-11-15 16:54 - 0001755 ____C () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job


Some files in TEMP:
====================
C:\Documents and Settings\Milisa\Local Settings\Temp\HubManager.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\dnsapi.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-05-2016
Ran by Milisa (2016-05-08 11:42:30)
Running from C:\Documents and Settings\Milisa\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2006-09-16 21:06:15)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2814364803-843946100-1677762924-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Guest (S-1-5-21-2814364803-843946100-1677762924-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-2814364803-843946100-1677762924-1006 - Limited - Disabled)
Milisa (S-1-5-21-2814364803-843946100-1677762924-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Milisa
SUPPORT_388945a0 (S-1-5-21-2814364803-843946100-1677762924-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
Dell CinePlayer (HKLM\...\{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}) (Version: 3.0 - Dell)
Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
Dell System Detect (HKU\S-1-5-21-2814364803-843946100-1677762924-1008\...\58d94f3ce2c27db0) (Version: 6.12.0.5 - Dell)
Dell System Restore (HKLM\...\{74F7662C-B1DB-489E-A8AC-07A06B24978B}) (Version: 2.00.0000 - Dell Inc.)
Digital Content Portal (HKLM\...\{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}) (Version: 1.00.0000 - Dell)
EducateU (HKLM\...\{A683A2C0-821C-486F-858C-FA634DB5E864}) (Version: 1.00.0000 - Dell)
ELIcon (Version: 1.00.0000 - Dell) Hidden
EPSON Connect version 1.0 (HKLM\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.7.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{17FA0444-A025-43B9-862C-81AE6307C2F2}) (Version: 3.10.0050 - Seiko Epson Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-410 Series Printer Uninstall (HKLM\...\EPSON XP-410 Series) (Version:  - SEIKO EPSON Corporation)
Epson XP-410 User's Guide version 1.0 (HKLM\...\UsersGuideEpson XP-410 User's Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4299 - )
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
Intel® PROSet for Wired Connections (HKLM\...\{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}) (Version: 8.00.5000 - Dell)
MCU (Version: 1.00.0000 - Dell) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM\...\{91110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation)
Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM\...\WMV9_VCM) (Version:  - )
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 46.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PrintMaster Gold 3.00 (HKLM\...\PrintMaster Gold 3.00) (Version:  - )
SAMSUNG SYMBIAN USB Download Driver (HKLM\...\{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}) (Version: 1.1.808.7165 - SAMSUNG Electronics CO,.LTD)
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Software Updater (HKLM\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebCyberCoach 3.2 Dell (HKLM\...\WebCyberCoach_wtrb) (Version:  - )
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At2.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At3.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At4.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At5.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At6.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At7.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At8.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\EPSON XP-410 Series Invitation {1021F97F-E103-44FB-B493-B45A6521AC55}.job => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FTSLAE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-410 Series Update {1021F97F-E103-44FB-B493-B45A6521AC55}.job => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FTSLAE.EXE:/EXE:{1021F97F-E103-44FB-B493-B45A6521AC55} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => C:\WINDOWS\system32\rundll32.exeAC:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1457541863.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{3FC32BFE-2D0E-4558-B1AC-B97DECCA73A5}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2004-08-10 13:51 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:15D5AA51 [124]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 [220]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD [149]
AlternateDataStreams: C:\Documents and Settings\Milisa\My Documents\Files named ablog jemima and hitler .fnd:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2814364803-843946100-1677762924-1008\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-10 13:51 - 2016-02-15 14:07 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2814364803-843946100-1677762924-1008\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Milisa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 209.18.47.61 - 209.18.47.62
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\EPSON Software\Event Manager\EEventManager.exe] => Enabled:EEventManager Application
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)

==================== Restore Points =========================

22-02-2016 17:05:47 Reimage Express Restore Point
23-02-2016 18:17:04 System Checkpoint
24-02-2016 22:09:09 System Checkpoint
27-02-2016 15:29:27 System Checkpoint
02-03-2016 02:16:48 System Checkpoint
03-03-2016 20:01:20 System Checkpoint
04-03-2016 23:44:57 System Checkpoint
07-03-2016 13:09:20 System Checkpoint
08-03-2016 13:18:26 System Checkpoint
09-03-2016 01:33:36 Restore Operation
09-03-2016 12:43:14 Installed Windows XP Wdf01009.
09-03-2016 13:02:17 Restore Operation
09-03-2016 13:15:49 Software Distribution Service 3.0
10-03-2016 13:29:11 System Checkpoint
10-03-2016 19:00:28 Installed Windows XP Wdf01009.
10-03-2016 19:26:21 Installed Windows XP Wdf01009.
11-03-2016 21:51:19 System Checkpoint
14-03-2016 12:59:27 System Checkpoint
15-03-2016 13:43:39 System Checkpoint
16-03-2016 15:03:19 System Checkpoint
18-03-2016 16:51:03 System Checkpoint
19-03-2016 14:16:03 Restore Operation
21-03-2016 13:29:24 System Checkpoint
22-03-2016 14:16:16 System Checkpoint
29-03-2016 11:48:53 System Checkpoint
30-03-2016 18:16:17 System Checkpoint
03-04-2016 15:09:16 System Checkpoint
06-04-2016 12:28:29 System Checkpoint
09-04-2016 11:15:39 System Checkpoint
11-04-2016 13:36:57 System Checkpoint
12-04-2016 13:52:23 System Checkpoint
13-04-2016 13:42:57 Software Distribution Service 3.0
16-04-2016 11:44:09 System Checkpoint
19-04-2016 11:38:57 System Checkpoint
20-04-2016 14:28:38 System Checkpoint
21-04-2016 16:31:46 System Checkpoint
26-04-2016 22:04:39 System Checkpoint
27-04-2016 22:27:28 System Checkpoint
29-04-2016 13:03:16 System Checkpoint
01-05-2016 14:42:41 System Checkpoint
02-05-2016 21:10:41 System Checkpoint
03-05-2016 22:29:38 System Checkpoint
06-05-2016 22:05:30 Installed Adobe Reader 8
07-05-2016 13:22:27 Removed Adobe Reader 8

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/08/2016 11:41:25 AM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: This operation returned because the timeout period expired.

Error: (05/07/2016 01:25:11 PM) (Source: CardSpace 3.0.0.0) (EventID: 269) (User: NT AUTHORITY)
Description: The Windows CardSpace service is too busy to process this request.
User has too many outstanding requests.



Additional Information:
   at System.Environment.GetStackTrace(Exception e, Boolean needFileInfo)
   at System.Environment.get_StackTrace()
   at Microsoft.InfoCards.Diagnostics.InfoCardTrace.BuildMessage(InfoCardBaseException ie)
   at Microsoft.InfoCards.Diagnostics.InfoCardTrace.TraceAndLogException(Exception e)
   at Microsoft.InfoCards.Diagnostics.InfoCardTrace.ThrowHelperError(Exception e)
   at Microsoft.InfoCards.UIAgentMonitor.AddNewClient(UIAgentMonitorHandle handle)
   at Microsoft.InfoCards.UIAgentMonitorHandle.CreateAgent(Int32 callerPid, WindowsIdentity callerIdentity, Int32 tsSessionId)
   at Microsoft.InfoCards.RequestFactory.CreateClientRequestInstance(UIAgentMonitorHandle monitorHandle, String reqName, IntPtr rpcHandle, Stream inStream, Stream outStream)
   at Microsoft.InfoCards.RequestFactory.ProcessNewRequest(Int32 parentRequestHandle, IntPtr rpcHandle, IntPtr inArgs, IntPtr& outArgs)

Error: (05/07/2016 01:25:11 PM) (Source: CardSpace 3.0.0.0) (EventID: 269) (User: NT AUTHORITY)
Description: The Windows CardSpace service is too busy to process this request.
User has too many outstanding requests.



Additional Information:
   at System.Environment.GetStackTrace(Exception e, Boolean needFileInfo)
   at System.Environment.get_StackTrace()
   at Microsoft.InfoCards.Diagnostics.InfoCardTrace.BuildMessage(InfoCardBaseException ie)
   at Microsoft.InfoCards.Diagnostics.InfoCardTrace.TraceAndLogException(Exception e)
   at Microsoft.InfoCards.Diagnostics.InfoCardTrace.ThrowHelperError(Exception e)
   at Microsoft.InfoCards.UIAgentMonitor.AddNewClient(UIAgentMonitorHandle handle)
   at Microsoft.InfoCards.UIAgentMonitorHandle.CreateAgent(Int32 callerPid, WindowsIdentity callerIdentity, Int32 tsSessionId)
   at Microsoft.InfoCards.RequestFactory.CreateClientRequestInstance(UIAgentMonitorHandle monitorHandle, String reqName, IntPtr rpcHandle, Stream inStream, Stream outStream)
   at Microsoft.InfoCards.RequestFactory.ProcessNewRequest(Int32 parentRequestHandle, IntPtr rpcHandle, IntPtr inArgs, IntPtr& outArgs)

Error: (05/07/2016 12:52:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 46.0.1.5966, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/06/2016 11:37:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mbam.exe, version 2.3.173.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/06/2016 08:15:54 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 762636590.

Error: (05/06/2016 08:15:54 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: The specified server cannot perform the requested operation.

Error: (05/06/2016 08:15:54 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download....uthrootseq.txt>with error: This operation returned because the timeout period expired.

Error: (05/06/2016 08:15:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 46.0.1.5966, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/14/2016 11:47:06 AM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 713865802.


System errors:
=============
Error: (05/08/2016 10:00:00 AM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At4.job command failed to start due to the following error:
%%2147942402

Error: (05/08/2016 09:29:57 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error 2147746132 (0x80040154).

Error: (05/08/2016 09:29:57 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Routing and Remote Access service terminated with service-specific error 711 (0x2C7).

Error: (05/08/2016 09:29:57 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error:
%%1058

Error: (05/08/2016 09:29:57 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Alerter service depends on the Workstation service which failed to start because of the following error:
%%1058

Error: (05/08/2016 09:29:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The adfs service failed to start due to the following error:
%%2

Error: (05/07/2016 07:22:42 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error 2147746132 (0x80040154).

Error: (05/07/2016 07:22:42 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Routing and Remote Access service terminated with service-specific error 711 (0x2C7).

Error: (05/07/2016 07:22:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error:
%%1058

Error: (05/07/2016 07:22:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Alerter service depends on the Workstation service which failed to start because of the following error:
%%1058


==================== Memory info ===========================

Processor:  Intel® Celeron® CPU 2.53GHz
Percentage of memory in use: 47%
Total physical RAM: 1277.98 MB
Available physical RAM: 665.21 MB
Total Virtual: 1900.75 MB
Available Virtual: 1475.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:52.71 GB) (Free:25.12 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (COMPAQ) (Fixed) (Total:7.86 GB) (Free:7.86 GB) FAT32
Drive e: (Backup) (Fixed) (Total:18.17 GB) (Free:18.08 GB) NTFS
Drive f: (Kodak_CD-ROM) (CDROM) (Total:0.43 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=52.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.6 GB) - (Type=DB)

========================================================
Disk: 1 (Size: 7.9 GB) (Disk ID: C197C197)
Partition 1: (Active) - (Size=7.9 GB) - (Type=0C)

==================== End of Addition.txt ============================

 

 

 


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)


Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • The report will be saved in the C:\AdwCleaner folder.

    Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.


    In your next reply post;
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log

  • 0

#3
Pearlcatdesign

Pearlcatdesign

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Okay, here is the adware;

 

# AdwCleaner v5.116 - Logfile created 09/05/2016 at 11:52:24
# Updated 09/05/2016 by Xplode
# Database : 2016-05-09.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (X86)
# Username : Milisa - DONA
# Running from : C:\Documents and Settings\Milisa\Desktop\adwcleaner_5.116.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\SparkTrust
[-] Folder Deleted : C:\Documents and Settings\All Users\Documents\Downloaded Installers
[-] Folder Deleted : C:\Program Files\Common Files\ParetoLogic

***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : paretologic registration3
[-] Task Deleted : paretologic update version3
[-] Task Deleted : ParetoLogic Update Version3 Startup Task

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\ieplugin.JQSIEStartDetectorImpl
[-] Key Deleted : HKLM\SOFTWARE\Classes\ieplugin.JQSIEStartDetectorImpl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\uus3url-pl
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{09CFDB88-F9F0-40BA-885E-F47A957D12E6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2B1B440F-A9DB-46E3-ADCF-AA6E08143FB8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F8A4FC32-DDA3-4DD9-8C62-49F778FF630B}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : HKCU\Software\DynConIE
[-] Key Deleted : HKCU\Software\ParetoLogic
[-] Key Deleted : HKCU\Software\Reimage
[-] Key Deleted : HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] Key Deleted : HKCU\Software\systweak
[-] Key Deleted : HKCU\Software\SparkTrust\SparkTrust PC Cleaner Plus
[-] Key Deleted : HKLM\SOFTWARE\ParetoLogic
[-] Key Deleted : HKLM\SOFTWARE\Reimage
[-] Key Deleted : HKLM\SOFTWARE\SmartPCFixer
[-] Key Deleted : HKLM\SOFTWARE\systweak
[-] Key Deleted : HKLM\SOFTWARE\SparkTrust\SparkTrust PC Cleaner Plus
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Reimage Repair

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3774 bytes] - [09/05/2016 11:52:24]
C:\AdwCleaner\AdwCleaner[S1].txt - [4172 bytes] - [09/05/2016 11:47:35]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3920 bytes] ##########
 


  • 0

#4
Pearlcatdesign

Pearlcatdesign

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Here's the junkware one;

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Microsoft Windows XP x86
Ran by Milisa (Administrator) on Mon 05/09/2016 at 12:00:24.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 28

Successfully deleted: C:\Documents and Settings\Milisa\Application Data\drivercure (Folder)
Successfully deleted: C:\Documents and Settings\Milisa\Application Data\sparktrust (Folder)
Successfully deleted: C:\WINDOWS\Tasks\At1.job (Task)
Successfully deleted: C:\WINDOWS\Tasks\At2.job (Task)
Successfully deleted: C:\WINDOWS\Tasks\At3.job (Task)
Successfully deleted: C:\WINDOWS\Tasks\At4.job (Task)
Successfully deleted: C:\WINDOWS\Tasks\At5.job (Task)
Successfully deleted: C:\WINDOWS\Tasks\At6.job (Task)
Successfully deleted: C:\WINDOWS\Tasks\At7.job (Task)
Successfully deleted: C:\WINDOWS\Tasks\At8.job (Task)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\561VWIV9 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\87RJ55IF (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B4MS8G3I (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GF7985I7 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HUMX5HC4 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N4T622ZG (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\T5IRBBHO (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TYCZ7BEB (Temporary Internet Files Folder)
Successfully deleted: C:\Program Files\opensoftwareupdater (Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\561VWIV9 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\87RJ55IF (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B4MS8G3I (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GF7985I7 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HUMX5HC4 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\N4T622ZG (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\T5IRBBHO (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\TYCZ7BEB (Temporary Internet Files Folder)

Deleted the following from C:\Documents and Settings\Milisa\Application Data\Mozilla\Firefox\Profiles\tat9zqy3.default-1441292214421\prefs.js
user_pref(browser.search.defaultenginename.US, Findwide Search Engine);
user_pref(browser.urlbar.suggest.searches, true);
user_pref(extensions.findwide.DownloadUrl, hxxp://mirror.downloadnet306.com/binstallers/BM2/gimp/exe/gimp-2.6.10-i686-setup-1.exe);
user_pref(extensions.findwide.InstallBeginCall, );
user_pref(extensions.findwide.ParamKeyCall, );
user_pref(extensions.findwide.firstRun, false);
user_pref(extensions.findwide.guid, 1a66d951-74fe-2564-be41-8f2d657ba956);
user_pref(extensions.findwide.lastCall, 5/9/2016, 10:37:32 AM);
user_pref(extensions.findwide.sourceid, \n\n\n\n\n\n\n\n\n\n\n\n\n16431);



Registry: 4

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{55BF085E-B9D8-4A5A-A701-9B6A3A79C28D} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{A25AC313-DD19-4238-ACA2-401D6BEE4321} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 05/09/2016 at 12:01:48.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#5
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Download the enclosed Attached File  fixlist.txt   5.79KB   173 downloads file. Save it in the location FRST64 is. Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the location FRST is, (Fixlog.txt). Please post it to your reply.
  • 0

#6
Pearlcatdesign

Pearlcatdesign

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

when I click on that fixlist I get this

 

CloseProcesses:
CreateRestorePoint:
HKLM\...\Policies\Explorer: [NoCDBurning] 0
ShellExecuteHooks:  - {56F9679E-7826-4C84-81F3-532071A8BCC5} -  No File [ ]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyServer: [.DEFAULT] => ftp=192.168.0.1:23;http=192.168.0.1:80
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2814364803-843946100-1677762924-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2814364803-843946100-1677762924-1008\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2814364803-843946100-1677762924-1008\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL =
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2814364803-843946100-1677762924-1008 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2814364803-843946100-1677762924-1008 -> {55BF085E-B9D8-4A5A-A701-9B6A3A79C28D} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US0D20150405&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2814364803-843946100-1677762924-1008 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-2814364803-843946100-1677762924-1008 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google
Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKU\S-1-5-21-2814364803-843946100-1677762924-1008 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
S4 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [X]
S2 adfs; no ImagePath
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh5.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\Milisa\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 NPF; system32\DRIVERS\npf.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; no ImagePath
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
Task: C:\WINDOWS\Tasks\At1.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At2.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At3.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At4.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At5.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At6.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At7.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At8.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => C:\WINDOWS\system32\rundll32.exeAC:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:15D5AA51 [124]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 [220]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD [149]
AlternateDataStreams: C:\Documents and Settings\Milisa\My Documents\Files named ablog jemima and hitler .fnd:{4c8cc155-6c1e-
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:

 

 

It only let me save it to notebook.


  • 0

#7
Pearlcatdesign

Pearlcatdesign

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

This is what keeps popping up before the computer freezes

 

A script on this page may be busy, or it may have stopped responding. You can stop the script now, open the script in the debugger, or let the script continue.

Script: https://s-passets-cache-ak0.pi…js/external-core-1-c54ae669.js:1

 

This happens every time now on pinterest. Then my computer freezes. Sometimes on other sites, but always on pinterest now. Also, I don't have a 64 I have a 32 and that's what I downloaded. FRST


  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Try the fix this way,

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
 
start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Policies\Explorer: [NoCDBurning] 0
ShellExecuteHooks:  - {56F9679E-7826-4C84-81F3-532071A8BCC5} -  No File [ ]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyServer: [.DEFAULT] => ftp=192.168.0.1:23;http=192.168.0.1:80
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2814364803-843946100-1677762924-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2814364803-843946100-1677762924-1008\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2814364803-843946100-1677762924-1008\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL =
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2814364803-843946100-1677762924-1008 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2814364803-843946100-1677762924-1008 -> {55BF085E-B9D8-4A5A-A701-9B6A3A79C28D} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US0D20150405&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2814364803-843946100-1677762924-1008 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-2814364803-843946100-1677762924-1008 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google 
Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKU\S-1-5-21-2814364803-843946100-1677762924-1008 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
S4 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [X]
S2 adfs; no ImagePath
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh5.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\Milisa\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 NPF; system32\DRIVERS\npf.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; no ImagePath
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
Task: C:\WINDOWS\Tasks\At1.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At2.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At3.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At4.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At5.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At6.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At7.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At8.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => C:\WINDOWS\system32\rundll32.exeAC:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:15D5AA51 [124]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 [220]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD [149]
AlternateDataStreams: C:\Documents and Settings\Milisa\My Documents\Files named ablog jemima and hitler .fnd:{4c8cc155-6c1e-
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
CMD: bitsadmin /reset /allusers
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Please reset any browser that you're using see link below to do that:
http://www.howtogeek...fault-settings/
  • 0

#9
Pearlcatdesign

Pearlcatdesign

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Fix result of Farbar Recovery Scan Tool (x86) Version:09-05-2016
Ran by Milisa (2016-05-10 19:28:23) Run:2
Running from C:\Documents and Settings\Milisa\Desktop
Loaded Profiles: Milisa (Available Profiles: Milisa & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Policies\Explorer: [NoCDBurning] 0
ShellExecuteHooks:  - {56F9679E-7826-4C84-81F3-532071A8BCC5} -  No File [ ]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyServer: [.DEFAULT] => ftp=192.168.0.1:23;http=192.168.0.1:80
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2814364803-843946100-1677762924-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2814364803-843946100-1677762924-1008\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2814364803-843946100-1677762924-1008\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL =
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2814364803-843946100-1677762924-1008 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2814364803-843946100-1677762924-1008 -> {55BF085E-B9D8-4A5A-A701-9B6A3A79C28D} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US0D20150405&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2814364803-843946100-1677762924-1008 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-2814364803-843946100-1677762924-1008 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google
Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKU\S-1-5-21-2814364803-843946100-1677762924-1008 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
S4 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [X]
S2 adfs; no ImagePath
S3 BCMH43XX; system32\DRIVERS\bcmwlhigh5.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\Milisa\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S3 NPF; system32\DRIVERS\npf.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; no ImagePath
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
Task: C:\WINDOWS\Tasks\At1.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At2.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At3.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At4.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At5.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At6.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At7.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\At8.job => C:\Documents and Settings\All Users\Application Data\iolo\SCU\scuststr.lnk
Task: C:\WINDOWS\Tasks\ParetoLogic Registration3.job => C:\WINDOWS\system32\rundll32.exeAC:\Program Files\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3.job => C:\Program Files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:15D5AA51 [124]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 [220]
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD [149]
AlternateDataStreams: C:\Documents and Settings\Milisa\My Documents\Files named ablog jemima and hitler .fnd:{4c8cc155-6c1e-
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
CMD: bitsadmin /reset /allusers
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoCDBurning => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{56F9679E-7826-4C84-81F3-532071A8BCC5} => value not found.
HKCR\CLSID\{56F9679E-7826-4C84-81F3-532071A8BCC5} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key not found.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\SOFTWARE\Policies\Google => key not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-2814364803-843946100-1677762924-1008\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value not found.
HKU\S-1-5-21-2814364803-843946100-1677762924-1008\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-2814364803-843946100-1677762924-1008\Software\Microsoft\Internet Explorer\Main\\Search Bar => value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A25AC313-DD19-4238-ACA2-401D6BEE4321} => key not found.
HKCR\CLSID\{A25AC313-DD19-4238-ACA2-401D6BEE4321} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => key not found.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
HKU\S-1-5-21-2814364803-843946100-1677762924-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-2814364803-843946100-1677762924-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{55BF085E-B9D8-4A5A-A701-9B6A3A79C28D} => key not found.
HKCR\CLSID\{55BF085E-B9D8-4A5A-A701-9B6A3A79C28D} => key not found.
HKU\S-1-5-21-2814364803-843946100-1677762924-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => key not found.
HKCR\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => key not found.
HKU\S-1-5-21-2814364803-843946100-1677762924-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
Toolbar\GoogleToolbar_32.dll No File => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2814364803-843946100-1677762924-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
getPlusHelper => service not found.
adfs => service not found.
BCMH43XX => service not found.
cpuz134 => service not found.
NPF => service not found.
pccsmcfd => service not found.
ScsiPort => service not found.
TlntSvr => service not found.
wanatw => service not found.
"C:\Windows\Tasks\At1.job" => not found.
"C:\Windows\Tasks\At2.job" => not found.
"C:\Windows\Tasks\At3.job" => not found.
"C:\Windows\Tasks\At4.job" => not found.
"C:\Windows\Tasks\At5.job" => not found.
"C:\Windows\Tasks\At6.job" => not found.
"C:\Windows\Tasks\At7.job" => not found.
"C:\Windows\Tasks\At8.job" => not found.
C:\WINDOWS\Tasks\At1.job => not found.
C:\WINDOWS\Tasks\At2.job => not found.
C:\WINDOWS\Tasks\At3.job => not found.
C:\WINDOWS\Tasks\At4.job => not found.
C:\WINDOWS\Tasks\At5.job => not found.
C:\WINDOWS\Tasks\At6.job => not found.
C:\WINDOWS\Tasks\At7.job => not found.
C:\WINDOWS\Tasks\At8.job => not found.
C:\WINDOWS\Tasks\ParetoLogic Registration3.job => not found.
C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job => not found.
C:\WINDOWS\Tasks\ParetoLogic Update Version3.job => not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":15D5AA51" ADS not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":DFC5A2B2" ADS not found.
"C:\Documents and Settings\All Users\Application Data\TEMP" => ":F35A93AD" ADS not found.
"C:\Documents and Settings\Milisa\My Documents\Files named ablog jemima and hitler .fnd" => "AlternateDataStreams: C:\Documents and Settings\Milisa\My Documents\Files named ablog jemima and hitler .fnd:{4c8cc155-6c1e-" ADS not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => key not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => key not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => key not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => key not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => key not found.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => key not found.

=========  bitsadmin /reset /allusers =========

'bitsadmin' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========

EmptyTemp: => 150.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 19:29:52 ====


  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
That looks good

Have you reset your browsers

http://www.howtogeek...fault-settings/
  • 0

Advertisements


#11
Pearlcatdesign

Pearlcatdesign

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Yes, I reset browser. I have done everything and still I can't click on more than 3 pictures on pinterest and the stop script issue comes up that I copied and pasted in an earlier email. It gives me three choices; stop script, continue or debug and none of those three do anything but freeze up my computer and cause me to have to go off line and come back on and start over. 

 

Also, is mozilla firefox the best browser? Because they are a pain in the [bleep]. What about Tor and tails?


  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
The best browser is the browser that works for you, there is no best browser so to speak.

I'd like to run one more scan and it takes a long time, start it when your done with the computer for the day and lets see what it shows.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)
NOTE: In some instances if no malware is found there will be no log produced.
  • 0

#13
Pearlcatdesign

Pearlcatdesign

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Oh boy, I've done something wrong. I'll try again. I never saw the option to save. But it only had one virus name and it was 32bit.  


  • 0

#14
Pearlcatdesign

Pearlcatdesign

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

It won't let me do it again. Sorry.


  • 0

#15
Pearlcatdesign

Pearlcatdesign

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Okay, I just downloaded something called YesScript blacklist and so far it seems to be working.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP