Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Error on process

error xp cannot acces

  • Please log in to reply

#1
Gasol

Gasol

    Member

  • Member
  • PipPipPip
  • 153 posts

Hello again.

I discover another problem with my XP.

When I use a program for indexing books and sometimes appear this message: ERROR: Cannot open file "C:\DOCUME~1\B\Locals\Temp\xx.html". The process cannot access the file because it is being used by another process.

It ruins the database because I can't access that input.

Please, tell me how can I fix this problem.

Thank you!


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

See if you can find out what is using the file:

 

http://www.techsuppo...-using-file.htm

 

Obvious possibilities are your anti-virus or your backup software or perhaps your browser..


  • 0

#3
Gasol

Gasol

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

I select the target icon, drag and drop on the window with problem.

It highlighted the program itself, but nothing more.

I don't know how to fix it.

Maybe if I'll kill that process, the program will close.


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Try the second option using Ctrl + F


  • 0

#5
Gasol

Gasol

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts

Hm...

I double clicked again procexp.exe and... my computer restarted. Strange.

I tryied again and use Ctrl + F, but it can't find what I tapped.

I saw that .html error is changing. Had another name and in another places.

Maybe it is a bug, I don't know.


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

    • 0

    #7
    Gasol

    Gasol

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 153 posts

    Must run first AdwCleaner or Junkware Removable Tool?


    Edited by Gasol, 04 July 2016 - 12:00 PM.

    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    Run ADWCleaner first then JRT.  When done create a Process Explorer log as follows:

     

    Run Process Explorer then:
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.

    • 0

    #9
    Gasol

    Gasol

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 153 posts

    Here are the reports:

     

    AdwCleaner:

    # AdwCleaner v5.201 - Logfile created 04/07/2016 at 21:15:54
    # Updated 30/06/2016 by ToolsLib
    # Database : 2016-07-04.1 [Server]
    # Operating system : Microsoft Windows XP Service Pack 2 (X86)
    # Username : Bogdanian - ACASA
    # Running from : E:\AdwCleaner.exe
    # Option : Clean
    # Support : https://toolslib.net/forum

    ***** [ Services ] *****

    [-] Service Deleted : ProtectMonitor
    [-] Service Deleted : YahooAUService

    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    [-] Folder Deleted : C:\Program Files\Mobogenie
    [-] Folder Deleted : C:\Program Files\PCDApp
    [-] Folder Deleted : C:\Program Files\WinZipper
    [-] Folder Deleted : C:\Program Files\Yahoo!\Companion

    ***** [ Files ] *****

    [-] File Deleted : C:\Program Files\Yahoo!\Common\unyt.exe

    ***** [ DLLs ] *****


    ***** [ WMI ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\yt.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
    [-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.001
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.7z
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.arj
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.bz2
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.bzip2
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.cab
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.cpio
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.deb
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.dmg
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.fat
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.gz
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.gzip
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.hfs
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.iso
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lha
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lzh
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lzma
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.ntfs
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.rar
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.rpm
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.squashfs
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.swm
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tar
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.taz
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tbz
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tbz2
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tgz
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tpz
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.txz
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.vhd
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.wim
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.xar
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.xz
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.z
    [-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.zip
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\myway.com
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ieplugin.JQSIEStartDetectorImpl
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ieplugin.JQSIEStartDetectorImpl.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.BrowserHandler
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\yt.CacheLoader
    [-] Key Deleted : HKLM\SOFTWARE\Classes\yt.CacheLoader.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\yt.Clickstream
    [-] Key Deleted : HKLM\SOFTWARE\Classes\yt.Clickstream.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YTHelper
    [-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YTHelper.2
    [-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YToolbarBand
    [-] Key Deleted : HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoSearchAssistant.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBAutoUpdaterAssistant.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBGeneralAssistant.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant
    [-] Key Deleted : HKLM\SOFTWARE\Classes\ytbbroker.YTBSingleInstanceAssistant.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
    [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    [-] Key Deleted : HKCU\Software\Conduit
    [-] Key Deleted : HKCU\Software\Softonic
    [-] Key Deleted : HKCU\Software\Yahoo\Companion
    [-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
    [-] Key Deleted : HKLM\SOFTWARE\Conduit
    [-] Key Deleted : HKLM\SOFTWARE\hdcode
    [-] Key Deleted : HKLM\SOFTWARE\Trymedia Systems
    [-] Key Deleted : HKLM\SOFTWARE\winzipersvc
    [-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
    [-] Key Deleted : HKLM\SOFTWARE\YourFileDownloader
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCData App
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PCData App
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
    [-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\Companion
    [-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\YFriendsBar
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\UpdateChecker
    [-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\QtypeSvc
    [-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WebCakeUpdaterService
    [-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc

    ***** [ Web browsers ] *****


    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [13345 bytes] - [04/07/2016 21:15:54]
    C:\AdwCleaner\AdwCleaner[R0].txt - [10706 bytes] - [23/08/2013 19:14:38]
    C:\AdwCleaner\AdwCleaner[R1].txt - [907 bytes] - [23/08/2013 19:20:06]
    C:\AdwCleaner\AdwCleaner[R2].txt - [1025 bytes] - [24/08/2013 14:20:05]
    C:\AdwCleaner\AdwCleaner[R3].txt - [1086 bytes] - [10/09/2013 18:58:43]
    C:\AdwCleaner\AdwCleaner[S0].txt - [8618 bytes] - [23/08/2013 19:16:28]
    C:\AdwCleaner\AdwCleaner[S1].txt - [14316 bytes] - [23/08/2013 19:21:08]
    C:\AdwCleaner\AdwCleaner[S2].txt - [1148 bytes] - [10/09/2013 18:59:43]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [13931 bytes] ##########

     

     

    JRT:

    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.6 (04.25.2016)
    Operating System: Microsoft Windows XP x86
    Ran by Bogdanian (Administrator) on 04.07.2016 at 21:21:50,84
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 18

    Successfully deleted: C:\Documents and Settings\All Users\Start Menu\Programs\tuneup utilities 2014 (Folder)
    Successfully deleted: C:\Documents and Settings\All Users\Start Menu\Programs\tuneup utilities 2014.lnk (Shortcut)
    Successfully deleted: C:\Documents and Settings\Bogdanian\Application Data\Microsoft\Internet Explorer\Quick Launch\tuneup utilities 2014.lnk (Shortcut)
    Successfully deleted: C:\Documents and Settings\Bogdanian\Application Data\visi_coupon (Folder)
    Successfully deleted: C:\Documents and Settings\Bogdanian\Application Data\yahoocouponaddon (Folder)
    Successfully deleted: C:\Documents and Settings\Bogdanian\Application Data\yourfiledownloader (Folder)
    Successfully deleted: C:\Documents and Settings\Bogdanian\Local Settings\Application Data\genienext (Folder)
    Successfully deleted: C:\Documents and Settings\Bogdanian\Local Settings\Application Data\innovative solutions (Folder)
    Successfully deleted: C:\Documents and Settings\Bogdanian\Local Settings\Application Data\mobogenie (Folder)
    Successfully deleted: C:\Documents and Settings\Bogdanian\My Documents\add-in express (Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4R27IBW9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4XQXS5MJ (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6XO5OPGB (Temporary Internet Files Folder)
    Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\EVGNI7EN (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4R27IBW9 (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4XQXS5MJ (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6XO5OPGB (Temporary Internet Files Folder)
    Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EVGNI7EN (Temporary Internet Files Folder)



    Registry: 1

    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 04.07.2016 at 21:24:52,64
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     

     


    • 0

    #10
    Gasol

    Gasol

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 153 posts

    Now here is the Process Explorer:

     

    Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
    System Idle Process    96.88    0 K    16 K    0            
    procexp.exe    1.56    25.104 K    32.152 K    1448    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
    firefox.exe    1.56    239.528 K    234.576 K    2780    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
    Interrupts    < 0.01    0 K    0 K    n/a    Hardware Interrupts and DPCs        
    wmiprvse.exe        2.304 K    5.968 K    2212    WMI    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    wmiprvse.exe        2.220 K    4.456 K    2160    WMI    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    winlogon.exe        6.188 K    2.988 K    1380    Windows NT Logon Application    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    unsecapp.exe        1.220 K    4.000 K    2068    WMI    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    System        0 K    248 K    4            
    svchost.exe        14.052 K    22.800 K    1988    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    svchost.exe        2.320 K    3.884 K    1200    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    svchost.exe        1.684 K    3.936 K    1812    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    svchost.exe        3.000 K    4.760 K    1712    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    svchost.exe        2.212 K    3.068 K    2032    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    svchost.exe        1.196 K    3.036 K    364    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    svchost.exe        1.332 K    3.524 K    484    Generic Host Process for Win32 Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    spoolsv.exe        3.056 K    4.524 K    924    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    smss.exe        164 K    372 K    980    Windows NT Session Manager    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    services.exe        1.728 K    3.352 K    1456    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    notepad.exe        888 K    3.012 K    4024    Notepad    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    lsass.exe        7.044 K    9.524 K    1468    LSA Shell (Export Version)    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    explorer.exe        23.132 K    31.160 K    2140    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    csrss.exe        1.668 K    3.688 K    1228    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
    avastui.exe        26.660 K    18.016 K    3440    avast! Antivirus    AVAST Software    (Verified) AVAST Software a.s.
    AvastSvc.exe        81.564 K    42.636 K    632    avast! Service    AVAST Software    (Verified) AVAST Software a.s.
    alg.exe        1.060 K    3.256 K    500    Application Layer Gateway Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
     


    • 0

    Advertisements


    #11
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    Looks like you needed AdwCleaner.  Don't know if it will help your problem but you did have some adware.

     

    Process Explorer log looks really good.

     

    Let's look at your event logs:

     

     

     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Double-click VEW.exe
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
     (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
     
     
    Get the free version of Speccy:
     
    http://www.filehippo...download_speccy (Look in the upper right for the Download
    Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
    Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
    File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
    (It will be near the top about 10 lines down.) Save the file.  Attach the file to your next post.  (More Reply Options, Choose File, Open, Attach This File)
     
     
     

    • 0

    #12
    Gasol

    Gasol

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 153 posts

    Event Viewer tool.

    PS: After the first log (for system), PC restart. After that, when I select Application Event Viewer gave an error (something like error 70 line), but then works. Here are the two logs, and Speccy file in attach.

     

    Vino's Event Viewer v01c run on Windows XP in English
    Report run at 04/07/2016 22:25:31

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 04/07/2016 22:23:22
    Type: error Category: 0
    Event: 36876 Source: Schannel
    The certificate received from the remote server has not validated correctly. The error code is 0x80096004. The SSL connection request has failed. The attached data contains the server certificate.

    Log: 'System' Date/Time: 04/07/2016 21:21:59
    Type: error Category: 0
    Event: 7034 Source: Service Control Manager
    The TuneUp Utilities Service service terminated unexpectedly.  It has done this 1 time(s).

    Log: 'System' Date/Time: 04/07/2016 21:21:58
    Type: error Category: 0
    Event: 7034 Source: Service Control Manager
    The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).

    Log: 'System' Date/Time: 04/07/2016 21:21:58
    Type: error Category: 0
    Event: 7034 Source: Service Control Manager
    The NVIDIA Driver Helper Service service terminated unexpectedly.  It has done this 1 time(s).

    Log: 'System' Date/Time: 04/07/2016 21:21:58
    Type: error Category: 0
    Event: 7034 Source: Service Control Manager
    The Machine Debug Manager service terminated unexpectedly.  It has done this 1 time(s).

    Log: 'System' Date/Time: 04/07/2016 21:21:58
    Type: error Category: 0
    Event: 7034 Source: Service Control Manager
    The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).

    Log: 'System' Date/Time: 04/07/2016 21:21:58
    Type: error Category: 0
    Event: 7034 Source: Service Control Manager
    The Creative Service for CDROM Access service terminated unexpectedly.  It has done this 1 time(s).

    Log: 'System' Date/Time: 04/07/2016 21:18:53
    Type: error Category: 0
    Event: 36876 Source: Schannel
    The certificate received from the remote server has not validated correctly. The error code is 0x80096004. The SSL connection request has failed. The attached data contains the server certificate.

    Log: 'System' Date/Time: 04/07/2016 21:16:53
    Type: error Category: 0
    Event: 7000 Source: Service Control Manager
    The Print Spooler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.  

    Log: 'System' Date/Time: 04/07/2016 21:16:53
    Type: error Category: 0
    Event: 7009 Source: Service Control Manager
    Timeout (30000 milliseconds) waiting for the Print Spooler service to connect.

    Log: 'System' Date/Time: 04/07/2016 21:15:54
    Type: error Category: 0
    Event: 7034 Source: Service Control Manager
    The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).

    Log: 'System' Date/Time: 04/07/2016 21:15:54
    Type: error Category: 0
    Event: 7034 Source: Service Control Manager
    The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).

    Log: 'System' Date/Time: 04/07/2016 21:15:53
    Type: error Category: 0
    Event: 7034 Source: Service Control Manager
    The NVIDIA Driver Helper Service service terminated unexpectedly.  It has done this 1 time(s).

    Log: 'System' Date/Time: 04/07/2016 21:15:53
    Type: error Category: 0
    Event: 7034 Source: Service Control Manager
    The Machine Debug Manager service terminated unexpectedly.  It has done this 1 time(s).

    Log: 'System' Date/Time: 04/07/2016 21:15:53
    Type: error Category: 0
    Event: 7034 Source: Service Control Manager
    The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).

    Log: 'System' Date/Time: 04/07/2016 21:15:53
    Type: error Category: 0
    Event: 7034 Source: Service Control Manager
    The Creative Service for CDROM Access service terminated unexpectedly.  It has done this 1 time(s).

    Log: 'System' Date/Time: 04/07/2016 21:15:53
    Type: error Category: 0
    Event: 7031 Source: Service Control Manager
    The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Log: 'System' Date/Time: 04/07/2016 21:10:45
    Type: error Category: 0
    Event: 7034 Source: Service Control Manager
    The TuneUp Utilities Service service terminated unexpectedly.  It has done this 1 time(s).

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 04/07/2016 21:06:30
    Type: warning Category: 0
    Event: 4226 Source: Tcpip
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Log: 'System' Date/Time: 03/07/2016 22:03:35
    Type: warning Category: 2
    Event: 57 Source: Ftdisk
    The system failed to flush data to the transaction log. Corruption may occur.

    Log: 'System' Date/Time: 03/07/2016 21:57:43
    Type: warning Category: 2
    Event: 57 Source: Ftdisk
    The system failed to flush data to the transaction log. Corruption may occur.

    Log: 'System' Date/Time: 03/07/2016 21:00:25
    Type: warning Category: 0
    Event: 4226 Source: Tcpip
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Log: 'System' Date/Time: 03/07/2016 02:43:34
    Type: warning Category: 0
    Event: 36 Source: W32Time
    The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

    Log: 'System' Date/Time: 02/07/2016 20:54:50
    Type: warning Category: 0
    Event: 4226 Source: Tcpip
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Log: 'System' Date/Time: 02/07/2016 19:27:32
    Type: warning Category: 0
    Event: 4226 Source: Tcpip
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Log: 'System' Date/Time: 02/07/2016 17:42:33
    Type: warning Category: 0
    Event: 4226 Source: Tcpip
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Log: 'System' Date/Time: 01/07/2016 20:47:05
    Type: warning Category: 0
    Event: 4226 Source: Tcpip
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Log: 'System' Date/Time: 01/07/2016 20:13:49
    Type: warning Category: 0
    Event: 4226 Source: Tcpip
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Log: 'System' Date/Time: 30/06/2016 20:41:49
    Type: warning Category: 0
    Event: 4226 Source: Tcpip
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Log: 'System' Date/Time: 29/06/2016 21:22:36
    Type: warning Category: 0
    Event: 4226 Source: Tcpip
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Log: 'System' Date/Time: 29/06/2016 20:35:30
    Type: warning Category: 0
    Event: 4226 Source: Tcpip
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Log: 'System' Date/Time: 28/06/2016 20:30:28
    Type: warning Category: 0
    Event: 4226 Source: Tcpip
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Log: 'System' Date/Time: 27/06/2016 21:54:06
    Type: warning Category: 0
    Event: 4226 Source: Tcpip
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Log: 'System' Date/Time: 27/06/2016 19:05:27
    Type: warning Category: 0
    Event: 4226 Source: Tcpip
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Log: 'System' Date/Time: 27/06/2016 03:58:47
    Type: warning Category: 2
    Event: 57 Source: Ftdisk
    The system failed to flush data to the transaction log. Corruption may occur.

    Log: 'System' Date/Time: 26/06/2016 19:04:37
    Type: warning Category: 0
    Event: 4226 Source: Tcpip
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Log: 'System' Date/Time: 26/06/2016 16:49:23
    Type: warning Category: 0
    Event: 4226 Source: Tcpip
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Log: 'System' Date/Time: 26/06/2016 01:55:02
    Type: warning Category: 0
    Event: 4226 Source: Tcpip
    TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
     

     

     

    ************************************************************************************************************************************************************

     

     

    Vino's Event Viewer v01c run on Windows XP in English
    Report run at 04/07/2016 22:32:22

    Note: All dates below are in the format dd/mm/yyyy

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 28/06/2016 23:41:51
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application plugin-container.exe, version 47.0.0.5999, faulting module mozglue.dll, version 47.0.0.5999, fault address 0x0000f3ad.

    Log: 'Application' Date/Time: 24/06/2016 21:25:54
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application plugin-container.exe, version 47.0.0.5999, faulting module mozglue.dll, version 47.0.0.5999, fault address 0x0000f3ad.

    Log: 'Application' Date/Time: 24/06/2016 21:25:50
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application plugin-container.exe, version 47.0.0.5999, faulting module mozglue.dll, version 47.0.0.5999, fault address 0x0000f3ad.

    Log: 'Application' Date/Time: 15/06/2016 23:30:02
    Type: error Category: 101
    Event: 1002 Source: Application Hang
    Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Log: 'Application' Date/Time: 15/06/2016 23:16:24
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x053cd2c8.

    Log: 'Application' Date/Time: 14/06/2016 21:59:41
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x0bdf05cf.

    Log: 'Application' Date/Time: 12/06/2016 18:47:35
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application iexplore.exe, version 8.0.6001.18702, faulting module sopadv.dll, version 3.1.0.0, fault address 0x000051a9.

    Log: 'Application' Date/Time: 10/06/2016 19:31:22
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application plugin-container.exe, version 46.0.1.5966, faulting module mozglue.dll, version 46.0.1.5966, fault address 0x0000efdc.

    Log: 'Application' Date/Time: 24/05/2016 02:25:14
    Type: error Category: 100
    Event: 1000 Source: Application Error
    Faulting application TUAutoUpdateCheck.exe, version 14.0.1000.296, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

    Log: 'Application' Date/Time: 23/05/2016 20:59:42
    Type: error Category: 0
    Event: 1000 Source: Application Error
    Faulting application plugin-container.exe, version 46.0.1.5966, faulting module mozglue.dll, version 46.0.1.5966, fault address 0x0000efdc.

    Log: 'Application' Date/Time: 20/05/2016 19:24:34
    Type: error Category: 100
    Event: 1000 Source: Application Error
    Faulting application TUAutoUpdateCheck.exe, version 14.0.1000.296, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

    Log: 'Application' Date/Time: 17/05/2016 23:39:09
    Type: error Category: 101
    Event: 1002 Source: Application Hang
    Hanging application SopCast.exe, version 3.5.0.309, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Log: 'Application' Date/Time: 17/05/2016 23:35:26
    Type: error Category: 101
    Event: 1002 Source: Application Hang
    Hanging application SopCast.exe, version 3.5.0.309, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Log: 'Application' Date/Time: 04/05/2016 18:43:04
    Type: error Category: 100
    Event: 1004 Source: Application Error
    Faulting application TUAutoUpdateCheck.exe, version 14.0.1000.296, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

    Log: 'Application' Date/Time: 04/05/2016 11:25:22
    Type: error Category: 100
    Event: 1000 Source: Application Error
    Faulting application TUAutoUpdateCheck.exe, version 14.0.1000.296, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

    Log: 'Application' Date/Time: 30/04/2016 23:29:05
    Type: error Category: 101
    Event: 1002 Source: Application Hang
    Hanging application IMosaic.exe, version 1.0.2933.34287, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 04/07/2016 04:59:05
    Type: warning Category: 0
    Event: 1517 Source: Userenv
    Windows saved user ACASA\Bogdanian registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Log: 'Application' Date/Time: 04/07/2016 04:52:13
    Type: warning Category: 0
    Event: 1517 Source: Userenv
    Windows saved user ACASA\Bogdanian registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Log: 'Application' Date/Time: 03/07/2016 04:13:12
    Type: warning Category: 0
    Event: 1517 Source: Userenv
    Windows saved user ACASA\Bogdanian registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Log: 'Application' Date/Time: 02/07/2016 03:57:27
    Type: warning Category: 0
    Event: 1517 Source: Userenv
    Windows saved user ACASA\Bogdanian registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Log: 'Application' Date/Time: 01/07/2016 12:19:31
    Type: warning Category: 0
    Event: 1517 Source: Userenv
    Windows saved user ACASA\Bogdanian registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Log: 'Application' Date/Time: 01/07/2016 04:00:24
    Type: warning Category: 0
    Event: 1517 Source: Userenv
    Windows saved user ACASA\Bogdanian registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Log: 'Application' Date/Time: 30/06/2016 02:24:18
    Type: warning Category: 0
    Event: 1517 Source: Userenv
    Windows saved user ACASA\Bogdanian registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Log: 'Application' Date/Time: 28/06/2016 11:33:04
    Type: warning Category: 0
    Event: 1517 Source: Userenv
    Windows saved user ACASA\Bogdanian registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Log: 'Application' Date/Time: 27/06/2016 11:41:42
    Type: warning Category: 0
    Event: 1517 Source: Userenv
    Windows saved user ACASA\Bogdanian registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Log: 'Application' Date/Time: 24/06/2016 01:50:34
    Type: warning Category: 0
    Event: 1517 Source: Userenv
    Windows saved user ACASA\Bogdanian registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Log: 'Application' Date/Time: 24/06/2016 01:49:24
    Type: warning Category: 0
    Event: 1524 Source: Userenv
    Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.     

    Log: 'Application' Date/Time: 23/06/2016 11:39:55
    Type: warning Category: 0
    Event: 1517 Source: Userenv
    Windows saved user ACASA\Bogdanian registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Log: 'Application' Date/Time: 23/06/2016 04:00:27
    Type: warning Category: 0
    Event: 1517 Source: Userenv
    Windows saved user ACASA\Bogdanian registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Log: 'Application' Date/Time: 22/06/2016 19:17:03
    Type: warning Category: 0
    Event: 1517 Source: Userenv
    Windows saved user ACASA\Bogdanian registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Log: 'Application' Date/Time: 22/06/2016 10:53:46
    Type: warning Category: 0
    Event: 1517 Source: Userenv
    Windows saved user ACASA\Bogdanian registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Log: 'Application' Date/Time: 22/06/2016 03:16:11
    Type: warning Category: 0
    Event: 1517 Source: Userenv
    Windows saved user ACASA\Bogdanian registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Log: 'Application' Date/Time: 21/06/2016 11:50:17
    Type: warning Category: 0
    Event: 1517 Source: Userenv
    Windows saved user ACASA\Bogdanian registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Log: 'Application' Date/Time: 21/06/2016 03:15:41
    Type: warning Category: 0
    Event: 1517 Source: Userenv
    Windows saved user ACASA\Bogdanian registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Log: 'Application' Date/Time: 20/06/2016 11:51:05
    Type: warning Category: 0
    Event: 1517 Source: Userenv
    Windows saved user ACASA\Bogdanian registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

    Log: 'Application' Date/Time: 18/06/2016 16:34:55
    Type: warning Category: 0
    Event: 1517 Source: Userenv
    Windows saved user ACASA\Bogdanian registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
     

     

     

     

     

    Attached Files


    • 0

    #13
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    I'm going to have this moved to the malware forum.  I want to run FRST and I'm not supposed to do that except in the malware forum.

     

     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Make sure the Addition.txt box is checked.
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • It will also generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #14
    Gasol

    Gasol

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 153 posts

    Hmmm... Updatus User? What is this?

    PS: I have some important .txt, .doc or .xls files. I don't want to lose them.

     

    Here are the results:

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-07-2016
    Ran by Bogdanian (administrator) on ACASA (05-07-2016 00:04:47)
    Running from C:\Documents and Settings\Bogdanian\Desktop
    Loaded Profiles: Bogdanian & UpdatusUser (Available Profiles: Bogdanian & UpdatusUser)
    Platform: Microsoft Windows XP Professional Service Pack 2 (X86) Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Creative Technology Ltd) C:\WINDOWS\system32\CTSVCCDA.EXE
    (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
    (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
    (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
    (TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
    (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
    (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
    HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1634112 2000-01-01] ()
    HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-23] (AVAST Software)
    HKU\S-1-5-21-1214440339-308236825-682003330-1003\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
    HKU\S-1-5-21-1214440339-308236825-682003330-1003\...\Policies\system: [DisableChangePassword] 0
    HKU\S-1-5-21-1214440339-308236825-682003330-1003\...\Policies\system: [DisableLockWorkstation] 0
    HKU\S-1-5-21-1214440339-308236825-682003330-1003\...\MountPoints2: K - K:\Autorun.exe
    IFEO\yahoomessenger.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-02-26] (AVAST Software)
    BootExecute: autocheck autochk * eautocheck autochk *

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 95.77.94.88 78.96.7.88
    Tcpip\..\Interfaces\{A88D0840-2D22-42BA-9327-A7A8CF463606}: [NameServer] 8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{A88D0840-2D22-42BA-9327-A7A8CF463606}: [DhcpNameServer] 95.77.94.88 78.96.7.88

    Internet Explorer:
    ==================
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.geocities.com/netpocalypse/index.html
    HKU\S-1-5-21-1214440339-308236825-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    URLSearchHook: [S-1-5-21-1214440339-308236825-682003330-1005] ATTENTION => Default URLSearchHook is missing
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-09-08] (Sun Microsystems, Inc.)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-26] (AVAST Software)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-09-08] (Sun Microsystems, Inc.)
    BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-09-08] (Sun Microsystems, Inc.)
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\Bogdanian\Application Data\Mozilla\Firefox\Profiles\prsknhop.default-1431867247000
    FF Homepage: hxxp://google.com/
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-24] ()
    FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1223183.dll [2015-12-22] (Adobe Systems, Inc.)
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-09-08] (Sun Microsystems, Inc.)
    FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-12-18] (Adobe Systems Inc.)
    FF Extension: YouTube ALL HTML5 - C:\Documents and Settings\Bogdanian\Application Data\Mozilla\Firefox\Profiles\prsknhop.default-1431867247000\Extensions\jid1-qj0w91o64N7Eeg@jetpack.xpi [2016-02-05]
    FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
    FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012-09-08] [not signed]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-01-04] [not signed]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-27]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-27]

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-02-26]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-26]
    CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path\update_url>

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-09-16] (Adobe Systems) [File not signed]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-26] (AVAST Software)
    R2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
    R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2012-09-08] (Sun Microsystems, Inc.)
    S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [315392 2002-01-05] (Microsoft Corporation) [File not signed]
    S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [146888 2016-06-13] (Mozilla Foundation) [File not signed]
    R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1774904 2014-04-15] (TuneUp Software)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [32792 2016-02-26] (AVAST Software)
    R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-03-22] (AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [91168 2016-03-09] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-02-26] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [58776 2016-02-26] (AVAST Software)
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [816304 2016-03-09] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [447848 2016-02-26] (AVAST Software)
    R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [171608 2016-02-26] (AVAST Software)
    S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [67088 2016-02-26] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [221240 2016-02-26] (AVAST Software)
    R0 d347bus; C:\WINDOWS\System32\DRIVERS\d347bus.sys [155136 2004-08-22] ( ) [File not signed]
    R0 d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [5248 2004-08-22] ( ) [File not signed]
    R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
    R3 HdAudAddService; C:\WINDOWS\System32\drivers\HdAudio.sys [145920 2005-01-07] (Windows ® Server 2003 DDK provider)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
    R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
    R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2012-07-05] (Padus, Inc.) [File not signed]
    S3 ptun0901; C:\WINDOWS\System32\DRIVERS\ptun0901.sys [35288 2014-03-10] (The OpenVPN Project)
    R2 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [11973 2012-10-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
    R0 speedfan; C:\WINDOWS\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
    R1 SSHDRV65; C:\WINDOWS\system32\drivers\SSHDRV65.sys [120320 2013-06-21] () [File not signed]
    R3 stdriver; C:\WINDOWS\System32\DRIVERS\stdriverx86.sys [44624 2014-12-20] ()
    S3 tap0901; C:\WINDOWS\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
    R3 taphss; C:\WINDOWS\System32\DRIVERS\taphss.sys [33512 2015-12-15] (AnchorFree Inc)
    R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-03-26] (TuneUp Software)
    S4 IntelIde; no ImagePath
    S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
    S3 SASPROT; \??\C:\Program Files\Systweak AntiSpyware\sasprot.sys [X]
    U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-07-05 00:04 - 2016-07-05 00:05 - 00013057 _____ C:\Documents and Settings\Bogdanian\Desktop\FRST.txt
    2016-07-05 00:04 - 2016-07-05 00:04 - 00000000 ____D C:\FRST
    2016-07-05 00:03 - 2016-07-05 00:03 - 01740288 _____ (Farbar) C:\Documents and Settings\Bogdanian\Desktop\FRST.exe
    2016-07-04 22:39 - 2016-07-04 22:45 - 00051176 _____ C:\Speccy log.txt
    2016-07-04 22:37 - 2016-07-04 22:37 - 00000654 _____ C:\Documents and Settings\All Users\Desktop\Speccy.lnk
    2016-07-04 22:37 - 2016-07-04 22:37 - 00000000 ____D C:\Program Files\Speccy
    2016-07-04 22:37 - 2016-07-04 22:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Speccy
    2016-07-04 22:35 - 2016-07-04 22:35 - 00014231 _____ C:\VEW2.txt
    2016-07-04 22:29 - 2016-07-04 22:29 - 00008531 _____ C:\VEW1.txt
    2016-07-04 22:25 - 2016-07-04 22:32 - 00015418 _____ C:\VEW.txt
    2016-07-04 22:23 - 2016-07-04 22:23 - 00061440 _____ ( ) C:\Documents and Settings\Bogdanian\Desktop\VEW.exe
    2016-07-04 21:34 - 2016-07-04 21:34 - 00002982 _____ C:\System Idle Process.txt
    2016-07-04 21:26 - 2016-07-04 21:26 - 00003066 _____ C:\JRT.txt
    2016-07-04 21:24 - 2016-07-04 21:24 - 00003066 _____ C:\Documents and Settings\Bogdanian\Desktop\JRT.txt
    2016-07-04 21:21 - 2016-07-04 21:21 - 00014011 _____ C:\AdwCleaner[C1].txt
    2016-07-04 18:35 - 2016-07-04 18:35 - 01270466 _____ C:\ProcessExplorer.zip
    2016-07-04 18:35 - 2016-07-04 18:35 - 00000000 ____D C:\ProcessExplorer
    2016-07-03 21:35 - 2016-07-03 21:36 - 00000000 ____D C:\Program Files\BookCAT
    2016-07-03 21:35 - 2016-07-03 21:35 - 00001528 _____ C:\Documents and Settings\All Users\Desktop\BookCAT.lnk
    2016-07-03 21:35 - 2016-07-03 21:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\BookCAT
    2016-07-03 01:00 - 2016-07-04 00:24 - 00053956 _____ C:\Documents and Settings\Bogdanian\Desktop\jo_Cosmina.txt
    2016-07-01 19:11 - 2016-07-03 17:13 - 00000077 _____ C:\Documents and Settings\Bogdanian\Desktop\Caltut Valentin adresa.txt
    2016-06-27 21:54 - 2016-06-27 21:54 - 00000036 _____ C:\Documents and Settings\Bogdanian\Desktop\adresa bucur obor.txt
    2016-06-26 16:42 - 2016-06-26 16:43 - 00000000 ____D C:\Documents and Settings\Bogdanian\Desktop\GrantPerms
    2016-06-26 16:41 - 2016-06-26 16:41 - 00453083 _____ C:\Documents and Settings\Bogdanian\Desktop\GrantPerms.zip
    2016-06-25 00:12 - 2016-07-03 00:59 - 00061349 _____ C:\Documents and Settings\Bogdanian\Desktop\hera.txt
    2016-06-24 18:37 - 2016-06-24 18:37 - 20019904 _____ (Adobe Systems Incorporated) C:\Documents and Settings\Bogdanian\My Documents\install_flash_player.exe
    2016-06-24 00:04 - 2016-06-24 00:04 - 00106496 _____ C:\WINDOWS\Minidump\Mini062416-01.dmp
    2016-06-13 21:17 - 2016-06-13 21:17 - 21027355 _____ C:\Documents and Settings\Bogdanian\Desktop\wetransfer-8bd6d5.zip
    2016-06-13 20:02 - 2016-07-04 23:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2016-06-13 00:26 - 2016-06-14 02:14 - 00019456 _____ C:\Documents and Settings\Bogdanian\My Documents\Juniori A1.xls
    2016-06-08 20:36 - 2016-06-08 20:36 - 00000215 _____ C:\Documents and Settings\Bogdanian\Desktop\Singureni Malu 0-2.txt

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-07-05 00:05 - 2012-07-04 21:22 - 00000000 ____D C:\Documents and Settings\Bogdanian\Local Settings\Temp
    2016-07-05 00:01 - 2001-08-23 17:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
    2016-07-04 23:13 - 2012-07-04 20:48 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-07-04 22:45 - 2015-04-10 23:41 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
    2016-07-04 22:44 - 2012-07-04 22:55 - 00000000 ____D C:\WINDOWS\security
    2016-07-04 22:26 - 2012-07-04 21:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-07-04 22:26 - 2012-07-04 20:48 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-07-04 21:22 - 2012-07-04 21:22 - 00000000 ___RD C:\Documents and Settings\Bogdanian\My Documents
    2016-07-04 21:21 - 2012-07-04 21:09 - 00000178 ___SH C:\Documents and Settings\UpdatusUser\ntuser.ini
    2016-07-04 21:16 - 2015-03-13 20:17 - 00196608 _____ C:\WINDOWS\system32\config\TuneUp.evt
    2016-07-04 21:16 - 2012-07-04 21:22 - 00000278 ___SH C:\Documents and Settings\Bogdanian\ntuser.ini
    2016-07-04 21:16 - 2012-07-04 21:21 - 00032554 _____ C:\WINDOWS\SchedLgU.Txt
    2016-07-04 21:15 - 2013-08-23 19:14 - 00000000 ____D C:\AdwCleaner
    2016-07-04 21:15 - 2012-07-04 22:37 - 00000000 ____D C:\Program Files\Yahoo!
    2016-07-04 21:02 - 2016-04-27 19:19 - 00000000 ____D C:\Documents and Settings\Bogdanian\Application Data\.purple
    2016-07-04 04:58 - 2012-07-04 21:22 - 00000000 ____D C:\Documents and Settings\Bogdanian
    2016-07-04 04:53 - 2014-05-25 00:55 - 00000000 ____D C:\WINDOWS\uninstall
    2016-07-04 02:01 - 2015-01-23 21:23 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-07-04 01:26 - 2012-07-05 16:56 - 00000000 ____D C:\Documents and Settings\Bogdanian\Local Settings\Application Data\ApplicationHistory
    2016-06-26 14:58 - 2012-07-04 21:32 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
    2016-06-24 19:21 - 2012-07-04 20:55 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2016-06-24 19:21 - 2012-07-04 20:55 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2016-06-24 18:36 - 2014-09-01 00:19 - 00000000 ____D C:\Documents and Settings\Bogdanian\Local Settings\Application Data\Adobe
    2016-06-24 00:04 - 2012-10-01 18:25 - 00000000 ____D C:\WINDOWS\Minidump
    2016-06-23 03:11 - 2012-07-04 21:22 - 00000000 ___RD C:\Documents and Settings\Bogdanian\My Documents\My Pictures
    2016-06-21 22:04 - 2016-05-24 22:30 - 00035066 _____ C:\Documents and Settings\Bogdanian\Desktop\Ariel.txt
    2016-06-21 19:23 - 2012-07-05 17:59 - 00000000 ____D C:\Documents and Settings\Bogdanian\Application Data\mIRC
    2016-06-21 19:21 - 2012-07-05 17:59 - 00000000 ____D C:\Program Files\mIRC
    2016-06-18 13:01 - 2012-11-22 22:16 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\EA SPORTS
    2016-06-14 11:26 - 2015-08-28 23:32 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

    ==================== Files in the root of some directories =======

    2012-08-12 18:01 - 2012-08-12 18:05 - 0008063 _____ () C:\Documents and Settings\Bogdanian\Application Data\Swoosh.game
    2012-07-05 05:00 - 2016-05-03 00:33 - 0039424 _____ () C:\Documents and Settings\Bogdanian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-07-05 16:56 - 2012-07-05 16:56 - 0000132 _____ () C:\Documents and Settings\Bogdanian\Local Settings\Application Data\fusioncache.dat
    2013-02-03 04:45 - 2013-08-07 23:07 - 0000054 _____ () C:\Documents and Settings\Bogdanian\Local Settings\Application Data\info.ini
    2013-02-03 04:33 - 2013-02-03 04:33 - 0000741 _____ () C:\Documents and Settings\Bogdanian\Local Settings\Application Data\recently-used.xbel

    Some files in TEMP:
    ====================
    C:\Documents and Settings\Bogdanian\Local Settings\Temp\bassmod.dll
    C:\Documents and Settings\Bogdanian\Local Settings\Temp\libeay32.dll
    C:\Documents and Settings\Bogdanian\Local Settings\Temp\msvcr120.dll
    C:\Documents and Settings\Bogdanian\Local Settings\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    ==================== End of FRST.txt ============================

     

     

     

     

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-07-2016
    Ran by Bogdanian (2016-07-05 00:07:20)
    Running from C:\Documents and Settings\Bogdanian\Desktop
    Microsoft Windows XP Professional Service Pack 2 (X86) (2012-07-04 18:20:29)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1214440339-308236825-682003330-500 - Administrator - Enabled)
    ASPNET (S-1-5-21-1214440339-308236825-682003330-1006 - Limited - Enabled)
    Bogdanian (S-1-5-21-1214440339-308236825-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Bogdanian
    Guest (S-1-5-21-1214440339-308236825-682003330-501 - Limited - Disabled)
    HelpAssistant (S-1-5-21-1214440339-308236825-682003330-1000 - Limited - Disabled)
    SUPPORT_388945a0 (S-1-5-21-1214440339-308236825-682003330-1002 - Limited - Disabled)
    UpdatusUser (S-1-5-21-1214440339-308236825-682003330-1005 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    ACDSee Pro (HKLM\...\{F99F74B4-972B-4B06-B893-6B3B0DB0128B}) (Version: 8.0.67 - ACD Systems Ltd.)
    Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
    Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
    Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
    Adobe Reader XI (11.0.01) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.01 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.3.183 - Adobe Systems, Inc.)
    AGEIA PhysX v7.03.21 (HKLM\...\{85EBB283-65AF-4C53-9EBE-7C0A232762F7}) (Version: 7.03.21 - AGEIA Technologies, Inc.)
    AIDA64 Extreme Edition v2.50 (HKLM\...\AIDA64 Extreme Edition_is1) (Version: 2.50 - FinalWire Ltd.)
    Attribute Changer 6.20 (HKLM\...\{27263813-8BDE-4CD2-84D3-02536743428A}_is1) (Version: 6.20 - Romain Petges)
    Aurora SVG Viewer & Converter version 11.5 (HKLM\...\{086EADE2-99F8-40BB-AFB0-C9B950501AF5}_is1) (Version: 11.5 - Aurora3D, Inc.)
    Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2253 - AVAST Software)
    Basketball Stat Manager 2.0 (HKLM\...\Basketball Stat Manager) (Version: 2.0 - Stat Manager)
    BookCAT (HKLM\...\BookCAT_is1) (Version:  - FNProgramvare)
    Carambis Driver Updater (HKLM\...\Driver Updater) (Version: 2.0.0.7613 - MEDIA FOG LTD)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
    Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
    Creative Software AutoUpdate (HKLM\...\Creative Software AutoUpdate) (Version:  - )
    Das Fussball Studio 8.5.2 (Beta) (HKLM\...\{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1) (Version: 8.5.2 - vmLOGIC - Volker Mallmann)
    DFS Map-Tool 1.0.4 (HKLM\...\{9C0A20E6-A9E1-44BE-8E3E-3E6529FCCC61}_is1) (Version: 1.0.4 - Harry Rechten)
    Easy MP3 Sound Recorder 2.01 (HKLM\...\{3E1ECEEC-814C-4B53-9E08-9B1F2FA83434}) (Version: 2.01.0000 - Shiyi Software Workroom)
    FIFA MANAGER 10 (HKLM\...\FIFA MANAGER 10) (Version: 2.0.0.6 - Electronic Arts)
    FormatFactory 2.96 (HKLM\...\FormatFactory) (Version: 2.96 - Free Time)
    Free Sound Recorder v9.4.1 (HKLM\...\Free Sound Recorder_is1) (Version:  - Copyright© 2005-2012 FreeSoundRecorder Technologies, Inc.)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
    Groove Games\Land Of The Dead (HKLM\...\LandOfTheDead) (Version:  - )
    High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
    IMosaic (HKLM\...\{89F72A6E-05C7-4066-BC80-3DBEDA4E8BF2}) (Version: 0.9.6 - IMosaic)
    Java™ 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
    LeaguePad (HKLM\...\LeaguePad4.5) (Version:  - )
    Ltrack 7.3 (HKLM\...\Ltrack_is1) (Version:  - Nigel Thomas)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office 2003 Romanian User Interface Pack (HKLM\...\{901E0418-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
    Microsoft Report Viewer Redistributable 2008 (HKLM\...\Microsoft Report Viewer Redistributable 2008) (Version:  - Microsoft Corporation)
    Microsoft User-Mode Driver Framework Feature Pack 1.9 (HKLM\...\Wudf01009) (Version:  - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    mIRC (HKLM\...\mIRC) (Version: 7.25 - mIRC Co. Ltd.)
    Mozilla Firefox 47.0 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
    MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
    MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
    MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
    MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
    MX vs ATV Unleashed (HKLM\...\{BBE18EBD-CD44-4C51-8BC5-577ECCCEC68F}) (Version: 1.00.0000 - THQ)
    MySQL Connector/ODBC 3.51 (HKLM\...\{0CB3C535-1171-4A20-B549-E2CB5DEB9723}) (Version: 3.51.12 - MySQL AB)
    NEF to JPG (HKLM\...\{13D87B39-2A3B-4675-A0D9-B8B01EA2F8E3}_is1) (Version:  - neftojpg.com)
    Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
    NSIS LHM2005 (remove only) (HKLM\...\LHM2005) (Version:  - )
    NSIS LHM2006 (remove only) (HKLM\...\LHM2006) (Version:  - )
    NVIDIA Graphics Driver 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 301.42 - NVIDIA Corporation)
    NVIDIA nView 136.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.27 - NVIDIA Corporation)
    NVIDIA Update 1.8.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.8.15 - NVIDIA Corporation)
    Origin (HKLM\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
    PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
    PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
    Perfect Uninstaller v6.3.3.9 (HKLM\...\Perfect Uninstaller_is1) (Version:  - www.PerfectUninstaller.com)
    PhotoScape (HKLM\...\PhotoScape) (Version:  - )
    Pidgin (HKLM\...\Pidgin) (Version: 2.10.12 - )
    Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.33 - Realtek Semiconductor Corp.)
    REALTEK GbE & FE Ethernet PCI NIC Driver (HKLM\...\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}) (Version: 1.23.0000 - Realtek)
    REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.00.0000 - Realtek)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6013 - Realtek Semiconductor Corp.)
    RecordPad Sound Recorder (HKLM\...\Recordpad) (Version: 5.28 - NCH Software)
    Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
    SevenZip (HKLM\...\SevenZip) (Version: 9.20 - SevenZip)
    SopCast 3.5.0 (HKLM\...\SopCast) (Version: 3.5.0 - www.sopcast.com)
    SoundTap Streaming Audio Recorder (HKLM\...\SoundTap) (Version: 2.31 - NCH Software)
    Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
    SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
    SPMT (HKLM\...\{097AE5D5-478A-4F29-A8D9-95575F0A0C00}) (Version: 2.6.0 - SPMT)
    Sport Tables 2.4 (HKLM\...\Sport Tables_is1) (Version:  - FN Systems, Ltd.)
    Sports Card Collector v5.1 (HKLM\...\Sports Card Collector v5.1) (Version:  - )
    SUPER © v2012.build.52 (July 7, 2012) version v2012.build.52 (HKLM\...\{8F311E2E-C275-4CF0-8154-B63991832668}_is1) (Version: v2012.build.52 - eRightSoft)
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Total Club Manager 2004 (HKLM\...\{6E5BC38E-F22B-4197-00A2-CD8E58EF139C}) (Version:  - )
    Total Video Converter 3.21 090220 (HKLM\...\Total Video Converter 3.21_is1) (Version:  - EffectMatrix Inc.)
    TuneUp Utilities 2014 (en-US) (Version: 14.0.1000.296 - TuneUp Software) Hidden
    TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.296 - TuneUp Software)
    TuneUp Utilities 2014 (Version: 14.0.1000.296 - TuneUp Software) Hidden
    Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
    Vector Magic (HKLM\...\Vector Magic) (Version: 1.15 - Vector Magic, Inc.)
    VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    Winamp (remove only) (HKLM\...\Winamp) (Version:  - )
    Windows Driver Package - Nokia Modem  (06/01/2009 4.1) (HKLM\...\E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84) (Version: 06/01/2009 4.1 - Nokia)
    Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
    Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
    Windows Installer 3.1 (KB893803) (HKLM\...\KB893803v2) (Version: 3.1 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
    Windows Media Player 10 (HKLM\...\Windows Media Player) (Version:  - )
    WinRAR 4.01 beta 1 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.1 - win.rar GmbH)
    Wizard Sports (HKU\S-1-5-21-1214440339-308236825-682003330-1003\...\Wizard Sports) (Version:  - )
    Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
    Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
    Yammy 0.7 (HKLM\...\Yammy) (Version: 0.7 - Pravin Paratey)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    Shortcut: C:\Documents and Settings\Bogdanian\Start Menu\Programs\SevenZip 9.20\Visit SevenZip website.lnk -> hxxp://www.sevenzip.info/ (No File)
    Shortcut: C:\Documents and Settings\Bogdanian\Start Menu\Programs\Basketball Stat Manager\Stat Manager Website.lnk -> hxxp://www.basketballstatmanager.com/ (No File)
    Shortcut: C:\Documents and Settings\Bogdanian\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.html (No File)
    Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Super Hide IP\Help.lnk -> hxxp://client.superhideip.com/client/?PID=SHI&ACTION=help (No File)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-04-10 23:40 - 2016-02-26 23:44 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-04-10 23:40 - 2016-02-26 23:44 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-07-04 20:36 - 2016-07-04 20:36 - 02996736 _____ () C:\Program Files\AVAST Software\Avast\defs\16070401\algo.dll
    2016-04-14 19:19 - 2016-04-14 19:19 - 00509344 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2004-08-22 17:04 - 2004-08-22 17:04 - 00069120 _____ () C:\WINDOWS\daemon.dll
    2003-12-30 21:52 - 2003-12-30 21:52 - 00007168 _____ () C:\Program Files\D-Tools\Plugins\Images\bw5mount.dll
    2015-04-10 23:40 - 2015-12-21 22:47 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2004-08-04 03:56 - 2004-08-04 03:56 - 01287680 _____ () C:\WINDOWS\system32\quartz.dll
    2016-06-24 18:38 - 2016-06-24 19:21 - 19455168 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720 [119]
    AlternateDataStreams: C:\Documents and Settings\Bogdanian\My Documents\8c283f0cbe825f93ca4fac16e2a6d414.zip:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2001-08-23 17:00 - 2014-09-18 21:02 - 00000732 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1       localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1214440339-308236825-682003330-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Bogdanian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    HKU\S-1-5-21-1214440339-308236825-682003330-1005\Control Panel\Desktop\\Wallpaper -> (None)
    DNS Servers: 8.8.8.8 - 8.8.4.4
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^Documents and Settings^Bogdanian^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\WINDOWS\pss\Adobe Gamma.lnkStartup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: CreativeTaskScheduler => "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
    MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    StandardProfile\AuthorizedApplications: [C:\Program Files\mIRC\mirc.exe] => Enabled:mIRC
    StandardProfile\AuthorizedApplications: [C:\Program Files\Internet Explorer\iexplore.exe] => Enabled:Internet Explorer
    StandardProfile\AuthorizedApplications: [E:\Yu-Gi-Oh! Trilogy\Yu-Gi-Oh! Joey the Passion\joey_pc.exe] => Enabled:joey_pc
    StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpnsvr.exe] => Enabled:Microsoft DirectPlay8 Server
    StandardProfile\AuthorizedApplications: [C:\Program Files\SopCast\SopCast.exe] => Enabled:SopCast Main Application
    StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
    DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
    DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
    DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
    DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
    StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
    StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
    StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
    StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002

    ==================== Restore Points =========================

    27-06-2016 19:35:59 System Checkpoint
    29-06-2016 20:23:57 System Checkpoint
    01-07-2016 22:19:04 System Checkpoint
    02-07-2016 22:20:21 System Checkpoint
    04-07-2016 21:21:56 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============

    Name: Multimedia Audio Controller
    Description: Multimedia Audio Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: SM Bus Controller
    Description: SM Bus Controller
    Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/28/2016 11:41:51 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 47.0.0.5999, faulting module mozglue.dll, version 47.0.0.5999, fault address 0x0000f3ad.
    Processing media-specific event for [plugin-container.exe!ws!]

    Error: (06/24/2016 09:25:54 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 47.0.0.5999, faulting module mozglue.dll, version 47.0.0.5999, fault address 0x0000f3ad.
    Processing media-specific event for [plugin-container.exe!ws!]

    Error: (06/24/2016 09:25:50 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 47.0.0.5999, faulting module mozglue.dll, version 47.0.0.5999, fault address 0x0000f3ad.
    Processing media-specific event for [plugin-container.exe!ws!]

    Error: (06/15/2016 11:30:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error: (06/15/2016 11:16:24 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x053cd2c8.
    Processing media-specific event for [iexplore.exe!ws!]

    Error: (06/14/2016 09:59:41 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x0bdf05cf.
    Processing media-specific event for [iexplore.exe!ws!]

    Error: (06/12/2016 06:47:35 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module sopadv.dll, version 3.1.0.0, fault address 0x000051a9.
    Processing media-specific event for [iexplore.exe!ws!]

    Error: (06/10/2016 07:31:22 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application plugin-container.exe, version 46.0.1.5966, faulting module mozglue.dll, version 46.0.1.5966, fault address 0x0000efdc.
    Processing media-specific event for [plugin-container.exe!ws!]


    System errors:
    =============
    Error: (07/05/2016 12:03:04 AM) (Source: Schannel) (EventID: 4108) (User: )
    Description: The certificate received from the remote server has not validated correctly. The
    error code is 0x80096004. The SSL connection request has failed. The attached data contains
    the server certificate.

    Error: (07/04/2016 10:27:24 PM) (Source: Schannel) (EventID: 4108) (User: )
    Description: The certificate received from the remote server has not validated correctly. The
    error code is 0x80096004. The SSL connection request has failed. The attached data contains
    the server certificate.

    Error: (07/04/2016 10:25:36 PM) (Source: 0) (EventID: 15) (User: )
    Description: \Device\CdRom3

    Error: (07/04/2016 10:25:36 PM) (Source: 0) (EventID: 15) (User: )
    Description: \Device\CdRom2

    Error: (07/04/2016 10:25:36 PM) (Source: 0) (EventID: 15) (User: )
    Description: \Device\CdRom1

    Error: (07/04/2016 10:23:22 PM) (Source: Schannel) (EventID: 4108) (User: )
    Description: The certificate received from the remote server has not validated correctly. The
    error code is 0x80096004. The SSL connection request has failed. The attached data contains
    the server certificate.

    Error: (07/04/2016 09:21:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The TuneUp Utilities Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (07/04/2016 09:21:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).

    Error: (07/04/2016 09:21:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The NVIDIA Driver Helper Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (07/04/2016 09:21:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Machine Debug Manager service terminated unexpectedly.  It has done this 1 time(s).


    ==================== Memory info ===========================

    Processor:  Intel® Pentium® 4 CPU 3.20GHz
    Percentage of memory in use: 53%
    Total physical RAM: 2047.11 MB
    Available physical RAM: 947.68 MB
    Total Virtual: 3433.26 MB
    Available Virtual: 2541.69 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:19.53 GB) (Free:1.61 GB) NTFS ==>[drive with boot components (Windows XP)]
    Drive d: () (Fixed) (Total:68.36 GB) (Free:0.24 GB) NTFS
    Drive e: () (Fixed) (Total:68.36 GB) (Free:0.23 GB) NTFS
    Drive f: (filme) (Fixed) (Total:68.36 GB) (Free:2.57 GB) NTFS
    Drive g: () (Fixed) (Total:73.46 GB) (Free:0.32 GB) NTFS
    Drive j: (NHL 2005_CD2) (CDROM) (Total:0.46 GB) (Free:0 GB) CDFS
    Drive k: (FIFA07) (CDROM) (Total:2.79 GB) (Free:0 GB) UDF
    Drive l: (USB DISK) (Removable) (Total:3.61 GB) (Free:0.04 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 00D300D3)
    Partition 1: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=278.5 GB) - (Type=OF Extended)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 3.6 GB) (Disk ID: C3072E18)
    Partition 1: (Not Active) - (Size=3.6 GB) - (Type=0C)

    ==================== End of Addition.txt ============================


    • 0

    #15
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP
    Hmmm... Updatus User? What is this?

     

    It's from Nvidia:  http://nvidia.custhe...updatususer’?

     

    I assume you are in Romania based on your DNS.  Is that correct?

     

     

    Appears you are missing the intel Chipset Utility.

     

    You can download it from

     

    https://downloadcent.../download/20019

     

    It should help with these:

     

     

    Name: Multimedia Audio Controller
    Description: Multimedia Audio Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name: SM Bus Controller
    Description: SM Bus Controller
    Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

     

     

     

    After you install it and reboot:

     

    Right click on My Computer and select Manage and then Device Manager then View, Show Hidden Drivers.  Now look in the right pane for yellow flagged devices.  Right click on one and select properties then click on the Details tab.  Change Property to Hardware IDs.  Click on the top one then right click and copy.  Paste that into a reply.  Repeat for all yellow flagged devices.

     

     

     

    Clear the Java Cache by following the instructions on
     
    You do not have the latest Java.
    First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
    I see:
    Java™ 6 Update 31
     
    Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
     
    If you feel you must have Java:
    Get the latest Java at:
     
    Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
    Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
     
     
     
     
    Download the attached fixlist.txt to the same location as FRST
     
     
    This is just to remove remnants of Java 6 and some deadwood.  It's just a text file so you can check it out first if you want.  It won't remove any of the files you are worried about.
     
    Run FRST and press Fix
    A fix log will be generated please post that 
     
     
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
     
     
     
     
     
     
     
    Is there a reason you do not have SP3?  Normally running SP2 will cause a lot of problems and is a lot less secure.
     
     
     
     
     
     
    Start, Run, eventvwr.msc, OK to bring up the Event Viewer.  Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. 
     
    Reboot. 
     
     

    Run VEW again as before for System and Applications:

     

    2. Double-click VEW.exe
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
    (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
     

     

     

     

     

     


    • 0






    Similar Topics


    Also tagged with one or more of these keywords: error, xp, cannot acces

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP