tqh

Honorary Members
  • Content count

    156
  • Joined

  • Last visited

About tqh

  • Rank
    Advanced Member
  1. I preface this by stating that I would never believe this could happen if someone else told me it happened. I have a laptop running Windows 10. Everyone knows how this OS forces you to do things you may otherwise want to wait to do later. The anniversary 1607 upgrade was set to run. I didn't realize this was akin to installing the OS, but this is irrelevant now. I quickly went and saved a number of files I had open and a notepad file had not been saved, so I quickly "saved as". So, once this upgrade and a ton of other updates completed, I went back to open a number of notepad files. The one that I saved last (the save as) did not have the content it had when I saved it. In fact, and this is the unbelievable part, it contained a draft of a thank you note I wrote a year ago. I didn't even have the computer w/ Windows 10 back then. I wrote it on another one of my laptops (let's call it W7), saved it, and NEVER opened it again. Nor did I ever email it as an attachment, put it on a flash, or otherwise transfer it. It was a hand-written thank you note. I have two theories that are equally absurd. The first I believe a little more than the second. I think when I "saved as" on the W10 machine, I named it the same as the year-old note I created on the W7 machine. Somehow the two computers "communicated" and the original file from W7 replaced the newer W10 file. The other theory is that I didn't save it as that name, but somehow the W10 machine "communicated" w/ the W7 machine and imported it. These are really, really ridiculous ideas, but the bottom line is that the content from the W7 machine was NEVER on the W10 machine. How could it possibly get there? Anytime I see something about allowing my computer to share with others, I disable it, but perhaps the W10 machine communicated with it. Any insight would be great. I am considering rolling back the version and hoping something even more ridiculous might happen. TIA
  2. I have a Windows 7 disk, would that work? You can install the OS without overwriting data, correct? Also, will it wipe out things like installed printer software? Thanks.
  3. It ran a long and short test by default. What do you think happened? Is it possible to plug this hard drive into a newer or older machine to recover the data? I have most of the stuff on there backed up. I actually can't think of anything on there that I don't have on another device, but want to make sure. I also don't have an XP disc. This computer is pretty old. Thanks
  4. Was able to successfully run memtest86+. Showed no errors, but only ran it once. Ran the hard drive test and found no errors as well. Had trouble finding the right one, but was able to get the boot cd running and found no errors. Since I can't run anything in windows, should I run any other tests? Let me say this, the only way I get the BSOD is if I run windows recovery console. Otherwise, it just keeps cycling as if it is going to boot properly, but never does. I appreciate the help. EDIT: Just noticed that the log states, not able to get smart data. Before that it states, smart is supported but is disabled.
  5. Thanks for the reply. I am going to work on this problem now and hopefully get back to you tonight.
  6. Hello MB Forum, I recently hit my power supply on/off switch (accidentally) on my machine running Windows XP. When I tried to reboot, I encountered a screen I have never seen before. It was similar to the screen encountered when booting in safe mode, but this one included "return to previous configuration" or something like that. I am using another computer to post and don't want to try and reboot the problematic machine. It kept cycling back and forth between this screen and the regular boot process. Finally, I got a BSOD and then decided I might want to stop and post on this forum. Is there something I can do to get a proper boot? I tried hitting F8 and running in safe mode - that didn't work. Nothing works. Please advise. Thanks in advance!
  7. I'm trying to get around to work on this. Please excuse my delay.
  8. Yes, it appears to be quite stable. No crashes since the post I last mentioned them. Thanks for that. I wish I understood what you did, but I guess there is no need. Did you just disable that daemon "file/exe" from starting at startup? So, I could manually start it up if I needed to in the future. Thanks for all your patience and help! Edit - right after I posted this FF crashed. So buggy. I was typing a response in gmail if that helps. Only had one tab opened. Crashes seem more likely when a lot of tabs are open.
  9. That made a noticeable difference just on startup. Previously, it might take a minute to open FF after logging on. Here is the requested log: Fix result of Farbar Recovery Scan Tool (x86) Version: 05-12-2016 Ran by poi (05-12-2016 17:20:09) Run:1 Running from C:\Documents and Settings\poi\Desktop Loaded Profiles: poi & UpdatusUser (Available Profiles: az & poi & ewq & UpdatusUser & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [716272 2008-08-15] () [File not signed] C:\WINDOWS\System32\Drivers\sptd.sys S3 catchme; \??\C:\DOCUME~1\poi\LOCALS~1\Temp\catchme.sys [X] S3 gdrv; \??\C:\WINDOWS\gdrv.sys [X] S3 hSONYPVh; \??\C:\DOCUME~1\poi\LOCALS~1\Temp\hSONYPVh.sys [X] S4 IntelIde; no ImagePath Task: C:\WINDOWS\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe <==== ATTENTION EmptyTemp: end ***************** Restore point was successfully created. Processes closed successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NvCplDaemon => value removed successfully. sptd => Unable to stop service. sptd => service could not remove C:\WINDOWS\System32\Drivers\sptd.sys => moved successfully catchme => service removed successfully. gdrv => service removed successfully. hSONYPVh => service removed successfully. IntelIde => service removed successfully. C:\WINDOWS\Tasks\WGASetup.job => moved successfully =========== EmptyTemp: ========== BITS transfer queue => 9723 B DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 94657 B Java, Flash, Steam htmlcache => 148905015 B Windows/system/dllcache/drivers => 4479707 B Edge => 0 B Chrome => 0 B Firefox => 183065701 B Opera => 0 B Temp, IE cache, history, cookies, recent: Documents and Settings => 0 B Default User => 16677 B All Users => 0 B systemprofile => 115778 B LocalService => 840 B NetworkService => 66164 B az => 255065 B poi => 319359642 B ewq => 213435 B UpdatusUser => 16677 B UpdatusUser => 0 B Administrator => 33061 B RecycleBin => 3426616 B EmptyTemp: => 629.5 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 17:21:03 ====
  10. Sorry, couldn't get around to working on this yesterday. I went ahead and "cleaned" with ESET; no apology necessary, but thanks. Not sure what you mean regarding NvCplDaemon and adjusting the video card. I have to use the NVIDIA control panel to fit the screen to my television. I actually have problems getting games to fit the screen still. It cuts things off on the sides and top/bottom. But that may not have anything to do with Daemon. Here are the FRST and addition logs: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-12-2016 Ran by poi (administrator) on FLOYD (05-12-2016 13:51:55) Running from C:\Documents and Settings\poi\Desktop Loaded Profiles: poi & UpdatusUser (Available Profiles: az & poi & ewq & UpdatusUser & Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe () C:\Program Files\USB TV\EM28XX\BDARemote.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [17887232 2009-06-25] (Realtek Semiconductor Corp.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1632360 2011-07-05] () HKLM\...\Policies\Explorer: [NoComputersNearMe] 0 HKU\S-1-5-21-1123561945-2111687655-725345543-1008\...\Run: [Zoom] => 0 HKU\S-1-5-21-1123561945-2111687655-725345543-1008\...\Policies\Explorer: [NoComputersNearMe] 0 ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-11-15] (AVAST Software) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2007-09-11] ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BDARemote.lnk [2010-05-26] ShortcutTarget: BDARemote.lnk -> C:\Program Files\USB TV\EM28XX\BDARemote.exe () Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2007-09-11] ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) GroupPolicy: Restriction ? <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{A9B57C27-3A8D-4410-BF03-21FBC3F1992C}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1123561945-2111687655-725345543-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1123561945-2111687655-725345543-1008\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: [S-1-5-21-1123561945-2111687655-725345543-1089] ATTENTION => Default URLSearchHook is missing SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-11-15] (AVAST Software) DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269795619093 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation) Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-13] (Microsoft Corporation) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Documents and Settings\poi\Application Data\Mozilla\Firefox\Profiles\wxaz6z55.default [2016-12-05] FF DefaultSearchEngine: C:\Documents and Settings\poi\Application Data\Mozilla\Firefox\Profiles\wxaz6z55.default -> Google FF DefaultSearchEngine.US: C:\Documents and Settings\poi\Application Data\Mozilla\Firefox\Profiles\wxaz6z55.default -> Google FF Homepage: C:\Documents and Settings\poi\Application Data\Mozilla\Firefox\Profiles\wxaz6z55.default -> about:blank FF Extension: (Classic Theme Restorer) - C:\Documents and Settings\poi\Application Data\Mozilla\Firefox\Profiles\wxaz6z55.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-11-30] FF Extension: (Blur) - C:\Documents and Settings\poi\Application Data\Mozilla\Firefox\Profiles\wxaz6z55.default\Extensions\donottrackplus@abine.com.xpi [2016-12-01] FF Extension: (Adblock Plus) - C:\Documents and Settings\poi\Application Data\Mozilla\Firefox\Profiles\wxaz6z55.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-30] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-01-14] [not signed] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-11-15] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-16] () FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1123561945-2111687655-725345543-1008: @zoom.us/ZoomVideoPlugin -> C:\Documents and Settings\poi\Application Data\Zoom\bin\npzoomplugin.dll [2016-11-09] (Zoom Video Communications, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [270016 2016-11-16] (Adobe Systems Incorporated) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-11-15] (AVAST Software) S4 Belkin Wireless USB Network Adapter Service; C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe [49152 2004-03-29] () [File not signed] R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed] R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2255464 2011-08-03] (NVIDIA Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [20747 2007-09-11] (Meetinghouse Data Communications) [File not signed] S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4017536 2006-08-18] (Realtek Semiconductor Corp.) S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2009-06-25] (Creative) S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34008 2016-11-15] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [92256 2016-11-15] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-11-15] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [60424 2016-11-15] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [735488 2016-11-15] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [433768 2016-11-15] (AVAST Software) R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [184592 2016-11-15] (AVAST Software) S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [66688 2016-11-15] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224752 2016-11-15] (AVAST Software) S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2009-09-30] (Avanquest Software) [File not signed] S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R2 CDRPDACC; C:\Program Files\321Studios\Shared\CDRPDACC.SYS [4633 2002-07-25] (Arrowkey) [File not signed] S3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation) R2 HPFECP13; C:\WINDOWS\System32\drivers\HPFECP13.SYS [52800 1998-09-25] () [File not signed] S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51056 2003-05-14] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2003-05-14] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21488 2003-05-14] (HP) R3 L1c; C:\WINDOWS\System32\DRIVERS\l1c51x86.sys [44032 2009-07-27] (Atheros Communications, Inc.) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2009-06-25] (Creative Technology Ltd.) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R3 NTIDrvr; C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys [6912 2007-09-11] (NewTech Infosystems, Inc.) [File not signed] S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation) R0 nvatabus; C:\WINDOWS\System32\DRIVERS\nvatabus.sys [54656 2003-06-18] (NVIDIA Corporation) [File not signed] S3 NVENET; C:\WINDOWS\System32\DRIVERS\NVENET.sys [97280 2003-05-27] (NVIDIA Corporation) [File not signed] R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [123840 2012-04-18] (NVIDIA Corporation) R0 nv_agp; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [21120 2003-05-27] (NVIDIA Corporation) [File not signed] R3 Pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [33376 2007-09-11] (VSO Software) [File not signed] R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [21248 2003-09-19] (Padus, Inc.) [File not signed] S3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [232192 2005-08-02] (Ralink Technology, Corp.) [File not signed] S3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [74496 2005-03-04] (Realtek Semiconductor Corporation ) S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra 2002 Professional\sandra.sys [9600 2001-10-30] (SiSoftware) [File not signed] R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [716272 2008-08-15] () [File not signed] S3 xbreader; C:\WINDOWS\System32\Drivers\xbreader.sys [19677 2001-01-02] (Thesycon GmbH, Germany) [File not signed] S3 catchme; \??\C:\DOCUME~1\poi\LOCALS~1\Temp\catchme.sys [X] S3 gdrv; \??\C:\WINDOWS\gdrv.sys [X] S3 hSONYPVh; \??\C:\DOCUME~1\poi\LOCALS~1\Temp\hSONYPVh.sys [X] S4 IntelIde; no ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-05 13:51 - 2016-12-05 13:52 - 00013691 _____ C:\Documents and Settings\poi\Desktop\FRST.txt 2016-12-05 13:51 - 2016-12-05 13:51 - 01761792 _____ (Farbar) C:\Documents and Settings\poi\Desktop\FRST.exe 2016-12-05 13:37 - 2016-12-05 13:37 - 00000000 ____D C:\Documents and Settings\poi\Desktop\FRST-OlderVersion 2016-12-03 16:19 - 2016-12-03 16:24 - 00000913 _____ C:\Documents and Settings\poi\Desktop\SALog.txt 2016-12-03 14:20 - 2016-12-03 14:20 - 00000500 _____ C:\Documents and Settings\poi\Desktop\eset log.txt 2016-12-03 12:26 - 2016-12-03 12:26 - 00000000 ____D C:\Documents and Settings\poi\Local Settings\Application Data\ESET 2016-12-03 12:25 - 2016-12-03 12:25 - 06761600 _____ (ESET spol. s r.o.) C:\Documents and Settings\poi\Desktop\esetonlinescanner_enu.exe 2016-12-01 07:22 - 2016-12-01 07:22 - 00106496 _____ C:\WINDOWS\Minidump\Mini120116-01.dmp 2016-11-30 12:57 - 2016-12-03 12:28 - 00001386 _____ C:\Documents and Settings\poi\Desktop\notes on dt.txt 2016-11-19 10:42 - 2016-11-19 10:42 - 00000178 ___SH C:\Documents and Settings\UpdatusUser\ntuser.ini 2016-11-19 10:42 - 2016-11-19 10:42 - 00000000 ____D C:\Documents and Settings\UpdatusUser 2016-11-19 10:42 - 2013-09-06 14:46 - 00000000 ____D C:\Documents and Settings\UpdatusUser\Local Settings\temp 2016-11-19 10:42 - 2010-10-22 00:57 - 00000000 __SHD C:\Documents and Settings\UpdatusUser\IETldCache 2016-11-19 10:42 - 2008-07-30 22:56 - 00000000 ____D C:\Documents and Settings\UpdatusUser\Application Data\Macromedia 2016-11-19 10:42 - 2007-09-11 09:42 - 00001609 _____ C:\Documents and Settings\UpdatusUser\Start Menu\Programs\Remote Assistance.lnk 2016-11-19 10:42 - 2007-09-11 09:42 - 00000802 _____ C:\Documents and Settings\UpdatusUser\Start Menu\Programs\Windows Media Player.lnk 2016-11-19 10:42 - 2007-09-11 04:34 - 00000000 ____D C:\Documents and Settings\UpdatusUser\My Documents 2016-11-19 10:41 - 2011-08-03 05:49 - 00600680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\easyupdatusapiu.dll 2016-11-19 10:16 - 2016-11-19 10:18 - 220236624 _____ (NVIDIA Corporation) C:\Documents and Settings\poi\Desktop\361.43-desktop-winxp-32bit-international.exe 2016-11-19 10:06 - 2016-03-19 14:42 - 06253721 _____ C:\WINDOWS\system32\nvcoproc.bin 2016-11-19 10:05 - 2012-05-15 04:18 - 17543168 _____ (NVIDIA Corporation) C:\Documents and Settings\poi\Desktop\nvcompiler.dll 2016-11-19 09:35 - 2016-03-21 21:44 - 17531392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2016-11-19 09:35 - 2016-03-21 21:44 - 01068600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco3236472.dll 2016-11-19 09:35 - 2016-03-21 21:44 - 00925752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco3236472.dll 2016-11-19 09:32 - 2016-11-19 09:33 - 214523288 _____ (NVIDIA Corporation) C:\Documents and Settings\poi\Desktop\364.72-desktop-winxp-32bit-international.exe 2016-11-17 11:00 - 2016-11-17 11:00 - 00000000 ____D C:\Documents and Settings\poi\Start Menu\Programs\Zoom 2016-11-16 17:34 - 2016-11-16 17:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache 2016-11-16 17:18 - 2016-11-16 17:20 - 219985952 _____ (NVIDIA Corporation) C:\Documents and Settings\poi\Desktop\368.81-desktop-winxp-32bit-international.exe 2016-11-15 18:42 - 2016-11-15 18:42 - 00000000 ____D C:\Documents and Settings\poi\Application Data\AVAST Software 2016-11-15 18:41 - 2016-11-15 18:41 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk 2016-11-15 18:41 - 2016-11-15 18:41 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software 2016-11-15 18:40 - 2016-12-05 11:39 - 00000310 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2016-11-15 18:40 - 2016-11-15 18:40 - 00735488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2016-11-15 18:40 - 2016-11-15 18:40 - 00433768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2016-11-15 18:40 - 2016-11-15 18:40 - 00224752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys 2016-11-15 18:40 - 2016-11-15 18:40 - 00184592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStmXP.sys 2016-11-15 18:40 - 2016-11-15 18:40 - 00092256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2016-11-15 18:40 - 2016-11-15 18:40 - 00066688 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2016-11-15 18:40 - 2016-11-15 18:40 - 00064272 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys 2016-11-15 18:40 - 2016-11-15 18:40 - 00060424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2016-11-15 18:40 - 2016-11-15 18:40 - 00034008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2016-11-15 18:40 - 2016-11-15 18:39 - 00319760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2016-11-15 18:39 - 2016-11-15 18:39 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2016-11-15 18:39 - 2016-11-15 18:39 - 00000000 ____D C:\Program Files\AVAST Software 2016-11-15 18:36 - 2016-11-15 18:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software 2016-11-15 18:30 - 2016-11-15 18:30 - 00000000 ____D C:\Documents and Settings\poi\SafeZone Installer 2016-11-15 18:03 - 2016-11-15 18:03 - 00106496 _____ C:\WINDOWS\Minidump\Mini111516-01.dmp 2016-11-15 17:59 - 2016-11-15 17:59 - 00000000 ____D C:\6b02c2329c9154449815253b 2016-11-15 16:52 - 2016-11-19 10:36 - 00000470 _____ C:\WINDOWS\system32\nvAppTimestamps 2016-11-15 15:16 - 2016-11-15 15:16 - 07344400 _____ (AVAST Software) C:\Documents and Settings\poi\Desktop\avastclear.exe 2016-11-15 15:11 - 2016-11-15 18:37 - 06334648 _____ (AVAST Software) C:\Documents and Settings\poi\Desktop\avast_free_antivirus_setup_online.exe 2016-11-15 14:10 - 2016-12-03 12:23 - 00749796 _____ C:\Documents and Settings\poi\Desktop\Minidump.zip 2016-11-15 14:02 - 2016-11-15 14:02 - 00009112 _____ C:\VEW.txt 2016-11-15 13:54 - 2016-11-15 13:54 - 00061440 _____ ( ) C:\Documents and Settings\poi\Desktop\VEW.exe 2016-11-14 16:06 - 2016-11-14 16:06 - 00001116 _____ C:\Documents and Settings\poi\Desktop\MBAM lob 11-14-16b.txt 2016-11-14 16:04 - 2016-11-14 16:04 - 00001116 _____ C:\Documents and Settings\poi\Desktop\MBAM log 11-14-16a.txt 2016-11-14 10:35 - 2016-12-05 13:51 - 00000000 ____D C:\FRST 2016-11-14 10:29 - 2016-11-14 14:50 - 00001115 _____ C:\Documents and Settings\poi\Desktop\mbam log 11-14-16.txt 2016-11-14 09:43 - 2016-11-14 09:45 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-11-10 22:53 - 2016-11-10 22:53 - 00000005 _____ C:\Documents and Settings\poi\Desktop\nw22560.txt 2016-11-10 11:02 - 2016-11-11 16:17 - 01073664 _____ C:\Documents and Settings\poi\Desktop\B714F600 2016-11-10 11:02 - 2016-11-10 13:16 - 01073664 _____ C:\Documents and Settings\poi\Desktop\2016.10.31.xls 2016-11-10 10:58 - 2016-11-10 10:58 - 00014336 _____ C:\Documents and Settings\poi\My Documents\Book1 (version 1).xls 2016-11-10 10:57 - 2016-11-10 10:57 - 00847102 _____ C:\Documents and Settings\poi\Desktop\2016.10.31.Tables.xlsx 2016-11-10 10:08 - 2016-11-17 10:59 - 17764880 _____ (Microsoft Corporation) C:\Documents and Settings\poi\Desktop\ZoomInstallerXP.exe 2016-11-09 01:08 - 2016-11-09 01:08 - 00106496 _____ C:\WINDOWS\Minidump\Mini110916-01.dmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-05 13:52 - 2013-09-06 14:46 - 00000000 ____D C:\Documents and Settings\poi\Local Settings\temp 2016-12-05 13:15 - 2014-10-07 10:28 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-12-05 12:18 - 2014-04-22 21:07 - 00000260 _____ C:\WINDOWS\Tasks\WGASetup.job 2016-12-05 12:18 - 2014-04-02 00:28 - 00000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2016-12-05 11:39 - 2007-09-11 09:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-12-05 11:39 - 2001-08-23 06:00 - 00002262 _____ C:\WINDOWS\system32\wpa.dbl 2016-12-04 04:34 - 2010-03-12 00:46 - 00000278 ___SH C:\Documents and Settings\poi\ntuser.ini 2016-12-04 04:34 - 2010-03-12 00:46 - 00000000 ____D C:\Documents and Settings\poi 2016-12-04 04:34 - 2007-09-11 09:53 - 00032576 _____ C:\WINDOWS\SchedLgU.Txt 2016-12-03 16:36 - 2010-03-12 00:46 - 00000000 ___RD C:\Documents and Settings\poi\My Documents 2016-12-03 14:35 - 2007-09-11 10:43 - 00002489 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk 2016-12-01 07:22 - 2011-04-05 14:43 - 00000000 ____D C:\WINDOWS\Minidump 2016-11-30 14:00 - 2012-04-17 00:43 - 00000000 ____D C:\Documents and Settings\poi\Start Menu\Programs\Steam 2016-11-30 13:06 - 2012-04-17 00:12 - 00000000 ____D C:\Program Files\Steam 2016-11-30 12:14 - 2012-07-09 07:57 - 00280388 _____ C:\WINDOWS\system32\nvdrsdb0.bin 2016-11-30 12:14 - 2012-07-09 07:57 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin 2016-11-19 11:38 - 2009-07-23 07:07 - 00776228 _____ C:\WINDOWS\ntbtlog.txt 2016-11-19 10:42 - 2012-07-09 07:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NVIDIA 2016-11-19 10:42 - 2012-07-09 07:57 - 00280388 _____ C:\WINDOWS\system32\nvdrsdb1.bin 2016-11-19 10:42 - 2012-07-09 07:56 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2016-11-19 10:42 - 2007-09-11 04:33 - 00000000 ____D C:\Documents and Settings 2016-11-19 10:42 - 2007-09-11 04:30 - 00000000 ___HD C:\WINDOWS\inf 2016-11-19 10:42 - 2007-09-11 04:30 - 00000000 ____D C:\WINDOWS\Help 2016-11-19 10:41 - 2007-09-11 04:30 - 00000000 RSHDC C:\WINDOWS\system32\dllcache 2016-11-19 10:07 - 2007-09-11 15:29 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups 2016-11-19 10:05 - 2010-05-27 02:05 - 00000000 ____D C:\Temp 2016-11-19 09:28 - 2007-09-11 04:34 - 00589028 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-11-17 11:00 - 2016-07-22 08:25 - 00000000 ____D C:\Documents and Settings\poi\Application Data\Zoom 2016-11-17 10:59 - 2016-10-28 14:04 - 00133768 _____ (Zoom Video Communications, Inc.) C:\Documents and Settings\poi\Desktop\Zoom_launcher.exe 2016-11-16 16:58 - 2012-04-10 16:12 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2016-11-16 16:58 - 2011-08-16 19:18 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2016-11-16 16:57 - 2016-02-20 02:41 - 00000000 ____D C:\Documents and Settings\poi\Desktop\New Folder 2016-11-16 16:57 - 2007-09-11 09:41 - 00000000 ____D C:\WINDOWS\system32\Macromed 2016-11-15 18:00 - 2011-04-04 22:42 - 00000000 ____D C:\Documents and Settings\ewq 2016-11-15 18:00 - 2009-07-23 07:12 - 00000000 ____D C:\Documents and Settings\Administrator 2016-11-15 18:00 - 2007-09-11 09:54 - 00000000 ____D C:\Documents and Settings\az 2016-11-15 18:00 - 2007-09-11 09:53 - 00000000 __SHD C:\Documents and Settings\NetworkService 2016-11-15 18:00 - 2007-09-11 09:53 - 00000000 __SHD C:\Documents and Settings\LocalService 2016-11-15 18:00 - 2007-09-11 09:39 - 00000000 ____D C:\WINDOWS\Registration 2016-11-15 13:44 - 2016-08-22 10:01 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-11-14 09:44 - 2012-05-03 14:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2016-11-14 09:35 - 2013-09-06 14:46 - 00000000 ____D C:\Documents and Settings\az\Local Settings\temp 2016-11-14 09:35 - 2013-09-06 14:46 - 00000000 ____D C:\Documents and Settings\ewq\Local Settings\temp 2016-11-10 10:58 - 2007-09-11 10:43 - 00002487 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk 2016-11-08 23:43 - 2014-04-02 00:28 - 00000212 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2016-11-08 09:02 - 2016-06-30 16:45 - 00000000 ____D C:\Documents and Settings\poi\My Documents\SPH Climate 2016-11-08 07:48 - 2009-02-19 12:47 - 00000000 ____D C:\Program Files\HLM7Student 2016-11-08 07:48 - 2009-02-19 12:47 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SSI, Inc 2016-11-07 15:40 - 2011-04-04 22:42 - 00000278 ___SH C:\Documents and Settings\ewq\ntuser.ini 2016-11-07 12:16 - 2010-03-13 04:27 - 00000000 ____D C:\Documents and Settings\poi\Application Data\vlc 2016-11-05 14:56 - 2016-11-03 10:31 - 00000000 ____D C:\Documents and Settings\poi\Desktop\Audio ==================== Files in the root of some directories ======= 2010-03-12 05:46 - 2012-08-21 10:27 - 0247808 _____ () C:\Documents and Settings\poi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2008-06-22 17:42 - 2008-08-14 01:12 - 0003276 _____ () C:\Documents and Settings\All Users\Application Data\hpzinstall.log ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================ Addtion: Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-12-2016 Ran by poi (05-12-2016 13:52:24) Running from C:\Documents and Settings\poi\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) (2007-09-11 15:44:00) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1123561945-2111687655-725345543-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator ASPNET (S-1-5-21-1123561945-2111687655-725345543-1088 - Limited - Enabled) ewq (S-1-5-21-1123561945-2111687655-725345543-1010 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\ewq Guest (S-1-5-21-1123561945-2111687655-725345543-501 - Limited - Disabled) HelpAssistant (S-1-5-21-1123561945-2111687655-725345543-1000 - Limited - Disabled) az (S-1-5-21-1123561945-2111687655-725345543-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\az poi (S-1-5-21-1123561945-2111687655-725345543-1008 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\poi SUPPORT_388945a0 (S-1-5-21-1123561945-2111687655-725345543-1002 - Limited - Disabled) UpdatusUser (S-1-5-21-1123561945-2111687655-725345543-1089 - Limited - Enabled) => %SystemDrive%\Documents and Settings\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {7591db91-41f0-48a3-b128-1a293fd8233d} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated) Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden Action Replay XBOX 1.31 (HKLM\...\Action Replay XBOX_is1) (Version: - Datel Design and Development) Adobe AIR (HKLM\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated) Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated) Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated) Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.) Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated) Alarm Clock v1.0 (HKLM\...\Alarm Clock_is1) (Version: - Moore Design Lmt.) ATI AVIVO Codecs (HKLM\...\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}) (Version: 10.0.0.40103 - ATI Technologies Inc.) Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software) Belkin 54g USB Network Adapter (HKLM\...\{38DFF723-C0B1-44AB-A927-62EDB033908F}) (Version: - ) Command & Conquer Red Alert 2 (HKLM\...\Red Alert 2) (Version: - ) Command & Conquer Tiberian Sun (HKLM\...\Tiberian Sun) (Version: - ) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation) CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.) Deus Ex - Invisible War (HKLM\...\{47BE1E5F-8978-484B-BE86-B616C00EA75A}) (Version: 1.00.0000 - ) Deus Ex (HKLM\...\Deus Ex) (Version: - ) Deus Ex: Game of the Year Edition (HKLM\...\Steam App 6910) (Version: - Ion Storm) Deus Ex: Human Revolution - The Missing Link (HKLM\...\Steam App 201280) (Version: - Eidos Montreal) Deus Ex: Human Revolution (HKLM\...\Steam App 28050) (Version: - Eidos Montreal) Deus Ex: Revision (HKLM\...\Steam App 397550) (Version: - Ion Storm) Deus Ex: The Fall (HKLM\...\Steam App 258180) (Version: - Square Enix) DVD Flick (HKLM\...\DVD Flick_is1) (Version: 1.3.0.0 - ) DVD X Rescue (HKLM\...\DVD X Rescue) (Version: 2.1.0 - 321 Studios) <==== ATTENTION DVDXCopy Platinum 3.2.1 (HKLM\...\DVDXCopyPlatinum) (Version: - ) ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer) ffdshow [rev 3200] [2010-01-12] (HKLM\...\ffdshow_is1) (Version: 1.0.0.3200 - ) High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation) Hitman: Codename 47 (HKLM\...\Steam App 6900) (Version: - IO Interactive) HLM 7 for Windows (X86 Student) (HKLM\...\{1D85FF63-55A4-4891-8372-CD891FCA4EDE}) (Version: 7.01 - SSI, Inc.) HP DeskJet 710C Series (Remove only) (HKLM\...\HP DeskJet 710C Series) (Version: - ) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation) Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Mozilla Firefox 47.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0.2.6148 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation) MyProfessionalBusinessCards (HKLM\...\{D3440743-FCC9-4BFC-B630-4EFC0C1A8D44}) (Version: 4.0.0.0 - Elibrium, LLC) NTI Backup NOW! 3 (HKLM\...\InstallShield_{4E68EAA3-775A-4542-A08A-47DB8E8E74A6}) (Version: 3.0.53 - NewTech Infosystems) NTI Backup NOW! 3 (Version: 3.0.53 - NewTech Infosystems) Hidden NTI DriveBackup! 3 (HKLM\...\InstallShield_{8FDD2A92-9F75-4706-B8C2-08499A9863E6}) (Version: 3.0 - NewTech Infosystems) NTI DriveBackup! 3 (Version: 3.0 - NewTech Infosystems) Hidden NTI DVD Player (HKLM\...\{D31612BB-C6D7-4142-96AE-16DB062354CF}) (Version: - ArcSoft) NTI DVD-Maker (Version: 6 - NewTech Infosystems) Hidden NTI DVD-Maker Gold (HKLM\...\InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}) (Version: 6 - NewTech Infosystems) NTI HomeVideo-Maker (HKLM\...\{C7C2B282-DC3C-4837-9DFC-9E3D90DB2C44}) (Version: - ) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - ) NVIDIA Graphics Driver 280.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 280.26 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.16.0 - NVIDIA Corporation) NVIDIA nForce Drivers (HKLM\...\NVIDIA nForce Drivers) (Version: - ) NVIDIA nView 135.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 135.94 - NVIDIA Corporation) NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation) NVIDIA Update 1.4.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.4.28 - NVIDIA Corporation) Panda USB Vaccine 1.0.1.4 (HKLM\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security) QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.28 - Realtek Semiconductor Corp.) REALTEK Gigabit and Fast Ethernet NIC Driver (HKLM\...\{94FB906A-CF42-4128-A509-D353026A607E}) (Version: 1.70 - REALTEK Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5874 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.47 - Piriform) Return to Castle Wolfenstein (HKLM\...\Return to Castle Wolfenstein) (Version: 1.0 - Activision, Inc.) Revo Uninstaller 1.94 (HKLM\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group) SafeZone Stable 1.48.2066.98 (Version: 1.48.2066.98 - Avast Software) Hidden SiSoftware Sandra 2002 Professional (HKLM\...\san_pro_2002) (Version: - ) Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version: - ) USB Video Driver (HKLM\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: 1.00 - EETI) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) WebFldrs XP (Version: 9.50.5318 - Microsoft Corporation) Hidden Westwood Shared Internet Components (HKLM\...\WOLAPI) (Version: - ) WinASO Registry Optimizer 3.2 (HKLM\...\WinASO Registry Optimizer 3.2_is1) (Version: - X.M.Y International LLC) Windows Driver Package - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0) (HKLM\...\9722CA1E8F72F362E93CBEC75A707FDABFC8D880) (Version: 08/31/2007 5.7.0831.0 - Advanced Micro Devices, Inc.) Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0) (HKLM\...\69083DC58646DE46A09847A522A1CC487F918039) (Version: 08/31/2007 5.7.0831.0 - eMPIA Technology Inc,) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) Yahoo! Detect (HKLM\...\YTdetect) (Version: - ) Zoom (HKU\S-1-5-21-1123561945-2111687655-725345543-1008\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1459987643.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe Task: C:\WINDOWS\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe <==== ATTENTION ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Deus Ex\Deus Ex Web Page.lnk -> hxxp://www.deusex.com/ Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Deus Ex\Eidos Games Web Page.lnk -> hxxp://www.eidosgames.com/ Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Deus Ex\Eidos Interactive Store Web Page.lnk -> hxxp://www.eidosstore.com/ Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Deus Ex\Eidos Interactive Web Page.lnk -> hxxp://www.eidos.com/ Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Deus Ex\Ion Storm Web Page.lnk -> hxxp://www.ionstorm.com/ Shortcut: C:\Documents and Settings\All Users\Start Menu\Programs\Deus Ex\Planet Deus Ex Web Page.lnk -> hxxp://www.planetdeusex.com/ ==================== Loaded Modules (Whitelisted) ============== 2016-11-15 18:39 - 2016-11-15 18:39 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-12-05 11:41 - 2016-12-05 11:41 - 03066880 _____ () C:\Program Files\AVAST Software\Avast\defs\16120500\algo.dll 2016-11-15 18:39 - 2016-11-15 18:39 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-08-03 21:49 - 2016-01-22 15:56 - 00089008 _____ () C:\WINDOWS\system32\cpwmon2k.dll 1998-09-25 02:56 - 1998-09-25 02:56 - 00048292 _____ () C:\WINDOWS\system32\HPFlpm13.dll 1998-09-25 02:56 - 1998-09-25 02:56 - 00072368 _____ () C:\WINDOWS\system32\HPFCOM13.DLL 1998-09-25 02:56 - 1998-09-25 02:56 - 00033384 _____ () C:\WINDOWS\system32\HPFIOP13.DLL 1998-09-25 02:56 - 1998-09-25 02:56 - 00137232 _____ () C:\WINDOWS\system32\HPFMLC13.dll 1998-09-25 02:56 - 1998-09-25 02:56 - 00057240 _____ () C:\WINDOWS\system32\HPFMEM13.dll 2008-06-22 20:30 - 2016-09-20 00:22 - 00043520 _____ () C:\WINDOWS\system32\CmdLineExt03.dll 2012-07-09 07:58 - 2011-07-05 10:08 - 00355432 _____ () C:\Program Files\NVIDIA Corporation\nView\nvshell.dll 2016-11-15 18:39 - 2016-11-15 18:39 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2010-05-26 14:20 - 2007-06-26 12:22 - 00081997 _____ () C:\Program Files\USB TV\EM28XX\BDARemote.exe 2008-08-13 23:09 - 2008-04-13 18:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll 2008-08-13 23:09 - 2013-01-02 00:49 - 01292288 _____ () C:\WINDOWS\System32\quartz.dll 2016-11-16 16:58 - 2016-11-16 16:58 - 19640512 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_207.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com There are 5505 more sites. IE restricted site: HKU\S-1-5-19\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-19\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-19\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-19\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-19\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-19\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-19\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-19\...\1-extreme.biz -> www.1-extreme.biz IE restricted site: HKU\S-1-5-19\...\1001-search.info -> www.1001-search.info IE restricted site: HKU\S-1-5-19\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-19\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-19\...\123topsearch.com -> www.123topsearch.com IE restricted site: HKU\S-1-5-19\...\132.com -> www.132.com IE restricted site: HKU\S-1-5-19\...\136136.net -> down.136136.net IE restricted site: HKU\S-1-5-19\...\139mm.com -> www.139mm.com IE restricted site: HKU\S-1-5-19\...\163ns.com -> ert0003.e76.163ns.com IE restricted site: HKU\S-1-5-19\...\17-plus.com -> 17-plus.com IE restricted site: HKU\S-1-5-19\...\171203.com -> 171203.com IE restricted site: HKU\S-1-5-19\...\1800searchonline.com -> www.1800searchonline.com There are 4003 more sites. IE restricted site: HKU\S-1-5-20\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-20\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-20\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-20\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-20\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-20\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-20\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-20\...\1-extreme.biz -> www.1-extreme.biz IE restricted site: HKU\S-1-5-20\...\1001-search.info -> www.1001-search.info IE restricted site: HKU\S-1-5-20\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-20\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-20\...\123topsearch.com -> www.123topsearch.com IE restricted site: HKU\S-1-5-20\...\132.com -> www.132.com IE restricted site: HKU\S-1-5-20\...\136136.net -> down.136136.net IE restricted site: HKU\S-1-5-20\...\139mm.com -> www.139mm.com IE restricted site: HKU\S-1-5-20\...\163ns.com -> ert0003.e76.163ns.com IE restricted site: HKU\S-1-5-20\...\17-plus.com -> 17-plus.com IE restricted site: HKU\S-1-5-20\...\171203.com -> 171203.com IE restricted site: HKU\S-1-5-20\...\1800searchonline.com -> www.1800searchonline.com There are 4003 more sites. IE trusted site: HKU\S-1-5-21-1123561945-2111687655-725345543-1008\...\adobe.com -> hxxp://get.adobe.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2001-08-23 06:00 - 2012-08-09 10:38 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1123561945-2111687655-725345543-1008\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\poi\Desktop\Dell 1280x1024.bmp HKU\S-1-5-21-1123561945-2111687655-725345543-1089\Control Panel\Desktop\\Wallpaper -> (None) DNS Servers: 192.168.1.1 Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) StandardProfile\AuthorizedApplications: [C:\Program Files\SiSoftware\SiSoftware Sandra 2002 Professional\sandra.exe] => Disabled:SiSoftware Sandra(tm) Fat Client. StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\Steam.exe] => Enabled:Steam StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Enabled:Microsoft Management Console StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\SteamApps\common\dxhrml\dxhrml.exe] => Enabled:Deus Ex: Human Revolution - The Missing Link StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\SteamApps\common\deus ex - human revolution\dxhr.exe] => Enabled:Deus Ex: Human Revolution StandardProfile\AuthorizedApplications: [C:\DeusEx\System\DeusEx.exe] => Disabled:DeusEx StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\SteamApps\common\Hitman Codename 47\Hitman.Exe] => Enabled:Hitman: Codename 47 StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\SteamApps\common\Hitman Codename 47\Setup.exe] => Enabled:Hitman: Codename 47 StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\SteamApps\common\Deus Ex\System\DeusEx.exe] => Enabled:Deus Ex: Game of the Year Edition StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\SteamApps\common\Deus Ex The Fall\DeusEx_steam.exe] => Enabled:Deus Ex: The Fall StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\bin\steamwebhelper.exe] => Enabled:Steam Web Helper StandardProfile\AuthorizedApplications: [C:\Documents and Settings\poi\Application Data\Zoom\bin\Zoom.exe] => Enabled:Zoom Meetings StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox) StandardProfile\AuthorizedApplications: [C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe] => Enabled:Daemonu.exe StandardProfile\AuthorizedApplications: [C:\Program Files\Steam\SteamApps\common\Deus Ex\System\Revision.exe] => Enabled:Deus Ex: Revision StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007 StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008 ==================== Restore Points ========================= 11-10-2016 13:09:28 System Checkpoint 13-10-2016 08:46:06 System Checkpoint 16-10-2016 02:05:16 System Checkpoint 18-10-2016 10:43:00 System Checkpoint 13-10-2016 07:30:01 System Checkpoint 18-10-2016 19:48:31 System Checkpoint 20-10-2016 09:36:33 System Checkpoint 22-10-2016 11:12:00 System Checkpoint 24-10-2016 11:03:43 System Checkpoint 24-10-2016 11:29:17 Installed Windows XP Wdf01009. 25-10-2016 13:04:25 System Checkpoint 27-10-2016 11:04:36 System Checkpoint 28-10-2016 17:20:00 System Checkpoint 30-10-2016 16:44:18 System Checkpoint 01-11-2016 11:51:16 System Checkpoint 02-11-2016 23:00:44 System Checkpoint 05-11-2016 06:06:35 System Checkpoint 07-11-2016 08:52:40 System Checkpoint 08-11-2016 09:37:21 System Checkpoint 10-11-2016 08:58:50 System Checkpoint 12-11-2016 05:45:55 System Checkpoint 13-11-2016 06:41:34 System Checkpoint 14-11-2016 10:20:07 System Checkpoint 15-11-2016 15:04:12 System Checkpoint 15-11-2016 15:22:13 Avast reinstall 15-11-2016 15:33:13 avast zoom restore 15-11-2016 15:58:41 Installed Windows XP Wdf01009. 15-11-2016 17:57:50 before wdf01009 restore 15-11-2016 17:58:07 Restore Operation 15-11-2016 18:41:19 Installed Windows XP Wdf01009. 16-11-2016 17:34:42 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 17-11-2016 10:50:55 Software Distribution Service 3.0 18-11-2016 10:13:50 Software Distribution Service 3.0 19-11-2016 09:27:02 Software Distribution Service 3.0 19-11-2016 09:41:09 Update to an unsigned driver 01-12-2016 10:26:19 System Checkpoint 03-12-2016 10:35:43 System Checkpoint 05-12-2016 12:10:27 System Checkpoint ==================== Faulty Device Manager Devices ============= Name: Parallel Device Description: Parallel Device Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318} Manufacturer: Service: HPFECP13 Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (11/17/2016 11:38:28 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - 1>Failed to compile: System.EnterpriseServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070020 Error: (11/15/2016 04:48:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application nvsvc32.exe, version 6.14.13.142, faulting module nvapi.dll, version 6.14.13.2101, fault address 0x000f0094. Processing media-specific event for [nvsvc32.exe!ws!] Error: (11/15/2016 04:38:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application plugin-container.exe, version 47.0.2.6148, faulting module mozglue.dll, version 47.0.2.6148, fault address 0x0000f03d. Processing media-specific event for [plugin-container.exe!ws!] Error: (08/24/2016 11:02:33 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application plugin-container.exe, version 47.0.0.5999, faulting module mozglue.dll, version 47.0.0.5999, fault address 0x0000f3ad. Processing media-specific event for [plugin-container.exe!ws!] Error: (08/20/2016 12:58:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application mbam.exe, version 2.3.125.0, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd. Processing media-specific event for [mbam.exe!ws!] Error: (06/30/2016 09:01:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application plugin-container.exe, version 47.0.0.5999, faulting module mozglue.dll, version 47.0.0.5999, fault address 0x0000f3ad. Processing media-specific event for [plugin-container.exe!ws!] Error: (06/30/2016 06:56:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application plugin-container.exe, version 47.0.0.5999, faulting module mozglue.dll, version 47.0.0.5999, fault address 0x0000f3ad. Processing media-specific event for [plugin-container.exe!ws!] Error: (03/10/2016 01:58:30 AM) (Source: MsiInstaller) (EventID: 11706) (User: FLOYD) Description: Product: Microsoft Office XP Professional with FrontPage -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP. Error: (03/10/2016 01:58:18 AM) (Source: MsiInstaller) (EventID: 11706) (User: FLOYD) Description: Product: Microsoft Office XP Professional with FrontPage -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP. Error: (02/23/2016 07:51:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application mbam.exe, version 2.3.125.0, faulting module mbamcore.dll, version 1.3.24.0, fault address 0x000ee697. Processing media-specific event for [mbam.exe!ws!] System errors: ============= Error: (12/03/2016 09:01:44 PM) (Source: Dhcp) (EventID: 1002) (User: ) Description: The IP address lease 192.168.1.4 for the Network Card with network address 6CF0495DADFF has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error: (12/03/2016 09:15:42 AM) (Source: Dhcp) (EventID: 1000) (User: ) Description: Your computer has lost the lease to its IP address 192.168.1.4 on the Network Card with network address 6CF0495DADFF. Error: (12/01/2016 01:37:40 PM) (Source: DCOM) (EventID: 10000) (User: FLOYD) Description: Unable to start a DCOM Server: {E0B8F398-BB08-4298-87F0-34502693902E}. The error: "%%2 = The system cannot find the file specified." Happened while starting this command: C:\Program Files\Messenger\msmsgs.exe -Embedding Error: (12/01/2016 07:26:24 AM) (Source: System Error) (EventID: 1003) (User: ) Description: Error code 00000024, parameter1 001902fe, parameter2 b289e2a8, parameter3 b289dfa4, parameter4 8054bfcb. Error: (12/01/2016 07:23:12 AM) (Source: 0) (EventID: 1) (User: ) Description: Event-ID 1 Error: (11/30/2016 11:43:46 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service. Error: (11/19/2016 11:43:46 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (11/19/2016 11:38:25 AM) (Source: DCOM) (EventID: 10005) (User: FLOYD) Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error: (11/19/2016 11:38:20 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "%%1084 = This service cannot be started in Safe Mode" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (11/19/2016 11:36:34 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswRvrt aswSnx aswSP aswVmm Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz Percentage of memory in use: 41% Total physical RAM: 3070.42 MB Available physical RAM: 1787.27 MB Total Virtual: 4709.58 MB Available Virtual: 3474.72 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.79 GB) (Free:37.01 GB) NTFS ==>[drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 18C15174) Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  11. okay thanks a lot for all your help today. what about the eset result? should i clean?
  12. Unfortunately I don't know the answer to either one. Should I disable it? If so, how? Also, should I "clean" the files found in ESET scan? Thanks
  13. I did a search for daemon and a number of files showed up. There is a cidaemon under system32 and a DAEMONU.EXE-0F10B80C.pf under prefetch and then a number of files under the NVIDIA folder.
  14. This is the entire folder. Do you want the newest file only? Minidump.zip
  15. This is a new entry (Dec. 1) - Mini120116-01.dmp Yeah, that screen shot was not as bad as the other. I tried to capture another one, but I was prompted that I did not have enough memory to do so. You can see in the upper left some black. That was about three times as big and the same for inside the save as box. Almost the entire save as box was not viewable. This happened when you click save to file. All of the desktop icons flicker when you click it as well. Here is the SAlog: Result of Security Analysis by Rocket Grannie (x86) Updated: 20th November, 2016 Running from:C:\Documents and Settings\poi\Desktop (16:19:00 - 12/03/2016) ***---------------------------------------------------------*** Microsoft Windows XP Professional X86 Service Pack 3 *WARNING* Windows XP is no longer supported Internet Explorer 8 Default Browser: Firefox ***------------Antivirus - Antispyware - Firewall-----------*** Avast Antivirus (Disabled - Up to Date) Windows Firewall (Enabled) *No other Firewall Installed* ***-------Security Programs - Browsers - Miscellaneous------*** Adobe Flash Player Plugin (version 23.0.0.207) Adobe Flash Player 23 ActiveX (version 23.0.0.205) Malwarebytes Anti-Malware (version 2.2.1.1043) Adobe Reader XI (version 11.0.08) is *out of Date* Firefox (version 47.0.2) is *out of Date* ***----------------Analysis Complete-------------------------*** Thanks