Jump to content

Computer shuts down while running malwarebytes


donpedro
 Share

Recommended Posts

MY computer has been booting up very slowly and running sluggish, twice now it has sht down while running MAlwarebytes scans. Here are the log fies from Farbar Recovery Scan Tool

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-12-2015
Ran by Mike (administrator) on MIKE-2EF073BDC0 (17-12-2015 07:44:41)
Running from C:\Documents and Settings\Mike\My Documents\Downloads
Loaded Profiles: Mike (Available Profiles: Mike & VIsitor & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
() C:\WINDOWS\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [1392640 2007-03-16] (Dell Inc.)
HKLM\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [90112 2006-05-10] ()
HKLM\...\Run: [] => [X]
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-02-26] (CyberLink Corp.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-04-06] (Apple Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2006-10-11] (ATI Technologies Inc.)
HKU\S-1-5-21-1004336348-583907252-839522115-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6495144 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-1004336348-583907252-839522115-1003\...\MountPoints2: {466ed869-b00f-11e4-b087-001d09bd485d} - G:\Windows\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-1004336348-583907252-839522115-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssmypics.scr [47104 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Advanced SystemCare 8] => "C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.254.251
Tcpip\..\Interfaces\{06EE9A68-EC57-4525-9570-8BEF2FF64527}: [DhcpNameServer] 192.168.254.251

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1004336348-583907252-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-1004336348-583907252-839522115-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-1004336348-583907252-839522115-1003 - (No Name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} -  No File
SearchScopes: HKU\S-1-5-21-1004336348-583907252-839522115-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: No Name -> {03EB0E9C-7A91-4381-A220-9B52B641CDB1} -> No File
BHO: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2014-10-17] (IObit)
Toolbar: HKLM - No Name - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} -  No File
Toolbar: HKLM - No Name - {10921475-03CE-4E04-90CE-E2E7EF20C814} -  No File
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1406338630405
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
Handler: skype-ie-addon-data - No CLSID Value -

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\piynwcto.default-1426165856265
FF DefaultSearchEngine.US: DuckDuckGo
FF Homepage: hxxp://www.adventure-journal.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-11-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-11-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-1004336348-583907252-839522115-1003: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-11-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2013-11-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2015-01-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2015-01-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2015-01-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2015-01-27] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2015-01-27] (Apple Inc.)
FF Extension: NoScript - C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\piynwcto.default-1426165856265\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-12-10]
FF Extension: HTTPS-Everywhere - C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\piynwcto.default-1426165856265\extensions\https-everywhere@eff.org [2015-12-10]
FF Extension: Adblock Plus - C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\piynwcto.default-1426165856265\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-11-06] [not signed]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-11-06] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-03-29] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-14]
CHR Extension: (Google Drive) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-14]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-30]
CHR Extension: (Google Search) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-01]
CHR Extension: (Bookmark Manager) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-29]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-25]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-18]
CHR Extension: (Gmail) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [1253376 2007-03-16] (Dell Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide; C:\WINDOWS\System32\DRIVERS\amdide.sys [11832 2015-01-24] (Advanced Micro Devices Inc.)
R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-07-01] (Advanced Micro Devices)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2696448 2015-01-24] (Broadcom Corporation)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2005-03-21] (Adaptec, Inc.) [File not signed]
S3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [263040 2004-08-04] () [File not signed]
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-01-24] (REALiX)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2015-12-17] (Malwarebytes)
S3 RT-USB; C:\WINDOWS\System32\drivers\RT-USB.SYS [59464 2010-06-16] (Ross-Tech LLC)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.)
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-17 07:43 - 2015-12-17 07:44 - 00000000 ___DC C:\FRST
2015-12-16 21:37 - 2015-12-16 21:37 - 00000000 ___DC C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2015-12-16 21:37 - 2015-12-16 21:37 - 00000000 ___DC C:\Documents and Settings\Administrator\Application Data\Mozilla
2015-12-16 21:31 - 2015-12-16 21:38 - 00114042 ____C C:\WINDOWS\ntbtlog.txt
2015-12-16 21:02 - 2015-12-10 13:20 - 00450613 ___RC C:\WINDOWS\system32\Drivers\etc\hosts.20151216-210144.backup
2015-12-15 17:03 - 2015-12-16 21:11 - 00000278 ____C C:\WINDOWS\wininit.ini
2015-12-14 17:28 - 2015-12-14 18:28 - 00000000 __SHD C:\WINDOWS\CSC
2015-12-14 16:53 - 2015-12-17 07:13 - 00170200 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-14 16:52 - 2015-12-15 06:05 - 00002584 ____C C:\Documents and Settings\Mike\Desktop\Rkill.txt
2015-12-14 16:50 - 2015-12-14 16:51 - 00000000 ___DC C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-14 16:50 - 2015-10-05 09:50 - 00121560 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-14 16:50 - 2015-10-05 09:50 - 00023256 ____C (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-14 16:48 - 2015-12-14 16:50 - 00000000 ___DC C:\Program Files\Malwarebytes Anti-Malware
2015-12-11 12:25 - 2015-12-11 12:25 - 00000000 ___DC C:\Documents and Settings\Default User\Local Settings\Application Data\Temp
2015-12-10 13:20 - 2004-08-04 05:00 - 00000734 ____C C:\WINDOWS\system32\Drivers\etc\hosts.20151210-132015.backup
2015-12-10 08:02 - 2015-12-10 16:35 - 00065536 ____C C:\WINDOWS\system32\config\SpybotSD.evt
2015-12-10 08:01 - 2015-12-16 21:10 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2015-12-10 07:59 - 2015-12-16 21:30 - 00000000 ___DC C:\Program Files\Spybot - Search & Destroy 2
2015-12-10 07:06 - 2015-12-10 07:06 - 00000000 ___DC C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2015-12-10 07:05 - 2015-12-10 07:05 - 00000000 ___DC C:\Program Files\Common Files\Skype
2015-12-06 14:33 - 2009-10-20 09:20 - 00265728 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SET75.tmp
2015-12-06 14:28 - 2015-12-06 14:28 - 00000081 ____C C:\DVDPATH.TXT
2015-12-04 10:54 - 2015-12-04 10:54 - 00079360 ____C C:\Documents and Settings\Mike\My Documents\timesheet5.xls
2015-12-01 10:05 - 2015-12-01 10:05 - 00095578 ____C C:\Documents and Settings\Mike\Desktop\2009Prius_sfo(1).pdf
2015-12-01 10:05 - 2015-12-01 10:05 - 00026113 ____C C:\Documents and Settings\Mike\Desktop\prius service interval.pdf
2015-11-30 14:57 - 2015-11-30 14:57 - 00355720 ____C C:\Documents and Settings\Mike\Desktop\nr_pretest.pdf
2015-11-19 16:34 - 2015-11-30 21:39 - 00031068 ____C C:\Documents and Settings\Mike\My Documents\prius buying.ods
2015-11-19 10:34 - 2015-12-04 10:52 - 00079872 ____C C:\Documents and Settings\Mike\My Documents\timesheet4.xls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-17 07:46 - 2013-09-25 17:48 - 00000000 ___DC C:\Documents and Settings\Mike\Local Settings\Temp
2015-12-17 07:44 - 2013-09-25 11:34 - 00000000 ___DC C:\WINDOWS
2015-12-17 07:40 - 2014-09-12 08:43 - 00000886 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-17 07:20 - 2015-03-24 14:45 - 00000256 ____C C:\WINDOWS\Tasks\WGASetup.job
2015-12-17 07:11 - 2014-09-12 08:43 - 00000882 ____C C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-17 07:10 - 2015-03-24 15:53 - 00000220 ____C C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-12-17 07:05 - 2013-09-25 17:47 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2015-12-17 06:00 - 2014-12-19 15:22 - 00000830 ____C C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-16 21:37 - 2015-03-24 21:06 - 00000000 ___DC C:\Documents and Settings\Administrator\Local Settings\Temp
2015-12-16 21:30 - 2014-09-11 21:04 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-12-16 21:29 - 2013-09-26 07:30 - 00458752 ____C C:\WINDOWS\system32\config\ACEEvent.evt
2015-12-16 21:29 - 2013-09-25 17:47 - 00032444 ____C C:\WINDOWS\SchedLgU.Txt
2015-12-15 19:45 - 2013-09-25 17:48 - 00000000 ___DC C:\Documents and Settings\Mike
2015-12-15 19:43 - 2014-12-10 11:16 - 00054272 __SHC C:\Documents and Settings\Mike\My Documents\Thumbs.db
2015-12-11 15:39 - 2013-09-26 10:32 - 00000000 ___DC C:\Program Files\Everything
2015-12-10 07:35 - 2013-09-25 11:34 - 00000000 __HDC C:\WINDOWS\inf
2015-12-10 07:24 - 2015-09-13 05:25 - 00000000 ___DC C:\Documents and Settings\Mike\Application Data\Skype
2015-12-10 07:06 - 2013-09-26 10:38 - 00000000 __RDC C:\Program Files\Skype
2015-12-10 07:04 - 2015-09-13 05:25 - 00000000 ___DC C:\Documents and Settings\Mike\Local Settings\Application Data\Skype
2015-12-10 07:03 - 2013-09-26 10:38 - 00000000 ___DC C:\Documents and Settings\All Users\Application Data\Skype
2015-12-08 15:00 - 2015-03-24 15:53 - 00000214 ____C C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-12-06 15:32 - 2013-10-02 08:24 - 00000000 ___DC C:\Documents and Settings\Mike\Application Data\vlc
2015-12-06 14:37 - 2015-06-18 13:36 - 00000000 ___DC C:\Documents and Settings\Mike\Application Data\dvdcss
2015-12-04 10:55 - 2013-09-25 17:48 - 00000000 __RDC C:\Documents and Settings\Mike\My Documents
2015-12-04 10:53 - 2014-01-03 01:29 - 00000000 ___DC C:\Documents and Settings\Mike\Local Settings\Application Data\CutePDF Writer
2015-12-02 21:01 - 2015-10-03 10:38 - 00000000 ___DC C:\Documents and Settings\Mike\Desktop\foooooood!
2015-12-02 12:21 - 2013-09-26 10:36 - 00000000 ___DC C:\Documents and Settings\All Users\Start Menu\Programs\Picasa 3
2015-11-23 10:06 - 2013-10-06 07:44 - 00002489 ____C C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk

==================== Files in the root of some directories =======

2014-06-20 00:05 - 2014-06-20 00:05 - 0000024 ____C () C:\Documents and Settings\Mike\Application Data\temp.ini
2013-11-17 15:33 - 2015-11-05 10:18 - 0017408 ____C () C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-12-2015
Ran by Mike (2015-12-17 07:47:00)
Running from C:\Documents and Settings\Mike\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) (2013-09-26 00:46:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1004336348-583907252-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1004336348-583907252-839522115-1005 - Limited - Enabled)
Guest (S-1-5-21-1004336348-583907252-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1004336348-583907252-839522115-1000 - Limited - Disabled)
Mike (S-1-5-21-1004336348-583907252-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Mike
SUPPORT_388945a0 (S-1-5-21-1004336348-583907252-839522115-1002 - Limited - Disabled)
VIsitor (S-1-5-21-1004336348-583907252-839522115-1004 - Limited - Enabled) => %SystemDrive%\Documents and Settings\VIsitor

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
AMD Processor Driver (HKLM\...\{C151CE54-E7EA-4804-854B-F515368B0798}) (Version: 1.3.2. - )
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1016 - )
ATI Catalyst Control Center (HKLM\...\{EF40BAC3-372B-46F4-A32D-B37CF4217CE7}) (Version: 1.2.2475.36837 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.31-061011a-053721C-Dell - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 440x 10/100 Integrated Controller (HKLM\...\{612B9183-67A9-4B44-9877-2F059E35B86A}) (Version: 10.04.01 - Broadcom Corporation)
Broadcom Driver Installation Program (HKLM\...\{153F839F-0A63-41D8-890F-7324C0E13743}) (Version: 5.60.18.9 - Broadcom)
Broadcom Management Programs (HKLM\...\{C99C0593-3B48-41D9-B42F-6E035B320449}) (Version: 10.15.03 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.100.15.8 - Dell Inc.)
Everything 1.2.1.371 (HKLM\...\Everything) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2088.1.A01B06 - )
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
Image Resizer Powertoy for Windows XP (HKLM\...\{1CB92574-96F2-467B-B793-5CEB35C40C29}) (Version: 1.00.0001 - Microsoft Corporation)
IObit Apps Toolbar v9.6 (HKLM\...\{4A2F13C3-F5C2-416B-AB75-68EAA4A5BC66}) (Version: 9.6 - Spigot, Inc.) <==== ATTENTION
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
LibreOffice 4.3.4.1 (HKLM\...\{7D983A32-F645-48AB-8E38-4ACD234F40BC}) (Version: 4.3.4.1 - The Document Foundation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Windows XP Video Decoder Checkup Utility (HKLM\...\DECCHECK) (Version:  - )
Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version:  - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Notepad++ (HKLM\...\Notepad++) (Version: 6.4.5 - Notepad++ Team)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.213.1 - Tracker Software Products Ltd)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.0 - Dell)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5210.0 - SigmaTel)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 7.16 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.16.102 - Skype Technologies S.A.)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCDS Release 12.12.2 (HKLM\...\VCDS Release 12.12) (Version: 12.12.2 - Ross-Tech)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - Ricoh Company (rimsptsk) hdc  (11/14/2006 6.00.01.04) (HKLM\...\4569969E1360D2854474C661EF9B4D54F143EB16) (Version: 11/14/2006 6.00.01.04 - Ricoh Company)
Windows Driver Package - Ross-Tech USB Driver Package (06/16/2010 2.06.02) (HKLM\...\B4DFFB06B716298277125094C48185BFE8B5A7E1) (Version: 06/16/2010 2.06.02 - Ross-Tech)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

21-12-2014 21:02:24 System Checkpoint
22-12-2014 21:09:00 System Checkpoint
24-12-2014 13:03:02 System Checkpoint
25-12-2014 14:14:23 System Checkpoint
26-12-2014 14:21:27 System Checkpoint
28-12-2014 16:45:21 System Checkpoint
29-12-2014 23:59:56 System Checkpoint
01-01-2015 18:53:05 System Checkpoint
03-01-2015 18:26:05 System Checkpoint
13-01-2015 11:38:16 System Checkpoint
15-01-2015 09:04:54 System Checkpoint
16-01-2015 09:58:46 System Checkpoint
17-01-2015 18:47:30 System Checkpoint
18-01-2015 19:33:37 System Checkpoint
19-01-2015 19:39:54 System Checkpoint
20-01-2015 22:44:31 System Checkpoint
21-01-2015 23:30:29 System Checkpoint
23-01-2015 12:23:23 System Checkpoint
24-01-2015 08:35:43 Driver Booster : Adobe Flash Player ActiveX
25-01-2015 17:10:11 System Checkpoint
27-01-2015 16:23:38 System Checkpoint
28-01-2015 17:55:21 System Checkpoint
29-01-2015 20:53:02 System Checkpoint
31-01-2015 00:24:40 System Checkpoint
01-02-2015 00:41:27 System Checkpoint
02-02-2015 12:02:04 System Checkpoint
03-02-2015 17:33:00 System Checkpoint
05-02-2015 11:20:30 System Checkpoint
06-02-2015 17:18:50 System Checkpoint
08-02-2015 14:34:28 System Checkpoint
08-02-2015 21:18:43 Installed Windows XP winusb0200.
09-02-2015 21:57:17 System Checkpoint
11-02-2015 16:08:47 avast! antivirus system restore point
11-02-2015 16:38:17 avast! antivirus system restore point
12-02-2015 16:52:24 System Checkpoint
13-02-2015 17:03:20 System Checkpoint
14-02-2015 20:31:01 System Checkpoint
15-02-2015 22:18:23 System Checkpoint
17-02-2015 09:56:37 System Checkpoint
18-02-2015 11:17:49 System Checkpoint
19-02-2015 11:36:20 System Checkpoint
20-02-2015 11:40:47 System Checkpoint
21-02-2015 13:50:49 System Checkpoint
22-02-2015 16:03:09 System Checkpoint
23-02-2015 16:23:01 System Checkpoint
24-02-2015 17:28:39 System Checkpoint
05-03-2015 06:51:52 System Checkpoint
06-03-2015 06:53:05 System Checkpoint
07-03-2015 07:28:34 System Checkpoint
08-03-2015 10:35:57 System Checkpoint
09-03-2015 13:42:19 System Checkpoint
10-03-2015 14:14:22 System Checkpoint
11-03-2015 20:39:53 IObit Uninstaller restore point
13-03-2015 05:53:31 System Checkpoint
15-03-2015 10:44:48 System Checkpoint
16-03-2015 11:15:59 System Checkpoint
17-03-2015 13:46:48 System Checkpoint
18-03-2015 15:27:44 System Checkpoint
19-03-2015 15:53:14 System Checkpoint
20-03-2015 17:56:41 System Checkpoint
21-03-2015 19:37:54 System Checkpoint
22-03-2015 20:10:17 System Checkpoint
24-03-2015 10:35:03 Installed Windows XP Service Pack 3.
24-03-2015 12:10:23 Software Distribution Service 3.0
24-03-2015 12:48:08 Removed Evernote v. 5.6.4
24-03-2015 13:44:20 Software Distribution Service 3.0
25-03-2015 07:00:30 Software Distribution Service 3.0
26-03-2015 07:00:21 Software Distribution Service 3.0
27-03-2015 07:00:19 Software Distribution Service 3.0
27-03-2015 07:36:19 Software Distribution Service 3.0
28-03-2015 08:20:44 System Checkpoint
29-03-2015 16:25:52 System Checkpoint
29-03-2015 22:08:46 Software Distribution Service 3.0
30-03-2015 07:00:20 Software Distribution Service 3.0
30-03-2015 10:46:35 Software Distribution Service 3.0
30-03-2015 21:42:50 Software Distribution Service 3.0
31-03-2015 08:28:43 Software Distribution Service 3.0
31-03-2015 09:53:21 Software Distribution Service 3.0
01-04-2015 19:24:26 Software Distribution Service 3.0
02-04-2015 05:38:27 Software Distribution Service 3.0
02-04-2015 19:24:12 Software Distribution Service 3.0
02-04-2015 20:17:03 Software Distribution Service 3.0
03-04-2015 05:40:45 Software Distribution Service 3.0
03-04-2015 22:26:03 Software Distribution Service 3.0
04-04-2015 11:46:25 Software Distribution Service 3.0
05-04-2015 07:00:18 Software Distribution Service 3.0
06-04-2015 07:00:18 Software Distribution Service 3.0
06-04-2015 20:21:28 Software Distribution Service 3.0
07-04-2015 07:00:19 Software Distribution Service 3.0
08-04-2015 07:00:19 Software Distribution Service 3.0
08-04-2015 20:14:12 Software Distribution Service 3.0
09-04-2015 23:07:15 Software Distribution Service 3.0
10-04-2015 07:00:19 Software Distribution Service 3.0
10-04-2015 11:41:05 Software Distribution Service 3.0
11-04-2015 20:17:28 Software Distribution Service 3.0
12-04-2015 07:00:18 Software Distribution Service 3.0
13-04-2015 07:00:19 Software Distribution Service 3.0
13-04-2015 17:21:53 Software Distribution Service 3.0
14-04-2015 17:26:14 System Checkpoint
14-04-2015 17:37:51 Software Distribution Service 3.0
15-04-2015 15:21:31 Software Distribution Service 3.0
16-04-2015 07:00:27 Software Distribution Service 3.0
16-04-2015 12:30:11 Software Distribution Service 3.0
16-04-2015 21:27:28 Software Distribution Service 3.0
17-04-2015 07:45:00 Software Distribution Service 3.0
17-04-2015 17:27:04 Software Distribution Service 3.0
18-04-2015 07:00:18 Software Distribution Service 3.0
18-04-2015 17:35:25 Software Distribution Service 3.0
19-04-2015 16:35:17 Software Distribution Service 3.0
20-04-2015 14:57:30 Software Distribution Service 3.0
21-04-2015 15:15:40 Software Distribution Service 3.0
21-04-2015 17:35:12 Software Distribution Service 3.0
22-04-2015 13:45:40 Software Distribution Service 3.0
22-04-2015 16:41:25 Software Distribution Service 3.0
23-04-2015 07:29:28 Software Distribution Service 3.0
23-04-2015 20:56:34 Software Distribution Service 3.0
24-04-2015 07:00:19 Software Distribution Service 3.0
25-04-2015 09:40:43 System Checkpoint
26-04-2015 11:27:02 System Checkpoint
27-04-2015 11:32:10 System Checkpoint
28-04-2015 14:45:08 System Checkpoint
29-04-2015 15:06:01 System Checkpoint
30-04-2015 20:32:23 System Checkpoint
02-05-2015 10:10:43 System Checkpoint
06-05-2015 13:25:45 System Checkpoint
10-05-2015 08:42:30 System Checkpoint
11-05-2015 09:43:32 System Checkpoint
12-05-2015 13:44:38 System Checkpoint
14-05-2015 07:33:50 System Checkpoint
16-05-2015 17:15:49 System Checkpoint
18-05-2015 16:51:06 System Checkpoint
19-05-2015 17:07:48 System Checkpoint
21-05-2015 17:02:29 System Checkpoint
23-05-2015 15:39:57 System Checkpoint
24-05-2015 16:28:41 System Checkpoint
25-05-2015 16:47:31 System Checkpoint
26-05-2015 17:15:15 System Checkpoint
29-05-2015 11:22:25 System Checkpoint
30-05-2015 16:55:12 System Checkpoint
31-05-2015 19:13:33 System Checkpoint
01-06-2015 19:17:54 System Checkpoint
02-06-2015 19:45:46 System Checkpoint
03-06-2015 21:19:29 System Checkpoint
05-06-2015 13:04:37 System Checkpoint
07-06-2015 05:08:13 System Checkpoint
08-06-2015 05:23:15 System Checkpoint
09-06-2015 05:52:51 System Checkpoint
10-06-2015 06:02:01 System Checkpoint
11-06-2015 10:19:52 System Checkpoint
12-06-2015 10:50:55 System Checkpoint
14-06-2015 16:56:22 System Checkpoint
16-06-2015 11:57:42 System Checkpoint
17-06-2015 13:09:24 System Checkpoint
18-06-2015 14:20:26 Uniblue PC Mechanic installation
19-06-2015 17:03:19 System Checkpoint
21-06-2015 10:15:11 System Checkpoint
22-06-2015 11:09:43 System Checkpoint
24-06-2015 10:29:05 System Checkpoint
25-06-2015 11:34:39 System Checkpoint
26-06-2015 11:36:08 System Checkpoint
27-06-2015 19:19:21 System Checkpoint
29-06-2015 08:29:46 System Checkpoint
30-06-2015 11:08:22 System Checkpoint
01-07-2015 11:30:13 System Checkpoint
02-07-2015 11:34:34 System Checkpoint
03-07-2015 11:38:11 System Checkpoint
07-07-2015 16:49:10 System Checkpoint
08-07-2015 17:21:17 System Checkpoint
09-07-2015 18:15:11 System Checkpoint
10-07-2015 19:33:28 System Checkpoint
11-07-2015 19:46:14 System Checkpoint
12-07-2015 20:01:17 System Checkpoint
14-07-2015 08:40:32 System Checkpoint
16-07-2015 05:49:55 System Checkpoint
18-07-2015 19:19:07 System Checkpoint
23-07-2015 21:21:04 System Checkpoint
25-07-2015 17:18:07 System Checkpoint
26-07-2015 18:14:21 System Checkpoint
05-08-2015 12:14:41 System Checkpoint
06-08-2015 12:44:10 System Checkpoint
07-08-2015 20:10:43 System Checkpoint
12-08-2015 09:13:16 System Checkpoint
13-08-2015 11:10:32 System Checkpoint
15-08-2015 05:26:33 System Checkpoint
31-08-2015 08:46:01 System Checkpoint
01-09-2015 14:09:04 System Checkpoint
02-09-2015 16:05:20 System Checkpoint
03-09-2015 16:54:29 System Checkpoint
04-09-2015 17:03:19 System Checkpoint
05-09-2015 17:51:22 System Checkpoint
06-09-2015 18:35:20 System Checkpoint
07-09-2015 21:48:10 System Checkpoint
08-09-2015 22:19:04 System Checkpoint
09-09-2015 22:53:28 System Checkpoint
11-09-2015 15:22:17 System Checkpoint
12-09-2015 17:31:49 System Checkpoint
13-09-2015 04:45:04 avast! antivirus system restore point
13-09-2015 04:53:10 Installed Windows XP Wdf01009.
14-09-2015 04:57:15 System Checkpoint
15-09-2015 09:42:47 System Checkpoint
16-09-2015 10:09:49 System Checkpoint
17-09-2015 10:31:13 System Checkpoint
18-09-2015 10:56:00 System Checkpoint
19-09-2015 18:34:59 System Checkpoint
20-09-2015 18:53:55 System Checkpoint
22-09-2015 12:21:40 System Checkpoint
23-09-2015 13:08:28 System Checkpoint
24-09-2015 20:10:06 System Checkpoint
26-09-2015 07:54:24 System Checkpoint
27-09-2015 16:44:38 System Checkpoint
29-09-2015 16:42:43 System Checkpoint
30-09-2015 20:17:20 System Checkpoint
01-10-2015 23:18:07 System Checkpoint
03-10-2015 11:45:46 System Checkpoint
04-10-2015 12:59:28 System Checkpoint
05-10-2015 13:09:45 System Checkpoint
06-10-2015 13:12:24 System Checkpoint
07-10-2015 13:52:21 System Checkpoint
08-10-2015 16:17:48 System Checkpoint
09-10-2015 17:47:01 System Checkpoint
10-10-2015 18:18:55 System Checkpoint
11-10-2015 19:04:28 System Checkpoint
12-10-2015 19:53:04 System Checkpoint
14-10-2015 11:33:10 System Checkpoint
15-10-2015 18:21:19 System Checkpoint
17-10-2015 11:03:22 System Checkpoint
21-10-2015 12:13:01 System Checkpoint
22-10-2015 08:38:08 avast! antivirus system restore point
22-10-2015 08:42:27 Installed Windows XP Wdf01009.
23-10-2015 19:40:34 System Checkpoint
26-10-2015 06:34:04 System Checkpoint
27-10-2015 10:50:31 System Checkpoint
28-10-2015 11:04:56 System Checkpoint
30-10-2015 11:01:20 System Checkpoint
31-10-2015 15:59:27 System Checkpoint
01-11-2015 16:28:00 System Checkpoint
02-11-2015 16:45:20 System Checkpoint
03-11-2015 18:38:27 System Checkpoint
04-11-2015 19:15:55 System Checkpoint
05-11-2015 20:10:49 System Checkpoint
06-11-2015 20:33:49 System Checkpoint
08-11-2015 19:50:11 System Checkpoint
09-11-2015 21:55:58 System Checkpoint
10-11-2015 22:14:04 System Checkpoint
11-11-2015 23:23:26 System Checkpoint
13-11-2015 06:30:22 System Checkpoint
14-11-2015 06:54:42 System Checkpoint
15-11-2015 12:29:32 System Checkpoint
17-11-2015 11:32:40 System Checkpoint
18-11-2015 11:45:58 System Checkpoint
19-11-2015 12:23:48 System Checkpoint
20-11-2015 13:39:11 System Checkpoint
21-11-2015 13:58:34 System Checkpoint
22-11-2015 14:35:09 System Checkpoint
24-11-2015 08:50:33 System Checkpoint
25-11-2015 19:32:28 System Checkpoint
27-11-2015 08:16:32 System Checkpoint
28-11-2015 09:04:01 System Checkpoint
29-11-2015 22:40:17 System Checkpoint
01-12-2015 21:28:29 System Checkpoint
02-12-2015 21:53:27 System Checkpoint
03-12-2015 22:50:20 System Checkpoint
04-12-2015 23:24:02 System Checkpoint
06-12-2015 16:51:50 System Checkpoint
07-12-2015 19:33:54 avast! antivirus system restore point
07-12-2015 19:48:04 Installed Windows XP Wdf01009.
09-12-2015 07:59:40 System Checkpoint
10-12-2015 07:22:15 Software Distribution Service 3.0
10-12-2015 14:47:56 Software Distribution Service 3.0
11-12-2015 15:55:27 System Checkpoint
14-12-2015 20:40:36 System Checkpoint
15-12-2015 19:48:43 TrueCrypt uninstallation
16-12-2015 21:14:20 avast! antivirus system restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-04 05:00 - 2015-12-16 21:02 - 00000842 ___RC C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1    localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-09-25 18:10 - 2007-03-16 16:10 - 00020480 ____C () C:\WINDOWS\System32\WLTRYSVC.EXE
2013-09-25 18:10 - 2007-03-16 16:10 - 00757760 ____C () C:\WINDOWS\System32\bcm1xsup.dll
2013-09-26 10:19 - 2012-10-04 17:50 - 00088688 ____C () C:\WINDOWS\system32\cpwmon2k.dll
2014-01-19 19:17 - 2014-01-19 19:17 - 00073544 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 01044776 ____C () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-06-18 08:24 - 2012-06-18 08:24 - 00260096 ____C () C:\Program Files\Notepad++\NppShell_05.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\autochk.exe:BAK

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1004336348-583907252-839522115-1003\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1004336348-583907252-839522115-1003\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1004336348-583907252-839522115-1003\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1004336348-583907252-839522115-1003\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1004336348-583907252-839522115-1003\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1004336348-583907252-839522115-1003\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1004336348-583907252-839522115-1003\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1004336348-583907252-839522115-1003\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1004336348-583907252-839522115-1003\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1004336348-583907252-839522115-1003\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1004336348-583907252-839522115-1003\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-1004336348-583907252-839522115-1003\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-1004336348-583907252-839522115-1003\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-1004336348-583907252-839522115-1003\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-1004336348-583907252-839522115-1003\...\101hotteens.com -> 101hotteens.com
IE restricted site: HKU\S-1-5-21-1004336348-583907252-839522115-1003\...\101lottery.com -> 101lottery.com
IE restricted site: HKU\S-1-5-21-1004336348-583907252-839522115-1003\...\123expressview.com -> 123expressview.com
IE restricted site: HKU\S-1-5-21-1004336348-583907252-839522115-1003\...\123found.com -> 123found.com
IE restricted site: HKU\S-1-5-21-1004336348-583907252-839522115-1003\...\123keno.com -> 123keno.com
IE restricted site: HKU\S-1-5-21-1004336348-583907252-839522115-1003\...\12don.info -> 12don.info

There are 3519 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1004336348-583907252-839522115-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.254.251
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe] => Enabled:CyberLink PowerDVD DX
DomainProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe] => Enabled:CyberLink PowerDVD DX Resident Program
StandardProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe] => Enabled:CyberLink PowerDVD DX
StandardProfile\AuthorizedApplications: [C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe] => Enabled:CyberLink PowerDVD DX Resident Program
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\MediaMonkey\MediaMonkey.exe] => Enabled:MediaMonkey
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\LibreOffice 4\program\soffice.bin] => Enabled:LibreOffice
StandardProfile\AuthorizedApplications: [C:\Program Files\Evernote\Evernote\Evernote.exe] => Enabled:Evernote
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Mike\Application Data\Spotify\spotify.exe] => Enabled:Spotify
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:'Firefox' (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype

==================== Faulty Device Manager Devices =============

Name: Modem Device on High Definition Audio Bus
Description: Modem Device on High Definition Audio Bus
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/15/2015 07:55:50 PM) (Source: MsiInstaller) (EventID: 10005) (User: MIKE-2EF073BDC0)
Description: Product: Google Earth -- Error 2318.File does not exist: C:\Program Files\Google\Google Earth\plugin\shaders\stleafmesh.cfg.

Error: (12/15/2015 07:55:13 PM) (Source: MsiInstaller) (EventID: 10005) (User: MIKE-2EF073BDC0)
Description: Product: Google Earth -- Error 2318.File does not exist: C:\Program Files\Google\Google Earth\plugin\shaders\stleafmesh.cfg.

Error: (12/15/2015 06:05:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 2.8.3.0, faulting module iexplore.exe, version 2.8.3.0, fault address 0x00066c45.
Processing media-specific event for [iexplore.exe!ws!]

Error: (12/14/2015 09:20:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 2.8.3.0, faulting module iexplore.exe, version 2.8.3.0, fault address 0x00066c45.
Processing media-specific event for [iexplore.exe!ws!]

Error: (12/14/2015 09:14:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application rkill.exe, version 2.8.3.0, faulting module rkill.exe, version 2.8.3.0, fault address 0x00066c45.
Processing media-specific event for [rkill.exe!ws!]

Error: (12/14/2015 08:06:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application rkill.com, version 2.8.3.0, faulting module rkill.com, version 2.8.3.0, fault address 0x00066c45.
Processing media-specific event for [rkill.com!ws!]

Error: (12/14/2015 05:03:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application rkill.com, version 2.8.3.0, faulting module rkill.com, version 2.8.3.0, fault address 0x00066c45.
Processing media-specific event for [rkill.com!ws!]

Error: (09/29/2015 07:16:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 41.0.0.5738, faulting module mozglue.dll, version 41.0.0.5738, fault address 0x0000ec7e.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (09/29/2015 07:16:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 41.0.0.5738, faulting module mozglue.dll, version 41.0.0.5738, fault address 0x0000ec7e.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (09/26/2015 09:53:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 41.0.0.5738, faulting module mozglue.dll, version 41.0.0.5738, fault address 0x0000ec7e.
Processing media-specific event for [plugin-container.exe!ws!]


System errors:
=============
Error: (12/17/2015 07:46:58 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (12/17/2015 07:46:33 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (12/17/2015 07:46:30 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (12/17/2015 07:46:27 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (12/17/2015 07:45:47 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (12/17/2015 07:45:45 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (12/17/2015 07:45:42 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (12/17/2015 07:45:40 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (12/17/2015 07:45:38 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (12/17/2015 07:45:36 AM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D


==================== Memory info ===========================

Processor: AMD Turion 64 X2 Mobile Technology TL-58
Percentage of memory in use: 56%
Total physical RAM: 1917.97 MB
Available physical RAM: 832.64 MB
Total Virtual: 3811.67 MB
Available Virtual: 2859.01 MB

==================== Drives ================================

Drive c: (Mike-Prime) (Fixed) (Total:117.19 GB) (Free:19.06 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: (Mike-Secondary) (Fixed) (Total:581.45 GB) (Free:453.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: 64FBE474)
Partition 1: (Active) - (Size=117.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=581.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Thank you for your help.

Donpedro

 

Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please upload them into your next reply.
Link to post
Share on other sites

2eyjdoj.png Check Disk
  • Press the WindowsKey.png + R on your keyboard at the same time. Type cmd and click OK.
  • Copy/Enter the command below and press Enter:
  • chkdsk C: /r
  • You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
  • All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.
Check Disk report:
  • Press the WindowsKey.png + R on your keyboard at the same time. Type eventvwr and click OK.
  • In the left panel, expand Windows Logs and then click on Application.
  • Now, on the right side, click on Filter Current Log.
  • Under Event Sources, check only Wininit and click OK.
  • Now you'll be presented with one or multiple Wininit logs.
  • Click on an entry corresponding to the date and time of the disk check.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.
Link to post
Share on other sites

FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please upload them into your next reply.
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.